vaultmcp

vaultmcp / vault

Public

MCP prompt-injection scanning proxy — runtime security for MCP tool responses

94
1
89% credibility
Found May 28, 2026 at 100 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Solidity
AI Summary

Vault is an open-source security tool that protects AI assistants from a type of attack called 'prompt injection.' When an AI assistant uses external tools (like reading files, searching the web, or calling APIs), malicious content can hide inside those tools' responses and trick the assistant into doing harmful things — like sending secrets to attackers or ignoring your instructions. Vault sits between your AI assistant and its tools, checking every response through multiple layers of detection before your assistant sees it. If dangerous content is found, it gets blocked. Vault works automatically with no changes to how you use your AI assistant, and stores all detection data locally so nothing sensitive leaves your machine.

How It Works

1
🔍 You hear about AI security risks

You learn that AI assistants can be tricked through their tools — hidden instructions in files or search results can redirect the assistant to do harmful things.

2
🛡️ You find Vault

You discover Vault, an open-source tool that sits between your AI assistant and every tool it uses, watching for these hidden attacks.

3
You install it with one command

You type a simple command and Vault starts protecting your assistant. It works with any tool — file readers, web searches, databases — without changing how you work.

4
🔎 Vault watches quietly in the background

Every time a tool returns information, Vault scans it through multiple layers of detection. If something looks like an attack, it stops the assistant from seeing it.

5
Vault decides what to do
Clean

Your assistant receives the response normally, nothing changes

⚠️
Suspicious

Vault sends it to a smarter check to be sure

🚫
Blocked

Dangerous content is replaced with an error, your assistant never sees it

6
📊 You can see what's happening

Optional: you enable a local dashboard to see your scan history, what was blocked, and which tools have caught threats before.

🎉 Your AI assistant is protected

Your assistant can do its job safely. Vault catches hidden attacks, learns from them, and keeps working quietly in the background.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 100 to 94 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is Vault?

Vault is a proxy that sits between your AI agent and any MCP server, scanning every tool response before it reaches the agent. It catches prompt-injection attacks hiding in file contents, API responses, or search results. The detection pipeline runs three layers: fast regex heuristics, embedding similarity against a known-attack corpus, and an optional LLM judge for ambiguous cases. You can run it with an Anthropic API key, OpenAI, or locally via Ollama for air-gapped setups. The CLI wraps any MCP server with a single command, and there's an on-chain reputation system on Base where servers accumulate trust scores over time.

Why is it gaining traction?

MCP has no built-in security layer. Every tool response is a direct write into your agent's context window, which means a compromised or malicious server can redirect your agent mid-task. Vault addresses this directly. The project also publishes its full eval methodology, including an 80-attack holdout dataset and a 100-document benign set. The numbers are verifiable, not marketing copy. The on-chain reputation registry is a clever touch: servers accumulate scores across every Vault installation, so the community effectively crowdsources threat intelligence.

Who should use this?

Security-conscious teams running MCP servers in production, especially those connecting to third-party or untrusted tools. If you're using Claude Desktop with multiple MCP integrations, or deploying agents that call external APIs, this is worth evaluating. The eval harness and public datasets make it suitable for security researchers who want to benchmark detection approaches. Teams with strict data residency requirements will appreciate the Ollama offline mode.

Verdict

Vault is a well-scoped solution to a real problem, with unusually transparent evaluation. At 94 stars it's early-stage, and the credibility score of 0.899% reflects that maturity gap. The documentation is thorough and the eval methodology is genuinely open, which earns trust. Worth trying in dev environments to see how it performs against your specific MCP traffic patterns.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.