π‘οΈ AIM MCP Server :: Guard and Protect your MCPs & AI Agents A Model Context Protocol (MCP) server that provides AI-powered security analysis and safety instruction tools. This server helps protect AI agents by providing security guidelines, content analysis, and cautionary instructions when interacting with various MCPs and external services. - π‘οΈ AI Safety Guard: Contextual security instructio
Add this skill
npx mdskills install AIM-Intelligence/aim-mcpComprehensive security MCP with 6 tools, 9 resources, and workflow prompts for AI agent protection
1[](README.md)2[](README-ko.md)34# AIM Guard MCP56[](https://archestra.ai/mcp-catalog/AIM-Intelligence__AIM-MCP)7[](https://smithery.ai/server/@AIM-Intelligence/aim-mcp)89[](https://www.npmjs.com/package/aim-guard-mcp)10[](https://smithery.ai/server/@AIM-Intelligence/aim-mcp)1112π‘οΈ **AIM MCP Server :: Guard and Protect your MCPs & AI Agents**1314A Model Context Protocol (MCP) server that provides AI-powered security analysis and safety instruction tools. This server helps protect AI agents by providing security guidelines, content analysis, and cautionary instructions when interacting with various MCPs and external services.1516<a href="https://glama.ai/mcp/servers/@AIM-Intelligence/AIM-MCP">17 <img width="380" height="200" src="https://glama.ai/mcp/servers/@AIM-Intelligence/AIM-MCP/badge" alt="AIM-Guard-MCP MCP server" />18</a>1920## Features2122### π§ Tools (6 total)2324- π‘οΈ **AI Safety Guard**: Contextual security instructions for MCP interactions25- π **Text Guard Analysis**: Harmful content detection using AIM Intelligence API26- π **Security Prompt Enhancement**: Add security layers to user prompts27- π¨ **Prompt Injection Detector**: OWASP LLM01:2025 compliant injection detection28- π **Credential Scanner**: Scan for exposed API keys, passwords, tokens, and secrets29- π **URL Security Validator**: Validate URLs for phishing, malware, and HTTPS enforcement3031### π Resources (9 total)3233- π **Security Checklists**: MCP-specific security checklists (database, email, slack, file, web, general)34- π **Security Policies**: Comprehensive policies (data classification, access control, incident response)3536### π¬ Prompts (2 total)3738- π **Security Review**: Multi-step security review workflow39- β οΈ **Threat Analysis**: STRIDE-based threat modeling and risk assessment4041### π― General4243- β‘ **Fast & Lightweight**: Built with TypeScript and Zod validation44- π§ **Easy Integration**: Works with any MCP-compatible AI assistant45- π **API Integration**: Connects to AIM Intelligence API for advanced analysis46- π **Comprehensive Documentation**: Detailed guide for Tools, Resources, and Prompts4748## Installation4950### Installing via Smithery5152To install aim-mcp for Claude Desktop automatically via [Smithery](https://smithery.ai/server/@AIM-Intelligence/aim-mcp):5354```bash55npx -y @smithery/cli install @AIM-Intelligence/aim-mcp --client claude56```5758### NPX (Recommended)5960```bash61npx aim-guard-mcp62```6364### Global Installation6566```bash67npm install -g aim-guard-mcp68aim-guard-mcp69```7071### Local Installation7273```bash74npm install aim-guard-mcp75```7677## Usage7879### As MCP Server8081Add to your MCP client configuration:8283```json84{85 "servers": {86 "aim-guard": {87 "type": "stdio",88 "command": "npx",89 "args": ["aim-guard-mcp"]90 }91 }92}93```9495### Testing the Tools9697#### Test AI Safety Guard9899```bash100# Get safety instructions for database operations101{102 "name": "ai-safety-guard",103 "arguments": {104 "mcp_type": "database",105 "operation_type": "query",106 "sensitivity_level": "confidential"107 }108}109```110111#### Test Text Guard112113```bash114# This will analyze the text for harmful content115{116 "name": "aim-text-guard",117 "arguments": {118 "text": "This is a sample text to analyze for safety."119 }120}121```122123#### Test Security Prompt Enhancement124125```bash126# Enhance a user prompt with security instructions127{128 "name": "aim-security-prompt-tool",129 "arguments": {130 "user_prompt": "Please help me with this task",131 "security_level": "strict"132 }133}134```135136### Available Tools137138#### 1. `ai-safety-guard`139140Provides contextual security instructions and precautions for AI Agents before they interact with other MCPs.141142```json143{144 "name": "ai-safety-guard",145 "arguments": {146 "mcp_type": "email|slack|database|file|web|general",147 "operation_type": "read|write|execute|delete|send|query",148 "sensitivity_level": "public|internal|confidential|restricted"149 }150}151```152153**Features**: Context-aware guidelines, operation-specific warnings, red flag detection154155#### 2. `aim-text-guard`156157Analyze text content for harmful or inappropriate content using AIM Intelligence