← 返回 Skills 市场

ScopeBlind protect-mcp

Name: ScopeBlind protect-mcp
Author: tomjwxf

作者 TJF · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ 安全检测通过

137

总下载

当前安装

版本数

在 OpenClaw 中安装

/install scopeblind-protect-mcp

功能描述

MCP security gateway. Wraps any MCP server with per-tool policies, Ed25519-signed decision receipts, and human approval gates. Shadow mode logs everything wi...

使用说明 (SKILL.md)

protect-mcp — MCP Security Gateway

What This Skill Does

Wraps any MCP server as a transparent stdio proxy with per-tool security policies and cryptographic audit trail. Every tool call decision is logged and optionally Ed25519-signed.

Quick Start

# Shadow mode — log everything, block nothing
npx protect-mcp -- node your-server.js

# Enforce mode — apply per-tool policies
npx protect-mcp --policy policy.json --enforce -- node your-server.js

# Initialize signing (generates Ed25519 keypair)
npx protect-mcp init

Policy Example

{
  "tools": {
    "db_write": { "decision": "deny" },
    "file_read": { "decision": "allow", "rateLimit": { "maxCalls": 30, "windowSecs": 60 } },
    "deploy": { "decision": "require_approval" }
  }
}

Pre-built Policy Packs

protect-mcp ships CVE-anchored policy packs:

# List available policies
npx protect-mcp policies

# Apply the Clinejection prevention policy
npx protect-mcp --policy clinejection --enforce -- node your-server.js

Verify Receipts

Receipts are independently verifiable offline — no ScopeBlind dependency:

npx @veritasacta/verify receipt.json
npx @veritasacta/verify --self-test

OWASP MCP Top 10 Coverage

Risk	Control
MCP-01 Rug Pulls	Signed tool manifests; policy pins allowed tools
MCP-03 Tool Poisoning	Per-tool allow/deny/rate-limit policies
MCP-04 Tool Arg Injection	Argument inspection + approval gates
MCP-07 Auth/AuthZ	Trust-tier gating
MCP-08 Logging & Audit	Ed25519-signed receipts — verifiable offline
MCP-09 Excessive Agency	Shadow mode reveals actual tool usage

Links

npm: https://npmjs.com/package/protect-mcp
IETF Draft: https://datatracker.ietf.org/doc/draft-farley-acta-signed-receipts/
Docs: https://scopeblind.com/docs/protect-mcp
OWASP Mapping: https://scopeblind.com/docs/owasp

安全使用建议

This skill appears internally consistent: it’s a CLI tool distributed via npm and the SKILL.md uses npx/npm in ways that match the description. However, installing and running third-party npm packages executes remote code and the tool will generate signing keys and write receipts to disk. Before installing: - Verify the npm package page, maintainers, and recent release history (don’t blindly run @latest). - Inspect the package source (npm view, GitHub repo) or run it in an isolated container or VM first. - Prefer a specific pinned version rather than @latest to avoid supply-chain surprises. - Find out where the tool stores private keys/receipts and protect those files (restrict filesystem permissions, back them up if needed). - Consider running 'npx protect-mcp --help' and reviewing docs on scopeblind.com and the npm listing before global install. If you cannot verify the package authorship or are uncomfortable granting filesystem execution rights, run the tool in an isolated environment or decline installation.

能力评估

✓ Purpose & Capability

The name/description match the runtime instructions: the SKILL.md shows how to run 'protect-mcp' via npx/npm, configure policies, and initialize signing. Declaring npx in metadata and using an npm install is proportionate to a CLI tool delivered via the npm ecosystem.

ℹ Instruction Scope

Instructions tell the agent to run npx protect-mcp commands that wrap a server process, generate Ed25519 keypairs, and write receipts; they do not ask for unrelated system files or credentials. However the SKILL.md does not specify where keys/receipts are stored or how long they persist, which is important because secrecy and local file writes are involved.

ℹ Install Mechanism

The install recommendation uses npm (npm install -g protect-mcp@latest) and runtime uses npx. This is a standard distribution mechanism for CLI tools but it does mean remotely-published code will be downloaded and executed on the host. No install tarball from a random URL is used, but npm packages can still contain arbitrary install scripts — verify the package source/maintainers before installing globally.

✓ Credentials

The skill requests no environment variables or external credentials, which aligns with its intended local-proxy functionality. Caveat: the tool will generate and persist cryptographic keys and receipts locally (not declared as env/config paths), so consider where those secrets land and who can read them.

ℹ Persistence & Privilege

always:false (normal). The allowed-tools include Bash/Read/Write, which are necessary for running the proxy and creating keys/files. Installing the package globally (npm -g) writes to the system/npm directories and may require elevated permissions on some systems — run with care or use a container/virtualenv.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install scopeblind-protect-mcp
安装完成后，直接呼叫该 Skill 的名称或使用 /scopeblind-protect-mcp 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

scopeblind-protect-mcp 1.0.0 — Initial Release - Wraps any MCP server as a security gateway with per-tool policies. - Supports both shadow mode (logs all actions, does not block) and enforce mode (applies policy). - Provides cryptographically signed (Ed25519) decision receipts for all tool calls. - Includes human approval gates, rate-limits, and per-tool allow/deny decisioning. - Integrates pre-built, CVE-anchored policy packs. - Receipts are verifiable offline with no external dependency.

元数据

Slug scopeblind-protect-mcp

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题