Hey all, If you’re running MCP servers, A2A agents, or UCP endpoints, either locally or in production, you might want to know what you’re inadvertently exposing. I built Protocol Guard, an open-source web scanner for AI agent protocols. Why it matters: Most MCP servers are set up by devs who care about functionality, not security. The scanner catches things like: Tools whose description fields contain hidden instructions that could manipulate the LLM using the server (tool poisoning, OWASP MCP03) Servers that accept unauthenticated requests and expose all tools to anyone Tool parameters that accept unconstrained shell command strings (command injection — MCP05) Sensitive file path patterns in tool names/descriptions (.ssh, .env, id_rsa, passwd) Framework/version fingerprinting in serverInfo fields Missing TLS, HSTS, and other security headers A2A agent cards with prompt injection patterns in their description fields You just paste your server URL (or agent card URL), optionally add auth credentials, and get a structured report with OWASP and MSSS control mappings. It’s fully stateless, your server URL and credentials are never stored. Repo: github.com/arananet/protocol-guard Would love feedback from people running MCP setups, especially if you find false positives or detection gaps. submitted by /u/arananet
Originally posted by u/arananet on r/ClaudeCode