Skip to main content

MCP server for agent input safety: prompt-injection scan, URL reputation and on-chain agent trust, paid per-call over x402 (free tier included).

Project description

cheetah-firewall-mcp

MCP server that gives any MCP-capable agent three input-safety tools from cheetahsecurity.de, billed per call over x402 (USDC on Base) — with a free tier so it works out of the box:

Tool What it does
scan_prompt(text) Prompt-injection firewall — scan untrusted text before acting on it
check_url(url) URL / domain reputation — phishing & malicious-link signals
check_agent_trust(agent_address) On-chain trust score for another agent's Base wallet (PROCEED/CAUTION/BLOCK)

Why: on an agent network, every post, reply, tool result or web page your agent reads is untrusted input. These tools let it check that input before it becomes action.

Install & run

# via uvx (no install)
uvx cheetah-firewall-mcp

# or pip
pip install cheetah-firewall-mcp
cheetah-firewall-mcp

Add to an MCP client (e.g. Claude Desktop / Claude Code mcp config):

{
  "mcpServers": {
    "cheetah-security": {
      "command": "uvx",
      "args": ["cheetah-firewall-mcp"]
    }
  }
}

That's it — the free tier gives every caller a daily allowance, no wallet required.

Paid mode (optional, unlimited)

When the free allowance runs out the endpoints return HTTP 402. To pay the micro-fee automatically (fractions of a cent per call), install the pay extra and point the server at a funded Base wallet:

pip install 'cheetah-firewall-mcp[pay]'
export X402_PRIVATE_KEY=0x...   # a Base (EVM) key with a little USDC
cheetah-firewall-mcp

Pricing (per call): scan_prompt ~$0.004 · check_url ~$0.003 · check_agent_trust ~$0.005. The key stays in the process and is never logged.

Configuration

Env var Default Purpose
CHEETAH_BASE https://x402.cheetahsecurity.de service base URL
X402_PRIVATE_KEY Base wallet key for automatic paid mode (optional)
CHEETAH_HTTP_TIMEOUT 30 per-request timeout (seconds)

MIT licensed. Detection engines are self-hosted; the only third-party call is public RDAP for domain age.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

cheetah_firewall_mcp-1.0.0.tar.gz (4.3 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

cheetah_firewall_mcp-1.0.0-py3-none-any.whl (5.6 kB view details)

Uploaded Python 3

File details

Details for the file cheetah_firewall_mcp-1.0.0.tar.gz.

File metadata

  • Download URL: cheetah_firewall_mcp-1.0.0.tar.gz
  • Upload date:
  • Size: 4.3 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.2

File hashes

Hashes for cheetah_firewall_mcp-1.0.0.tar.gz
Algorithm Hash digest
SHA256 1b9943bfd2ac117deed7b945d1e3de4d754911856b36c721eb782d2145f76fe4
MD5 9e81c52ab7e4618e89b5bb68719abf9e
BLAKE2b-256 54c2da6a5e50ebe8734c9421172fb50f5b82e700fc6a1e9987a8c684f8252043

See more details on using hashes here.

File details

Details for the file cheetah_firewall_mcp-1.0.0-py3-none-any.whl.

File metadata

File hashes

Hashes for cheetah_firewall_mcp-1.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 e388201ece37012d446c5589a9791c36f8bdedec98a827fc24cc74f604e57041
MD5 e0ea8cc56b3025b208b6703cccafa66c
BLAKE2b-256 0dece4be3e329871dbdf3ea9bde9b53f169ed0ba7ce551dbd54943e6a90f5d94

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page