The only open-source platform that secures MCP servers from install to runtime. Scan for vulnerabilities with mcp-observatory. Block dangerous tool calls with mcp-seatbelt.
Built with TypeScript · MIT Licensed · 686 tests · Zero Dependencies
MCP unlocks powerful capabilities for AI agents. It also opens a massive attack surface with no existing combined defense.
AI agents have unrestricted access to files, shells, APIs, and databases through MCP tools — with no guardrails.
Security scanners report vulnerabilities but don't stop them. Runtime proxies block calls but don't scan.
Enterprises deploying AI agents need both — verifiable safety AND real-time protection in a single platform.
Scan before you install. Enforce at runtime. Built for developers who ship AI-powered applications.
Test 17 MCP servers in the safety index. 9 check modules. Attack simulation. Schema drift detection. Health scoring (0–100).
npx @kryptosai/mcp-observatoryDetect MCP configs across 8 clients. Proxy with default-deny policy. 13 risk rules. 7 policy rules. Argument redaction. Circuit breaker.
npx @kryptosai/mcp-seatbeltObservatory scans before install. Seatbelt enforces at runtime. Together they form a complete MCP security pipeline.
Most tools tilt scan. Others tilt enforce. Seatbelt + Observatory is the only stack that does both — and it's open source.
| Feature | Observatory + Seatbelt | Snyk agent-scan | Cisco mcp-scanner | mcp-proxy |
|---|---|---|---|---|
| Pre-install Scan | ✓ | ✓ | ✓ | ✗ |
| Runtime Enforcement | ✓ | ✗ | ✗ | ✓ |
| Attack Simulation | ✓ | ✗ | ✗ | ✗ |
| Argument Redaction | ✓ | ✗ | ✗ | ✗ |
| Learning Mode | ✓ | ✗ | ✗ | partial |
| Live Dashboard | ✓ | ✗ | ✗ | ✗ |
| Open Source | ✓ | ✓ | ✓ | ✓ |
| Free | ✓ | ✓ | ✓ | ✓ |
Three commands to go from zero to fully enforced MCP security.
# Scan a server npx @kryptosai/mcp-observatory scan
# Import findings npx @kryptosai/mcp-seatbelt init && \ import-observatory
# Enforce at runtime npx @kryptosai/mcp-seatbelt proxy \ --policy enforce
Start for free. Scale when you're ready.