AI agents plug into thousands of MCP servers — most written by strangers — to read your data, run code, and spend your money. toolfence scans any MCP server and reports the risks your agents inherit the moment they connect.
npx toolfence https://your-server/mcp
The MCP spec settled authentication — OAuth 2.1 for HTTP transports. That's roughly 20% of the risk. The rest lives in what the tools do and what their definitions say:
A server ships a tool that tells the agent to read your secrets or ignore prior instructions. The agent complies. OAuth is happy.
Instructions smuggled into descriptions and schemas, fed verbatim into the agent's context window.
A server you trusted silently redefines a tool after the fact. No one notices.
Tools that touch the filesystem, run code, or reach the network with no per-call scoping.
A 60K-token tool catalog prepended to every agent turn — inflating cost, latency, and mis-selection.
OAuth logs the login. It doesn't log the 47 tool calls the agent actually made, with what arguments.
Works over Streamable HTTP, SSE, and local stdio. Markdown, JSON, and CI-friendly exit codes. Every detector is covered by a test that proves it fires on real attacks and stays quiet on benign servers.
It tells you what's wrong. The hosted gateway stops it in production — output sanitization, per-call scope reduction, behavioral guardrails, and replayable audit, in front of every MCP server you run.
Find the risk before an agent connects. Free, forever.
Govern tool calls at runtime. Sanitize, scope, rate-limit, audit.
Curated, scanned, metered MCP servers — with monetization rails for authors.