MCP.directory
AIM Guard

AIM Guard

aim-intelligence

Provides security middleware for MCP servers and AI agents, detecting threats like prompt injections, exposed credentials, and malicious URLs. Guards against unauthorized access and data leakage through automated security validation.

Provides security middleware that guards MCP implementations against unauthorized access, data leakage, and malicious interactions through threat detection and protection validation.

19311 views14Local (stdio)
auth security
GitHub

What it does

  • Detect prompt injection attempts using OWASP LLM patterns
  • Scan text for exposed credentials and API keys
  • Validate URL safety against phishing and malware
  • Analyze content for harmful material
  • Enhance prompts with security layers
  • Generate contextual security instructions

Best for

Securing AI agents and MCP implementationsOrganizations handling sensitive data through AIDevelopers building production MCP servers
OWASP LLM01:2025 compliant detection6 security tools includedBuilt-in security checklists and policies

About AIM Guard

AIM Guard is a community-built MCP server published by aim-intelligence that provides AI assistants with tools and capabilities via the Model Context Protocol. Protect your MCP with AIM Guard—advanced threat detection software for unauthorized access, botnet, and malware detectio It is categorized under auth security. This server exposes 6 tools that AI clients can invoke during conversations and coding sessions.

How to install

You can install AIM Guard in your AI client of choice. Use the install panel on this page to get one-click setup for Cursor, Claude Desktop, VS Code, and other MCP-compatible clients. This server runs locally on your machine via the stdio transport.

License

AIM Guard is released under the ISC license. This is a permissive open-source license, meaning you can freely use, modify, and distribute the software.

Tools (6)

ai-safety-guard

AI Safety Guard - MCP Caution Instructions for AI Agents

aim-text-guard

AIM-Intelligence Text Guard Tool

aim-security-prompt-tool

Security Prompt Enhancement Tool

prompt-injection-detector

Detect prompt injection attempts based on OWASP LLM01:2025 patterns

credential-scanner

Scan text for exposed credentials (API keys, passwords, tokens, SSH keys)

en ko

AIM Guard MCP

Trust Score smithery badge

NPM Version Smithery Server

🛡️ AIM MCP Server :: Guard and Protect your MCPs & AI Agents

A Model Context Protocol (MCP) server that provides AI-powered security analysis and safety instruction tools. This server helps protect AI agents by providing security guidelines, content analysis, and cautionary instructions when interacting with various MCPs and external services.

AIM-Guard-MCP MCP server

Features

🔧 Tools (6 total)

  • 🛡️ AI Safety Guard: Contextual security instructions for MCP interactions
  • 🔍 Text Guard Analysis: Harmful content detection using AIM Intelligence API
  • 🔒 Security Prompt Enhancement: Add security layers to user prompts
  • 🚨 Prompt Injection Detector: OWASP LLM01:2025 compliant injection detection
  • 🔐 Credential Scanner: Scan for exposed API keys, passwords, tokens, and secrets
  • 🌐 URL Security Validator: Validate URLs for phishing, malware, and HTTPS enforcement

📚 Resources (9 total)

  • 📋 Security Checklists: MCP-specific security checklists (database, email, slack, file, web, general)
  • 📖 Security Policies: Comprehensive policies (data classification, access control, incident response)

💬 Prompts (2 total)

  • 🔍 Security Review: Multi-step security review workflow
  • ⚠️ Threat Analysis: STRIDE-based threat modeling and risk assessment

🎯 General

  • Fast & Lightweight: Built with TypeScript and Zod validation
  • 🔧 Easy Integration: Works with any MCP-compatible AI assistant
  • 🔗 API Integration: Connects to AIM Intelligence API for advanced analysis
  • 📚 Comprehensive Documentation: Detailed guide for Tools, Resources, and Prompts

Installation

Installing via Smithery

To install aim-mcp for Claude Desktop automatically via Smithery:

npx -y @smithery/cli install @AIM-Intelligence/aim-mcp --client claude

NPX (Recommended)

npx aim-guard-mcp

Global Installation

npm install -g aim-guard-mcp
aim-guard-mcp

Local Installation

npm install aim-guard-mcp

Usage

As MCP Server

Add to your MCP client configuration:

{
  "servers": {
    "aim-guard": {
      "type": "stdio",
      "command": "npx",
      "args": ["aim-guard-mcp"]
    }
  }
}

Testing the Tools

Test AI Safety Guard

# Get safety instructions for database operations
{
  "name": "ai-safety-guard",
  "arguments": {
    "mcp_type": "database",
    "operation_type": "query",
    "sensitivity_level": "confidential"
  }
}

Test Text Guard

# This will analyze the text for harmful content
{
  "name": "aim-text-guard",
  "arguments": {
    "text": "This is a sample text to analyze for safety."
  }
}

Test Security Prompt Enhancement

# Enhance a user prompt with security instructions
{
  "name": "aim-security-prompt-tool",
  "arguments": {
    "user_prompt": "Please help me with this task",
    "security_level": "strict"
  }
}

Available Tools

1. ai-safety-guard

Provides contextual security instructions and precautions for AI Agents before they interact with other MCPs.

