Submit
82ch

MCP-Dandan - MCP Security Framework

Community 82ch
Updated

MCP Security Solution for Agentic AI — real-time proxying, behavior analysis, and malicious tool detection

MCP-Dandan - MCP Security Framework

MCP-Dandan

Overview

MCP-Dandan is an integrated monitoring service that observes MCP (Model Context Protocol) communications and detects security threats in real time. It features a modern desktop UI built with Electron for easy monitoring and management.

https://github.com/user-attachments/assets/928686ab-a5aa-4486-8d8e-d4a9592adc3e

Features

  • Real-time MCP Traffic Monitoring: Intercepts and analyzes MCP communications
  • Multi-Engine Threat Detection:
    • Command Injection Detection
    • File System Exposure Detection
    • PII Leak Detection(custom rules supported)
    • Data Exfiltration Detection
    • Tools Poisoning Detection (LLM-based)
  • Desktop UI: Electron-based application with interactive dashboard
  • Interactive Tutorial: Built-in tutorial system for new users
  • Blocking Capabilities: Real-time threat blocking with user control
  • Cross-Platform: Supports Windows, macOS, and Linux

Quick Start

Installation

# Install all dependencies (Python + Node.js)
npm run install-all

Running the Application

# Start both server and desktop UI
npm run dev

The server will start on http://127.0.0.1:8282 and the Electron desktop app will launch automatically.

Project Structure

Detection Engines

1. Command Injection Engine

Identifies potential command injection patterns in tool calls.

2. File System Exposure Engine

Monitors unauthorized file system access attempts.

3. PII Leak Engine (custom rules supported)

Detects potential PII leakage with built-in rules and optional user-defined customization.

4. Data Exfiltration Engine

Identifies suspicious data transfer patterns.

5. Tools Poisoning Engine (LLM-based)

Uses semantic analysis to detect misuse of MCP tools:

  • Compares tool specifications vs actual usage
  • Scores alignment (0-100) with detailed breakdown
  • Auto-categorizes severity: none/low/medium/high

Engine Setting

https://github.com/user-attachments/assets/3d6f2304-0a6b-492e-9f2d-bba76df98b4c

Input your MISTRAL_API_KEY to enable the Tools Poisoning Engine, and configure detection settings as needed.

Desktop UI Features

  • Real-time Dashboard: Monitor MCP traffic and threats in real time
  • Interactive Tutorial: Learn how to use the system with step-by-step guides
  • Blocking Interface: Review and control threat blocking actions
  • Settings Panel: Configure detection engines and system behavior
  • Chat Panel: Interact with the system and view logs

https://github.com/user-attachments/assets/19bcbdfb-c893-468d-a8a6-1c7b70a1c7b7

Full Documentation

For detailed explanations and technical documentation, please refer to the MCP-Dandan Wiki.

Have questions or suggestions? Please visit the Discussions tab.

MCP Server · Populars

MCP Server · New

    82ch

    MCP-Dandan - MCP Security Framework

    MCP Security Solution for Agentic AI — real-time proxying, behavior analysis, and malicious tool detection

    Community 82ch
    Vvkmnn

    claude-historian-mcp

    🤖 An MCP server for Claude Code conversation history

    Community Vvkmnn
    tommyreid622

    Polymarket Copy Trading Bot

    Polymarket trading bot: Polymarket copytrading bot, Polymarket arbitrage bot on Polymarket, Monitor real price on Polymarket and calculate prob and automatically mirror positions with intelligent sizing and safety checks on Polymarket.(copytrading bot & arbitrage bot))

    Community tommyreid622
    aws

    MCP Proxy for AWS

    AWS MCP Proxy Server

    Community aws
    railsblueprint

    Blueprint MCP

    MCP server for browser automation across Chrome, Firefox, and Safari using real browser profiles

    Community railsblueprint