API.158159```json160{161 "name": "aim-text-guard",162 "arguments": {163 "text": "Text content to analyze"164 }165}166```167168**Features**: Real-time analysis, harmful content detection, detailed JSON results169170#### 3. `aim-security-prompt-tool`171172Enhance user prompts with security instructions for safer AI interactions.173174```json175{176 "name": "aim-security-prompt-tool",177 "arguments": {178 "user_prompt": "Original user prompt",179 "security_level": "basic|standard|strict"180 }181}182```183184**Features**: Multi-level enhancement, threat analysis, social engineering protection185186#### 4. `prompt-injection-detector` π187188Detect prompt injection attempts based on OWASP LLM01:2025 patterns.189190```json191{192 "name": "prompt-injection-detector",193 "arguments": {194 "text": "Text to analyze for injection patterns",195 "sensitivity": "low|medium|high"196 }197}198```199200**Features**:201202- 15+ injection pattern detection (instruction override, role manipulation, jailbreak attempts)203- Risk scoring (0-100) with severity assessment204- OWASP LLM01:2025 compliant205- Configurable sensitivity levels206- Detailed threat reporting207208#### 5. `credential-scanner` π209210Scan text for exposed credentials including API keys, passwords, tokens, and SSH keys.211212```json213{214 "name": "credential-scanner",215 "arguments": {216 "text": "Text to scan for credentials",217 "mask_findings": true218 }219}220```221222**Features**:223224- 50+ credential patterns (AWS, GitHub, Google, OpenAI, Stripe, JWT, SSH keys)225- Automatic credential masking226- Risk level assessment227- Platform-specific detection (AWS, GitHub, Slack, databases)228- Actionable security recommendations229230#### 6. `url-security-validator` π231232Validate URL safety for phishing, malware, and security issues.233234```json235{236 "name": "url-security-validator",237 "arguments": {238 "url": "URL to validate",239 "strict_mode": false240 }241}242```243244**Features**:245246- 10+ security checks (protocol, TLD, IP address, homograph attacks)247- Phishing domain detection248- URL shortener identification249- Suspicious parameter detection250- HTTPS enforcement validation251252### Available Resources π253254Resources provide read-only security documentation and policies accessible via URI schemes.255256#### Security Checklists257258Access via `security-checklist://[type]`259260- `security-checklist://database` - Database operations checklist261- `security-checklist://email` - Email operations checklist262- `security-checklist://slack` - Chat/messaging operations checklist263- `security-checklist://file` - File operations checklist264- `security-checklist://web` - Web request checklist265- `security-checklist://general` - General MCP operations checklist266267**Each checklist includes**:268269- Pre-operation checks270- During-operation guidelines271- Post-operation verification272- Red flags to abort operations273274#### Security Policies275276Access via `security-policy://[type]`277278- `security-policy://data-classification` - Data classification levels and handling requirements279- `security-policy://access-control` - Access control principles and authentication requirements280- `security-policy://incident-response` - Incident response procedures and severity levels281282### Available Prompts π283284Prompts provide reusable workflow templates for complex security operations.285286#### 1. `security-review`287288Comprehensive security review workflow for code, data, or configuration.289290```json291{292 "name": "security-review",293 "arguments": {294 "target_type": "code|data|configuration",295 "context": "Additional context (optional)"296 }297}298```299300**Workflow**:3013021. Credential scanning3032. Prompt injection detection (if applicable)3043. Security checklist consultation3054. Policy compliance review3065. Threat analysis3076. Risk assessment and recommendations3087. **Summary table** - Visual overview of all findings by severity309310**Summary Output Example**:311312```313π μμ½314315| μ¬κ°λ | κ°μ | νμΌ/μμΉ |316|-------------|-----|------------------------|317| π΄ CRITICAL | 1 | resources/handler.ts |318| π HIGH | 2 | textGuard.ts |319| π‘ MEDIUM | 3 | prompts/handler.ts |320| π’ LOW | 5 | credentialScanner.ts |321```322323#### 2. `threat-analysis`324325Analyze potential security threats using STRIDE methodology.326327```json328{329 "name": "threat-analysis",330 "arguments": {331 "scenario": "Security scenario to analyze",332 "sensitivity_level": "public|internal|confidential|restricted"333 }334}335```336337**Framework**:3383391. Asset identification3402. STRIDE threat modeling (Spoofing, Tampering, Repudiation, Information Disclosure, DoS, Elevation of Privilege)3413. Risk assessment (likelihood Γ impact)3424. Attack vector analysis3435. Control gap identification3446. Mitigation strategies3457. Compliance considerations3468. Incident response planning3479. **Summary table** - Visual overview of all threats by severity348349**Summary Output Example**:350351```352π μμ½353354| μ¬κ°λ | κ°μ | μν μ ν |355|-------------|-----|---------------------------------|356| π΄ CRITICAL | 2 | Information Disclosure, Spoofing |357| π HIGH | 1 | Elevation of Privilege |358| π‘ MEDIUM | 3 | Tampering, DoS |359| π’ LOW | 1 | Repudiation |360```361362## Security Features363364### π‘οΈ AI Agent Protection365366- **MCP Interaction Safety**: Contextual guidelines for different MCP types367- **Operation Validation**: Specific precautions for read/write/execute operations368- **Data Sensitivity Handling**: Protocols based on data classification levels369370### π Content Analysis371372- **Real-time Threat Detection**: Analyze content for harmful patterns373- **Prompt Injection Detection**: OWASP LLM01:2025 compliant pattern matching374- **Credential Exposure Prevention**: Scan for 50+ types of exposed secrets375- **API-powered Analysis**: Advanced AI-driven content safety assessment376377### π URL Security378379- **Phishing Detection**: Identify suspicious domains and homograph attacks380- **HTTPS Enforcement**: Validate secure protocol usage381- **Malicious URL Blocking**: Check against known threat indicators382383### π Policy & Compliance384385- **Security Checklists**: Pre-built checklists for all MCP types386- **Data Classification**: Clear policies for handling sensitive data387- **Access Control**: Guidelines for authentication and authorization388- **Incident Response**: Structured procedures for security incidents389390### π Workflow Orchestration391392- **Security Review Prompts**: Multi-step review workflows393- **Threat Analysis**: STRIDE-based threat modeling394- **Automated Audits**: Combine multiple tools for comprehensive checks395396## Development397398```bash399# Clone the repository400git clone https://github.com/AIM-Intelligence/AIM-MCP.git401cd AIM-MCP402403# Install dependencies404pnpm install405406# Build the project407pnpm run build408409# Run in development mode410pnpm run dev411412# Run tests413pnpm test414```415416## Deployment417418This project uses automated CI/CD pipeline for seamless deployment to NPM.419420### Automatic Deployment421422When you push to the `main` branch, GitHub Actions will automatically:4234241. **Build and Test**: Compile TypeScript and run tests4252. **Version Check**: Compare current version with published version4263. **Publish to NPM**: Automatically publish if version has changed4274. **Create Release**: Generate GitHub release with version tag428429### Manual Version Management430431```bash432# Bump patch version (1.0.0 -> 1.0.1)433pnpm run release:patch434435# Bump minor version (1.0.0 -> 1.1.0)436pnpm run release:minor437438# Bump major version (1.0.0 -> 2.0.0)439pnpm run release:major440```441442### Setting up NPM Token443444To enable automatic deployment, add your NPM token to GitHub Secrets:4454461. Go to [npmjs.com](https://www.npmjs.com) and create an automation token4472. In your GitHub repository, go to Settings > Secrets and variables > Actions4483. Add a new secret named `NPM_TOKEN` with your NPM token value449450### Deployment Workflow451452```mermaid453graph LR454 A[Push to main] --> B[GitHub Actions]455 B --> C[Build & Test]456 C --> D[Version Check]457 D --> E{Version Changed?}458 E -->|Yes| F[Publish to NPM]459 E -->|No| G[Skip Deployment]460 F --> H[Create GitHub Release]461 F --> I[Create Git Tag]462```463464## Contributing4654661. Fork the repository4672. Create your feature branch (`git checkout -b feature/amazing-feature`)4683. Commit your changes (`git commit -m 'Add some amazing feature'`)4694. Push to the branch (`git push origin feature/amazing-feature`)4705. Open a Pull Request471472## License473474This project is licensed under the ISC License - see the [LICENSE](LICENSE) file for details.475476## Documentation477478- π **[MCP Components Guide](./MCP_COMPONENTS_GUIDE.md)**: Comprehensive guide to Tools, Resources, and Prompts479- π **[GitHub Wiki](https://github.com/AIM-Intelligence/AIM-MCP/wiki)**: Additional documentation and examples480- π **[MCP Specification](https://modelcontextprotocol.io/)**: Official Model Context Protocol documentation481482## Support483484- π§ Email: support@aim-intelligence.com485- π Issues: [GitHub Issues](https://github.com/AIM-Intelligence/AIM-MCP/issues)486- π¬ Discussions: [GitHub Discussions](https://github.com/AIM-Intelligence/AIM-MCP/discussions)487488---489490Made with β€οΈ by [AIM Intelligence](https://github.com/AIM-Intelligence)491
Full transparency β inspect the skill content before installing.