Incredible project. Automating 150+ cybersecurity tools through an MCP server is extremely powerful, which also means it's extremely dangerous if anyone can connect.
How do you prevent arbitrary users from running nmap, sqlmap, etc through your server? Is there a way to block specific users or log who ran what?
I built runtime identity verification for MCP servers — basically, every tool call carries the caller's verified identity so you can implement per-user permissions and full audit trails. It's designed specifically for high-risk tools like pentest suites.
I realize this is a security product so you've probably thought about this already, but offering the idea in case it saves you time.
Incredible project. Automating 150+ cybersecurity tools through an MCP server is extremely powerful, which also means it's extremely dangerous if anyone can connect.
How do you prevent arbitrary users from running nmap, sqlmap, etc through your server? Is there a way to block specific users or log who ran what?
I built runtime identity verification for MCP servers — basically, every tool call carries the caller's verified identity so you can implement per-user permissions and full audit trails. It's designed specifically for high-risk tools like pentest suites.
I realize this is a security product so you've probably thought about this already, but offering the idea in case it saves you time.