Thanks to visit codestin.com
Credit goes to github.com

Skip to content

82ch/MCP-Dandan

BranchesTags

Repository files navigation

MCP-Dandan - MCP Security Framework

License Python Electron

image

MCP-Dandan

Overview

MCP-Dandan is an integrated monitoring service that observes MCP (Model Context Protocol) communications and detects security threats in real time. It features a modern desktop UI built with Electron for easy monitoring and management.

Currently, MCP-Dandan is listed in well-known MCP-related open-source collections and can be found in the following repositories:

MCP-Dandan.mp4

Features

  • Real-time MCP Traffic Monitoring: Intercepts and analyzes MCP communications
  • Multi-Engine Threat Detection:
    • Command Injection Detection
    • File System Exposure Detection
    • PII Leak Detection(custom rules supported)
    • Data Exfiltration Detection
    • Tools Poisoning Detection (LLM-based)
  • Desktop UI: Electron-based application with interactive dashboard
  • Interactive Tutorial: Built-in tutorial system for new users
  • Blocking Capabilities: Real-time threat blocking with user control
  • Cross-Platform: Supports Windows, macOS, and Linux

Quick Start

Installation

# Clone the repository
git clone https://github.com/82ch/MCP-Dandan.git
cd MCP-Dandan

# Install all dependencies (Python + Node.js)
npm run install-all

Running the Application

# Start both server and desktop UI
npm run dev

The server will start on http://127.0.0.1:8282 and the Electron desktop app will launch automatically.

Project Structure

image

Detection Engines

1. Command Injection Engine

Identifies potential command injection patterns in tool calls.

2. File System Exposure Engine

Monitors unauthorized file system access attempts.

3. PII Leak Engine (custom rules supported)

Detects potential PII leakage with built-in rules and optional user-defined customization.

4. Data Exfiltration Engine

Identifies suspicious data transfer patterns.

5. Tools Poisoning Engine (LLM-based)

Uses semantic analysis to detect misuse of MCP tools:

  • Compares tool specifications vs actual usage
  • Scores alignment (0-100) with detailed breakdown
  • Auto-categorizes severity: none/low/medium/high

Engine Setting

Setting.mp4

Input your MISTRAL_API_KEY to enable the Tools Poisoning Engine, and configure detection settings as needed.

Desktop UI Features

  • Real-time Dashboard: Monitor MCP traffic and threats in real time
  • Interactive Tutorial: Learn how to use the system with step-by-step guides
  • Blocking Interface: Review and control threat blocking actions
  • Settings Panel: Configure detection engines and system behavior
  • Chat Panel: Interact with the system and view logs
UI_feature.mp4

Full Documentation

For detailed explanations and technical documentation, please refer to the
MCP-Dandan Wiki.

Have questions or suggestions?
Please visit the Discussions tab.

About

MCP Security Solution for Agentic AI — real-time proxying, behavior analysis, and malicious tool detection

mcp-dandan.netlify.app/

Topics

monitoring mcp awesome-lists ai-security ai-tools ai-security-tool model-context-protocol mcp-server mcp-tools mcp-host mcp-gateway mcp-security mcp-guard

Resources

Readme

License

MIT license

Contributing

Contributing
Activity
Custom properties

Stars

57 stars

Watchers

0 watching

Forks

6 forks
Report repository

Releases 3

v1.1.0 Latest
Dec 13, 2025
+ 2 releases

Packages

No packages published

Contributors 6

Languages