Introduction
Use local MCP servers securely with zero-trust isolation while reducing context window token usage by up to 98%.
Based on Anthropic Research
This implementation is based on Code execution with MCP: Building more efficient agents by Anthropic, using Wrangler for local MCP isolation via Dynamic Worker Loaders.
Why MCP Guard?
🔒 Security: Zero-Trust Execution
Traditional MCP servers have direct access to your filesystem, environment variables, network, and system. MCP Guard runs all code in isolated Cloudflare Worker environments with zero access to these resources.
Protected against:
- Data exfiltration
- Credential theft
- Filesystem access
- Arbitrary code execution
- SSRF attacks
- Supply chain attacks
⚡ Efficiency: Code Mode Execution
Traditional MCP tool calling wastes your context window. MCP Guard uses code mode to reduce token usage by up to 98%.
| Approach | Token Usage | Efficiency |
|---|---|---|
| Traditional | 30,300 tokens | Baseline |
| MCP Guard | ~750 tokens | 97.5% reduction |
Quick Example
Here's how MCP Guard protects against a common attack:
Getting Started
VS Code Extension
The easiest way to get started with MCP Guard
How It Works
Understand the security architecture
CLI Usage
Use MCP Guard from the command line
Security Analysis
Deep dive into attack vector protection
Three Layers of Protection
- V8 Isolate Sandboxing - Complete process isolation
- Network Isolation - No outbound network access, only MCP bindings can communicate
- Code Validation - Blocks dangerous patterns before execution
Key Benefits
- 📉 Up to 98% reduction in token usage
- 🚀 60x more tasks in the same context window
- 💰 Massive cost savings on LLM API calls
- ⚡ No round-trips for intermediate results
- 🔒 Zero-trust security for all MCP operations