{
  "name": "ai-safety-guard",
  "arguments": {
    "mcp_type": "email|slack|database|file|web|general",
    "operation_type": "read|write|execute|delete|send|query",
    "sensitivity_level": "public|internal|confidential|restricted"
  }
}

Features: Context-aware guidelines, operation-specific warnings, red flag detection

2. aim-text-guard

Analyze text content for harmful or inappropriate content using AIM Intelligence API.

{
  "name": "aim-text-guard",
  "arguments": {
    "text": "Text content to analyze"
  }
}

Features: Real-time analysis, harmful content detection, detailed JSON results

3. aim-security-prompt-tool

Enhance user prompts with security instructions for safer AI interactions.

{
  "name": "aim-security-prompt-tool",
  "arguments": {
    "user_prompt": "Original user prompt",
    "security_level": "basic|standard|strict"
  }
}

Features: Multi-level enhancement, threat analysis, social engineering protection

4. prompt-injection-detector 🆕

Detect prompt injection attempts based on OWASP LLM01:2025 patterns.

{
  "name": "prompt-injection-detector",
  "arguments": {
    "text": "Text to analyze for injection patterns",
    "sensitivity": "low|medium|high"
  }
}

Features:

  • 15+ injection pattern detection (instruction override, role manipulation, jailbreak attempts)
  • Risk scoring (0-100) with severity assessment
  • OWASP LLM01:2025 compliant
  • Configurable sensitivity levels
  • Detailed threat reporting

5. credential-scanner 🆕

Scan text for exposed credentials including API keys, passwords, tokens, and SSH keys.

{
  "name": "credential-scanner",
  "arguments": {
    "text": "Text to scan for credentials",
    "mask_findings": true
  }
}

Features:

  • 50+ credential patterns (AWS, GitHub, Google, OpenAI, Stripe, JWT, SSH keys)
  • Automatic credential masking
  • Risk level assessment
  • Platform-specific detection (AWS, GitHub, Slack, databases)
  • Actionable security recommendations

6. url-security-validator 🆕

Validate URL safety for phishing, malware, and security issues.

{
  "name": "url-security-validator",
  "arguments": {
    "url": "URL to validate",
    "strict_mode": false
  }
}

Features:

  • 10+ security checks (protocol, TLD, IP address, homograph attacks)
  • Phishing domain detection
  • URL shortener identification
  • Suspicious parameter detection
  • HTTPS enforcement validation

Available Resources 🆕

Resources provide read-only security documentation and policies accessible via URI schemes.

Security Checklists

Access via security-checklist://[type]

  • security-checklist://database - Database operations checklist
  • security-checklist://email - Email operations checklist
  • security-checklist://slack - Chat/messaging operations checklist
  • security-checklist://file - File operations checklist
  • security-checklist://web - Web request checklist
  • security-checklist://general - General MCP operations checklist

Each checklist includes:

  • Pre-operation checks
  • During-operation guidelines
  • Post-operation verification
  • Red flags to abort operations

Security Policies

Access via security-policy://[type]

  • security-policy://data-classification - Data classification levels and handling requirements
  • security-policy://access-control - Access control principles and authentication requirements
  • security-policy://incident-response - Incident response procedures and severity levels

Available Prompts 🆕

Prompts provide reusable workflow templates for complex security operations.

1. security-review

Comprehensive security review workflow for code, data, or configuration.

{
  "name": "security-review",
  "arguments": {
    "target_type": "code|data|configuration",
    "context": "Additional context (optional)"
  }
}

Workflow:

  1. Credential scanning
  2. Prompt injection detection (if applicable)
  3. Security checklist consultation
  4. Policy compliance review
  5. Threat analysis
  6. Risk assessment and recommendations
  7. Summary table - Visual overview of all findings by severity

Summary Output Example:

📊 요약

| 심각도         | 개수  | 파일/위치                  |
|-------------|-----|------------------------|
| 🔴 CRITICAL | 1   | resources/handler.ts   |
| 🟠 HIGH     | 2   | textGuard.ts           |
| 🟡 MEDIUM   | 3   | prompts/handler.ts     |
| 🟢 LOW      | 5   | credentialScanner.ts   |

2. threat-analysis

Analyze potential security threats using STRIDE methodology.

