This isn't a bug; the MCP protocol currently just has zero security boundaries.
Letting an LLM decide if a tool is safe is like asking a suspect to write their own police report. So I spent the last few weeks building JadeGate—an open-source, transparent proxy. It uses deterministic math and static analysis instead of AI:
Policy Engine: Strict allow/deny per tool.
Call-Chain Tracking: Stops rogue recursive calls via DAG verification.
Transparent: Wraps the servers without changing your workflow.
GitHub Repo: https://github.com/JadeGate/jade-core Website: https://jadegate.io/
Our philosophy: You can't use a probabilistic tool to reliably audit another probabilistic tool. Instead, we treat an agent's skill like source code and apply the same deterministic static analysis used in compilers to prove its safety boundaries before it ever runs.
We are using BSL 1.1 converting to Apache 2.0. Would love any feedback on the static analysis approach!
coolcoder9520•1h ago
(I also have a GIF demo of it blocking a malicious tool in real-time if anyone is interested, but didn't want to clutter the main post).