feat: add ATR agent threat scanning MCP server#28
Conversation
Add atr-mcp server providing regex-based AI agent threat detection: - atr_scan_text: Scan text against 20 ATR rules - atr_scan_mcp_config: Scan full MCP config for threats - atr_list_rules: List loaded detection rules - atr_rule_info: Get rule details Pure Python, no external binary dependencies, <5ms per scan. Source: https://github.com/anthropics/agent-threat-rules (MIT)
…xt-aware filtering - Remove unused pydantic-settings dependency - Add SKILL_CONTEXT_DENYLIST for context-aware rule filtering - Skip credential scanning on env var values in MCP config scan - Fix Dockerfile to match project template (EXPOSE, PYTHONUNBUFFERED, vendor label) - Deduplicate findings by rule_id per scan - Fix double-scanning in atr_scan_mcp_config - Fix redundant exception handling - Document 20-rule subset in README - Fix README example output accuracy - Fix README source URL with community attribution - Remove context enum constraint for free-form string
|
Bumping with new ecosystem credentials since this opened on 4/9. ATR now shipped in production at Microsoft Agent Governance Toolkit (#908, #1277), Cisco AI Defense skill-scanner (#79, #99), MISP galaxy + taxonomies (5/10), and OWASP Agent Skill Risk Hub (#74, 5/11). 344 rules, MIT licensed, npm 23K downloads/30d. Happy to adjust framing if needed. |
|
Heads up for maintainers: the two failing checks ( |
Summary
Add an ATR (Agent Threat Rules) MCP server for regex-based AI agent threat detection. Unlike other servers in this hub that wrap external binaries, this server is pure Python with zero external tool dependencies.
Tools
atr_scan_textskillmode excludes high-FP rules).atr_scan_mcp_configatr_list_rulesatr_rule_infoThreat categories covered (20 rules)
Prompt injection (3), jailbreak (2), system prompt override/extraction (2), tool poisoning (2), data exfiltration (2), reverse shell (1), credential exposure (1), privilege escalation (1), cross-agent manipulation (1), hidden instructions (1), social engineering (1), path traversal (1), code injection (1), encoded payload (1).
This is a curated subset of 20 high-precision rules from the ATR standard (108 rules total, MIT licensed).
Files
agent-security/atr-mcp/server.pyagent-security/atr-mcp/rules.jsonagent-security/atr-mcp/Dockerfileagent-security/atr-mcp/README.mdagent-security/atr-mcp/requirements.txtdocker-compose.ymltests/test_mcp_servers.pyexamples/claude-desktop-config.jsonKey design choices
context="skill"excludes 4 high-FP rules for SKILL.md contentread_only: trueDocker filesystem, 256M memory limitTest plan
@app.list_tools()test_mcp_servers.pyparametrized tests