{
  "name": "threat-analysis",
  "arguments": {
    "scenario": "Security scenario to analyze",
    "sensitivity_level": "public|internal|confidential|restricted"
  }
}

Framework:

  1. Asset identification
  2. STRIDE threat modeling (Spoofing, Tampering, Repudiation, Information Disclosure, DoS, Elevation of Privilege)
  3. Risk assessment (likelihood × impact)
  4. Attack vector analysis
  5. Control gap identification
  6. Mitigation strategies
  7. Compliance considerations
  8. Incident response planning
  9. Summary table - Visual overview of all threats by severity

Summary Output Example:

📊 요약

| 심각도         | 개수  | 위협 유형                           |
|-------------|-----|---------------------------------|
| 🔴 CRITICAL | 2   | Information Disclosure, Spoofing |
| 🟠 HIGH     | 1   | Elevation of Privilege           |
| 🟡 MEDIUM   | 3   | Tampering, DoS                   |
| 🟢 LOW      | 1   | Repudiation                      |

Security Features

🛡️ AI Agent Protection

  • MCP Interaction Safety: Contextual guidelines for different MCP types
  • Operation Validation: Specific precautions for read/write/execute operations
  • Data Sensitivity Handling: Protocols based on data classification levels

🔍 Content Analysis

  • Real-time Threat Detection: Analyze con

README truncated. View full README on GitHub.

Alternatives

GhidraMCP

GhidraMCP

LaurieWired
7.8k

MCP server for Ghidra reverse engineering. Enables AI assistants to decompile binaries, analyze functions, rename variab

CommunityPopular
362
HexStrike AI

HexStrike AI

0x4m4
7.3k

Advanced MCP server enabling AI agents to autonomously run 150+ security and penetration testing tools. Covers reconnais

CommunityPopular
282
Snyk Agent Scan

Snyk Agent Scan

Snyk
1.8k

Security scanner for AI agents, MCP servers, and agent skills. Automatically scan code for vulnerabilities, license issu

Official
224
Semgrep

Semgrep

semgrep
638

Semgrep is a leading code analysis tool that scans code for vulnerabilities, helping developers fix issues swiftly withi

OfficialRemote
1.3k9

Related Skills

Browse all skills
supabase-rls-policy-generator

This skill should be used when the user requests to generate, create, or add Row-Level Security (RLS) policies for Supabase databases in multi-tenant or role-based applications. It generates comprehensive RLS policies using auth.uid(), auth.jwt() claims, and role-based access patterns. Trigger terms include RLS, row level security, supabase security, generate policies, auth policies, multi-tenant security, role-based access, database security policies, supabase permissions, tenant isolation.

10
claims

Claims-based authorization for agents and operations. Grant, revoke, and verify permissions for secure multi-agent coordination. Use when: permission management, access control, secure operations, authorization checks. Skip when: open access, no security requirements, single-agent local work.

0
nestjs-expert

Nest.js framework expert specializing in module architecture, dependency injection, middleware, guards, interceptors, testing with Jest/Supertest, TypeORM/Mongoose integration, and Passport.js authentication. Use PROACTIVELY for any Nest.js application issues including architecture decisions, testing strategies, performance optimization, or debugging complex dependency injection problems. If a specialized expert is a better fit, I will recommend switching and stop.

19
software-security

A software security skill that integrates with Project CodeGuard to help AI coding agents write secure code and prevent common vulnerabilities. Use this skill when writing, reviewing, or modifying code to ensure secure-by-default practices are followed.

18
backend-security-coder

Expert in secure backend coding practices specializing in input validation, authentication, and API security. Use PROACTIVELY for backend security implementations or security code reviews.

17
firebase

Firebase gives you a complete backend in minutes - auth, database, storage, functions, hosting. But the ease of setup hides real complexity. Security rules are your last line of defense, and they're often wrong. Firestore queries are limited, and you learn this after you've designed your data model. This skill covers Firebase Authentication, Firestore, Realtime Database, Cloud Functions, Cloud Storage, and Firebase Hosting. Key insight: Firebase is optimized for read-heavy, denormalized data. I

16