AgentSafe

An agentic MCP client that runs security checks on MCP servers before connecting to them and can do secure agentic payments.

Comment

Inspiration

I went to the Stytch OpenAI MCP event last night and a big issue that came up was that 1) there's no npm registry of MCP servers like there are for code libraries/packages 2) when you connect to an MCP server there are huge security concerns about what will get run / injected into your client agent.

When I saw that this hackathon was going to have Semgrep and Vanta, it made sense to me to try and build an MCP client that audited the company hosting the MCP servers with Vanta and checked the actual code of the MCP server (if it's public) for vulnerabilities -- all before connecting. That's why I call it AgentSafe -- the agent is running security checks on all external MCPs before connecting.

The agent is also able to pay for things (tool usage / data) using Skyfire -- so secure MCP connections and payments.

What it does

It's an MCP client that can dynamically connect to any MCP servers during runtime (doesn't need to be pre-configured with mcp urls in a config.json or something) that runs security checks before connecting and executing tools from an external MCP server. The security checks consist of consulting Vanta's MCP server on the company who hosts the MCP server (what are their frameworks, controls, and vulnerabilities) and then also doing a semgrep of the MCP server source code to check for vulnerabilities (secret leakage/ static code analysis / ect).

The MCP client is outfitted with some MCP servers at initialization (Skyfire and Vanta). Skyfire is to enable agentic payments. I also created some tools so that it could search Smithery, which is an emerging directory of MCP servers. This means the MCP client can search Smithery for MCPs to connect to and run checks on those MCPs before proceeding with running tool calls. This results in much more secure tool calling than the status quo.

How we built it

I built the MCP client on the AWS strands agent framework using the Agent Development Kit. I wrote some custom tools for the agent (search_smithery, smithery_server_details, get_url_content, clone_github_repo, semgrep_audit, and some others).

I used the MCP_client tool from the aws strand tools repo-- this enabled the MCP client to dynamically connect to MCP servers and add tools to the agent as it runs.

I also initialized the agent with connections to the Vanta and Skyfire MCP servers, so that it could call tools from either. Vanta allowed me to check a company's compliance data (in this case Smithery -- the MCP directory company) and Skyfire let my agent pay for tool usage.

Challenges we ran into

I wanted to use System Initiative to spin up a container where I could test theses MCP servers with Semgrep, but eventually settled on just downloading them locally into a directory and running semgrep on them.

Also, apparently the Amazon Agent Development Kit UI cannot be deployed easily, as it's mainly meant for local development, but I was able to deploy the backend.

Accomplishments that we're proud of

More secure MCP tool calling with Sempgrep + Vanta auditing the company and MCP server code before usage!

The MCP client is able to fluidly use new MCPs as needed and discover new ones using Smithery

The MCP client can also do Payments with Skyfire and transact with merchants that accept KYA+PAY tokens as payment (Apify, Buildship, and other companies). This means the agent is not restricted to free tools, it can pay for more compex ones as well!

What we learned

I learned that MCP security is hard. Even thought the code of the mcp server is being checked-- prompt injection are still possible.

What's next for AgentSafe

Publish the MCP client and let anyone use external MCPs more securely. Robustify the payment methods so you're able to pay for more things with your agent, rather than just skyfire service,

Built With

Share this project:

Updates