Open Source · MIT Licensed

Scan Before You Trust.
Enforce at Runtime.

The only open-source platform that secures MCP servers from install to runtime. Scan for vulnerabilities with mcp-observatory. Block dangerous tool calls with mcp-seatbelt.

GitHub stars for mcp-observatory npm downloads for @kryptosai/mcp-observatory GitHub stars for mcp-seatbelt npm downloads for @kryptosai/mcp-seatbelt
Quick Start ↓ GitHub → Observatory →

Built with TypeScript · MIT Licensed · 686 tests · Zero Dependencies

MCP Security Platform demo
The Problem

The MCP security gap

MCP unlocks powerful capabilities for AI agents. It also opens a massive attack surface with no existing combined defense.

47,000+ MCP repositories on GitHub. Zero combined scanning + runtime enforcement tools. Until now.

AI agents have unrestricted access to files, shells, APIs, and databases through MCP tools — with no guardrails.

Security scanners report vulnerabilities but don't stop them. Runtime proxies block calls but don't scan.

Enterprises deploying AI agents need both — verifiable safety AND real-time protection in a single platform.

The Platform

Two open-source tools.
One complete security pipeline.

Scan before you install. Enforce at runtime. Built for developers who ship AI-powered applications.

PRE-INSTALL SCANNING

mcp-observatory

Scanner & Vulnerability Analyzer

Test 17 MCP servers in the safety index. 9 check modules. Attack simulation. Schema drift detection. Health scoring (0–100).

  • SARIF / Code Scanning integration
  • CI/CD native — runs in any pipeline
  • Record & Replay traffic analysis
  • NSA-MCP audit profile
  • npx @kryptosai/mcp-observatory
474 tests
22+ CLI commands
GitHub stars for mcp-observatory npm downloads for @kryptosai/mcp-observatory
View on GitHub →
RUNTIME ENFORCEMENT

mcp-seatbelt

Runtime Proxy & Policy Engine

Detect MCP configs across 8 clients. Proxy with default-deny policy. 13 risk rules. 7 policy rules. Argument redaction. Circuit breaker.

  • Live dashboard for real-time monitoring
  • Learning mode — auto-generate policies
  • Time-windowed policy rules
  • Policy inheritance & composition
  • npx @kryptosai/mcp-seatbelt
212 tests
7 CLI commands
GitHub stars for mcp-seatbelt npm downloads for @kryptosai/mcp-seatbelt
View on GitHub →
How it Works

Scan. Score. Enforce. Repeat.

Observatory scans before install. Seatbelt enforces at runtime. Together they form a complete MCP security pipeline.

🔍 OBSERVATORY Pre-Install

  • 1 Discover Configs
  • 2 Scan for Risks
  • 3 Attack Simulation
  • 4 Score & Report
import

🛡 SEATBELT Runtime

  • 5 Intercept Calls
  • 6 Evaluate Policy
  • 7 Allow / Deny / Redact
  • 8 Live Dashboard
Comparison

How we stack up

Most tools tilt scan. Others tilt enforce. Seatbelt + Observatory is the only stack that does both — and it's open source.

Feature Observatory + Seatbelt Snyk agent-scan Cisco mcp-scanner mcp-proxy
Pre-install Scan
Runtime Enforcement
Attack Simulation
Argument Redaction
Learning Mode partial
Live Dashboard
Open Source
Free
Quick Start

Start securing MCP in seconds

Three commands to go from zero to fully enforced MCP security.

Step 1 — Scan a server

# Scan a server
npx @kryptosai/mcp-observatory scan

Step 2 — Import findings

# Import findings
npx @kryptosai/mcp-seatbelt init && \
  import-observatory

Step 3 — Enforce at runtime

# Enforce at runtime
npx @kryptosai/mcp-seatbelt proxy \
  --policy enforce
Pricing

Simple, transparent pricing

Start for free. Scale when you're ready.

Open Source

Free
Forever
  • All CLI tools
  • Local scanning & analysis
  • Local proxy with full policy engine
  • Self-hosted dashboard
  • MIT License
  • Community support
Get Started

Observatory Cloud

From $299/mo
Enterprise tier
  • Everything in Open Source
  • Hosted scan history & CI reports
  • Private vulnerability reports
  • Certification badges
  • SSO & team management
  • Priority support & SLA
Contact Sales
474 + 212 = 686
Tests
8
Client Detectors
20+
Security Rules
29+
CLI Commands
47K+
MCP Ecosystem