Server data from the Official MCP Registry
Pre-send risk check for AI agents that move money — screen an address or payment URL before sending.
Pre-send risk check for AI agents that move money — screen an address or payment URL before sending.
The codebase implements a suite of deterministic security and utility tools for AI agents with appropriate safety mechanisms. Network access is properly scoped with SSRF guards, timeouts, and size limits. Code quality is good with input validation on package names and URL parsing. Minor code quality concerns include broad exception handling and some duplicated safety logic across files, but these do not represent security vulnerabilities. Permissions align well with the stated purpose of a finance/security toolkit. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue (1 critical, 0 high severity).
8 files analyzed · 9 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Unverified package source
We couldn't verify that the installable package matches the reviewed source code. Proceed with caution.
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-mlawsonking-payment-guard-mcp": {
"args": [
"-y",
"agent-firewall-mcp"
],
"command": "npx"
}
}
}From the project's GitHub README.
A family of deterministic tools that AI agents and developers call constantly — each exposed both as plain HTTP APIs and as an MCP server. No LLM in the loop, no API keys for the free tier, no tracking. Same input → same output. Just reliable, boring, useful tools.
| Product | What it does | Install (MCP) | Live demo | Marketplace |
|---|---|---|---|---|
| Agent Web Tools | 10 web utilities: URL→Markdown, metadata, email validate, CSS scrape, RSS, DNS/RDAP/SSL/HTTP/structured-data | npx -y web-tools-mcp | agent-tools-api.vercel.app | RapidAPI |
| Package Guard | Supply-chain guard for coding agents: verify a package exists (catch slopsquat/hallucinations), vulns/malware (OSV), typosquats, audit deps | npx -y package-guard-mcp | package-guard.vercel.app | RapidAPI |
| Agent Firewall | Input/output safety: detect prompt-injection/jailbreak, vet URLs & IPs, pwned-password (HIBP), secret/PII redaction | npx -y agent-firewall-mcp | agent-firewall-seven.vercel.app | RapidAPI |
| Payment Guard | Pre-send risk check for agents that move money: screen a crypto address (or ENS name) / payment URL for OFAC sanctions, scams, and on-chain risk before a transfer | npx -y payment-guard-mcp | payment-guard.vercel.app | RapidAPI: pending |
All four: deterministic, no LLM, free serverless tier; paid plans via RapidAPI for higher volume. The last three form the AI-agent safety suite: Package Guard (supply chain) · Agent Firewall (input/output) · Payment Guard (money).
Add any or all to your client's mcpServers config (Claude Desktop, Cursor, Claude Code, …):
{
"mcpServers": {
"agent-tools": { "command": "npx", "args": ["-y", "web-tools-mcp"] },
"package-guard": { "command": "npx", "args": ["-y", "package-guard-mcp"] },
"agent-firewall": { "command": "npx", "args": ["-y", "agent-firewall-mcp"] },
"payment-guard": { "command": "npx", "args": ["-y", "payment-guard-mcp"] }
}
}
web-tools-mcp| Tool | Endpoint | Returns |
|---|---|---|
read_url | /api/read | page → clean Markdown (RAG) |
unfurl_url | /api/meta | title/description/image/favicon |
validate_email | /api/validate-email | syntax + MX/A DNS + disposable/role |
extract_web | /api/extract | CSS-selector scrape → JSON |
get_feed | /api/feed | RSS/Atom → JSON items |
dns_lookup | /api/dns | DNS records + SPF/DMARC |
domain_info | /api/domain | RDAP: age, registrar, expiry |
ssl_check | /api/ssl | TLS cert, days-to-expiry, trust |
http_inspect | /api/http | redirect chain + security headers |
structured_data | /api/structured | JSON-LD / schema.org / OpenGraph |
Base: https://agent-tools-api.vercel.app. Code: agent-tools-mcp/ + agent-tools-api/.
package-guard-mcpverify_package (the pre-install guard), check_vulns (OSV), package_info, audit_deps, typosquat_scan.
Data: OSV.dev + npm/PyPI. Base: https://package-guard.vercel.app. Code: package-guard-mcp/ + package-guard/.
agent-firewall-mcpscan_content (prompt-injection/jailbreak/obfuscation), scan_secrets (+ PII redaction), check_url,
check_ip, check_password (HIBP k-anonymity). Data: HIBP, RDAP, Tor, Team Cymru.
Base: https://agent-firewall-seven.vercel.app. Code: agent-firewall-mcp/ + agent-firewall/.
payment-guard-mcpscreen_address (address/ENS → OFAC-sanctioned? scam? on-chain risk → verdict), screen_payment (x402/
payment URL risk), check_sanctioned (fast OFAC), resolve_name (ENS → address, screened). Data: OFAC
SDN + ethereum-lists + ScamSniffer + public RPC + ENS. Chains: ETH/Base/Polygon/Arbitrum/Optimism.
Base: https://payment-guard.vercel.app. Code: payment-guard-mcp/ + payment-guard/.
http/https only · DNS-resolved SSRF guard · request timeouts · response size caps · content-type checks. Deterministic — same input, same output. No LLM, no paid data sources. Each API is a serverless function on a free tier; the MCP servers are thin stdio wrappers that call the same endpoints.
MIT — see LICENSE. Contributions and tool suggestions welcome.
Be the first to review this server!
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.
by Microsoft · Content & Media
Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption