CVE-2025-6514 — 437K+ MCP installs affected

Your MCP tools have
full access to your machine.
Now they have a firewall.

mcpwall is a transparent stdio proxy that intercepts every MCP tool call and enforces YAML-defined policies. Block dangerous requests, scan for secrets, log everything. No AI, no cloud, pure rules.

$ npm install -g mcpwall click to copy
mcpwall — live

MCP servers can read your SSH keys, delete your files, and exfiltrate your secrets.

And there's no built-in way to stop them.

NO POLICY LAYER

MCP servers execute whatever the AI asks. read_file ~/.ssh/id_rsa? Done. rm -rf /? Done. There's no built-in way to say "allow reads, block writes outside my project."

SCANNERS MISS 97%

mcp-scan detected only 4 of 120 poisoned servers in independent testing. Static scanning gives a false sense of security. You need runtime enforcement.

CLOUD = MORE RISK

Competitors route your tool calls through cloud APIs for "AI-powered" screening. Your code, secrets, and data leave your machine. That's the problem, not the solution.

One line change. Full protection.

Wrap any MCP server in your config. Everything else stays the same.

Claude Code
mcpwall
MCP Server
Before
// .mcp.json
{
"command": "npx",
"args": ["-y",
"@modelcontextprotocol/server-filesystem",
"/Users/me/projects"]
}
After — just add mcpwall
// .mcp.json
{
"command": "npx",
"args": ["-y", "mcpwall", "--",
"npx", "-y",
"@modelcontextprotocol/server-filesystem",
"/Users/me/projects"]
}
1
Intercept

Every JSON-RPC message is captured on stdin/stdout. Nothing gets through unchecked.

2
Evaluate

Rules are checked top-to-bottom, first match wins. Regex, glob, path checks, secret scanning.

3
Enforce

Allow → forward to server. Deny → return JSON-RPC error, log, don't forward.

What it blocks out of the box

8 default deny rules. Zero config required.

DENY
SSH Keys
.ssh/id_rsa, id_ed25519
DENY
Environment Files
.env, .env.local, .env.prod
DENY
Credentials
.aws/, .npmrc, .kube/config
DENY
Browser Data
Chrome cookies, login data
DENY
Destructive Cmds
rm -rf, mkfs, dd if=
DENY
Pipe to Shell
curl ... | bash
DENY
Reverse Shells
nc -e, /dev/tcp/, socat
DENY
Secret Leakage
API keys, tokens, JWTs

Deterministic security. Zero cloud.

YAML POLICY ENGINE

Define rules in plain YAML. Glob patterns, regex, path restrictions, secret scanning. First-match-wins, just like iptables. Version-control your security policy.

- name: block-ssh-keys
  match:
    tool: "*"
    arguments:
      _any_value:
        regex: "\.ssh/"
  action: deny
SECRET SCANNER

Regex patterns + Shannon entropy analysis detect AWS keys, GitHub tokens, Stripe keys, JWTs, private keys, database URLs, and more. Catches high-entropy strings that static patterns miss.

secrets:
  patterns:
    - name: aws-access-key
      regex: "AKIA[0-9A-Z]{16}"
    - name: generic-secret
      regex: "[A-Za-z0-9]{40}"
      entropy_threshold: 4.5
AUDIT LOGGING

Every tool call logged as JSON Lines. See exactly what your MCP servers are doing. Denied calls have arguments redacted to prevent secrets leaking into logs.

{"ts":"2026-02-17T14:30:00Z",
 "tool":"read_file",
 "action":"deny",
 "rule":"block-ssh-keys",
 "args":"[REDACTED]"}
ZERO CLOUD DEPENDENCY

Runs entirely on your machine. No API calls, no telemetry, no accounts, no cloud. Your code and secrets never leave your environment. Same input + same rules = same output, every time.

No network required
No telemetry or tracking
GDPR / DSGVO compliant by design
Works offline
EU AI Act — Aug 2, 2026

Built for European compliance

mcpwall's local-first architecture helps satisfy GDPR (DSGVO) and EU AI Act obligations. No tool call data leaves your infrastructure. Audit logs provide accountability evidence. Policy enforcement serves as a technical security measure (TOM) under Art. 32.

Art. 25 — Data protection by design
Art. 5(2) — Accountability & evidence
Art. 32 — Security of processing
AI Act — Supports oversight principles
Schrems II — No data leaves your machine

Secure your MCP servers
in 60 seconds

Install globally, then wrap any server with one command.

$ npm install -g mcpwall
$ mcpwall init
Found 3 MCP servers in ~/.claude.json
Wrapped: filesystem, github, postgres
✓ Config written to ~/.mcpwall/config.yml
View on GitHub npm package →