frontpage.

also cuts tokens 93%

Claude Code's WebFetch converts HTML to markdown and runs it through a secondary model before it hits your context — but that pipeline wasn't designed as a security boundary. Turndown strips structural junk (scripts, CSS, nav chrome), but zero-width characters, fake LLM delimiters, base64-encoded payloads, and markdown exfiltration URLs all survive the conversion. And using a small LLM to filter adversarial content is the fox guarding the henhouse.

The problem gets worse outside Claude Code. API-level web_fetch, other coding tools, curl output, cloned repos — raw content flows into LLM context with no sanitization at all.

mcp-safe-fetch is an MCP server with three tools (safe_fetch, safe_read, safe_exec) that sanitize content deterministically before the LLM sees it. Regex + cheerio + turndown, no AI in the loop. Across 4 test sites: 93% average token reduction, zero false positives, all visible content preserved.

  npx -y mcp-safe-fetch init

Show HN: Xmloxide – an agent made rust replacement for libxml2

Show HN: Now I Get It – Translate scientific papers into interactive webpages

Show HN: Userscript to Display Age/Karma of HN Users

Show HN: Computer Agents – Agents that work while you sleep

Show HN: SplatHash – A lightweight alternative to BlurHash and ThumbHash

Show HN: SQLite for Rivet Actors – one database per agent, tenant, or document

Show HN: Unfucked - version all changes (by any tool) - local-first/source avail

Show HN: Claude-File-Recovery, recover files from your ~/.claude sessions

Show HN: RetroTick – Run classic Windows EXEs in the browser

Show HN: Decided to play god this morning, so I built an agent civilisation

Show HN: Gitcredits – movie-style end credits for any Git repo in your terminal

Show HN: Tomoshibi – A writing app where your words fade by firelight

Show HN: GitPop – open-source AI Git context menu for Windows (OS X coming soon)

Show HN: Explain Curl Commands

Show HN: I built a self-hosted course platform in Clojure

Show HN: I built a tool to translate and declutter articles for my immigrant mom

Show HN: Badge that shows how well your codebase fits in an LLM's context window

Show HN: I built a dashboard to track AI's impact on jobs

Show HN: I ported Manim to TypeScript (run 3b1B math animations in the browser)

Show HN: Reclaim Flowers – A 2D physics-based "Digital Altar" protocol

Show HN: Hacker Smacker – Spot great (and terrible) HN commenters at a glance

Show HN: Free, open-source native macOS client for di.fm

Show HN: InstallerStudio – Create MSI Installers Without WiX or InstallShield

Show HN: IranWarLive – Automated, serverless OSINT mapping engine

Show HN: Velora Fitness – A zero-bloat, bare-bones workout tracker

Show HN: Linex – A daily challenge: placing pieces on a board that fights back

Show HN: Memctl v0.1.0 Open source shared persistent memory for AI coding agents

Show HN: Respectify – A comment moderator that teaches people to argue better

Show HN: MCP server that strips injection vectors from LLM input

Show HN: Deff – Side-by-side Git diff review in your terminal

Show HN: MCP server that strips injection vectors from LLM input

Show HN: Xmloxide – an agent made rust replacement for libxml2

Show HN: Now I Get It – Translate scientific papers into interactive webpages

Show HN: Userscript to Display Age/Karma of HN Users

Show HN: Computer Agents – Agents that work while you sleep

Show HN: SplatHash – A lightweight alternative to BlurHash and ThumbHash

Show HN: SQLite for Rivet Actors – one database per agent, tenant, or document

Show HN: Unfucked - version all changes (by any tool) - local-first/source avail

Show HN: Claude-File-Recovery, recover files from your ~/.claude sessions

Show HN: RetroTick – Run classic Windows EXEs in the browser

Show HN: Decided to play god this morning, so I built an agent civilisation

Show HN: Gitcredits – movie-style end credits for any Git repo in your terminal

Show HN: Tomoshibi – A writing app where your words fade by firelight

Show HN: GitPop – open-source AI Git context menu for Windows (OS X coming soon)

Show HN: Explain Curl Commands

Show HN: I built a self-hosted course platform in Clojure

Show HN: I built a tool to translate and declutter articles for my immigrant mom

Show HN: Badge that shows how well your codebase fits in an LLM's context window

Show HN: I built a dashboard to track AI's impact on jobs

Show HN: I ported Manim to TypeScript (run 3b1B math animations in the browser)

Show HN: Reclaim Flowers – A 2D physics-based "Digital Altar" protocol

Show HN: Hacker Smacker – Spot great (and terrible) HN commenters at a glance

Show HN: Free, open-source native macOS client for di.fm

Show HN: InstallerStudio – Create MSI Installers Without WiX or InstallShield

Show HN: IranWarLive – Automated, serverless OSINT mapping engine

Show HN: Velora Fitness – A zero-bloat, bare-bones workout tracker

Show HN: Linex – A daily challenge: placing pieces on a board that fights back

Show HN: Memctl v0.1.0 Open source shared persistent memory for AI coding agents

Show HN: Respectify – A comment moderator that teaches people to argue better

Show HN: MCP server that strips injection vectors from LLM input

Show HN: Deff – Side-by-side Git diff review in your terminal