Skip to content

Preventing unauthorized users from running pentest tools via your MCP server #203

Description

@Marsssssssssssdsss

Incredible project. Automating 150+ cybersecurity tools through an MCP server is extremely powerful, which also means it's extremely dangerous if anyone can connect.

How do you prevent arbitrary users from running nmap, sqlmap, etc through your server? Is there a way to block specific users or log who ran what?

I built runtime identity verification for MCP servers — basically, every tool call carries the caller's verified identity so you can implement per-user permissions and full audit trails. It's designed specifically for high-risk tools like pentest suites.

I realize this is a security product so you've probably thought about this already, but offering the idea in case it saves you time.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions