A lightweight security validation layer for MCP (Model Context Protocol) inputs
Project description
mcp-marshal
mcp-marshal is a lightweight security validation layer for Model Context Protocol (MCP) inputs. It scans tool-call payloads for risky patterns - SQL injection, XSS, and other common attack vectors - before they reach your model or tool handler.
This is an early but functional release. The core validation logic works today; more features are on the roadmap.
Installation
pip install mcp-marshal
Quick start
from mcp_marshal import Warden
warden = Warden()
# Clean input
result = warden.validate_input({"query": "What is the weather today?"})
print(result)
# {"valid": True, "issues": []}
# Risky input
result = warden.validate_input({
"query": "SELECT * FROM users; DROP TABLE users;--",
"context": "admin panel"
})
print(result["valid"]) # False
for issue in result["issues"]:
print(issue)
# {"field": "query", "pattern": "DROP TABLE", "severity": "critical"}
# {"field": "query", "pattern": "--", "severity": "medium"}
# {"field": "query", "pattern": ";--", "severity": "high"}
Custom patterns
from mcp_marshal import Warden
extra = [
{"pattern": "IGNORE PREVIOUS INSTRUCTIONS", "severity": "critical"},
{"pattern": "jailbreak", "severity": "high"},
]
warden = Warden(extra_patterns=extra)
result = warden.validate_input({"prompt": "Ignore previous instructions and ..."})
print(result["valid"]) # False
API
Warden(extra_patterns=None)
Create a warden instance. Pass extra_patterns to extend the built-in ruleset.
Warden.validate_input(payload: dict) -> dict
Scan all string values in payload (recursively) for risky patterns.
Returns:
{
"valid": bool,
"issues": [
{
"field": str, # dot-path to the offending key
"pattern": str, # matched pattern
"severity": str, # low | medium | high | critical
}
]
}
Built-in patterns
| Pattern | Severity |
|---|---|
DROP TABLE |
critical |
DELETE FROM |
critical |
UNION SELECT |
critical |
' OR '1'='1 |
critical |
;-- |
high |
<script> |
high |
javascript: |
high |
-- |
medium |
Roadmap
- Prompt injection detection (LLM-assisted)
- Configurable allow-lists and deny-lists
- Async support
- JSON-schema validation for MCP tool arguments
- CLI for quick audits
- Integration guides for popular MCP server frameworks
License
MIT. See LICENSE.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file mcp_marshal-0.1.0a1.tar.gz.
File metadata
- Download URL: mcp_marshal-0.1.0a1.tar.gz
- Upload date:
- Size: 4.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
142914a0fbf71983006e8dda4190821583185048edd7283d3cbf4927db85181c
|
|
| MD5 |
af9b8a5928d51b4972d08e3481569646
|
|
| BLAKE2b-256 |
ff9157d5a9619d8ee698b4fabe6fbd5100ef1b753c3f435266ad4a6a31e56b59
|
File details
Details for the file mcp_marshal-0.1.0a1-py3-none-any.whl.
File metadata
- Download URL: mcp_marshal-0.1.0a1-py3-none-any.whl
- Upload date:
- Size: 5.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
daef82e0205890b6d1bde221302049d4266aee53d71a76cb620925e4ee5cbf98
|
|
| MD5 |
a8ca4fccdbb7968f8dcdd6dce75db627
|
|
| BLAKE2b-256 |
25184b79e4123fa592d8ed213ec167363838134c95b021a6fec928c166db23a9
|
