MCP-Dandan

Name: MCP-Dandan
Rating: 2.3 (63 reviews)
Author: 82ch

by 82ch·★ 63·Score 45

MCP-Dandan is a security monitoring framework that intercepts and analyzes MCP communications in real-time to detect malicious behavior.

securityai-llmmonitoring

Forks

Open issues

5 mo ago

Last commit

2d ago

Indexed

Overview

MCP-Dandan is an integrated security solution designed to monitor MCP (Model Context Protocol) communications and detect security threats in real-time. It features a modern Electron-based desktop UI that provides an interactive dashboard for monitoring MCP traffic, analyzing threats, and controlling blocking actions. The framework includes multiple detection engines: command injection detection, file system exposure detection, PII leak detection, data exfiltration detection, and tools poisoning detection using LLM-based semantic analysis. The system supports cross-platform operation on Windows, macOS, and Linux, with customizable detection rules and a user-friendly interface for managing security alerts.

Try asking AI

After installing, here are 5 things you can ask your AI assistant:

you:Security monitoring for AI applications using MCP protocol

you:Detection of malicious tool calls and data exfiltration attempts

you:Real-time protection against command injection in agentic systems

you:What security threats does MCP-Dandan detect?

you:How do I configure the Tools Poisoning Engine?

When to choose this

Teams implementing MCP-based AI systems that require security monitoring, particularly those concerned about malicious tool usage or data exfiltration.

When NOT to choose this

Users needing a simple MCP integration without security features, or those who cannot accept the dual Python/Node.js dependency requirement.

Tools this server exposes

5 tools extracted from the README

detect_command_injection
Detects potential command injection patterns in tool calls
detect_file_system_exposure
Monitors unauthorized file system access attempts
detect_pii_leak
Detects potential PII leakage with built-in and custom rules
detect_data_exfiltration
Identifies suspicious data transfer patterns
analyze_tool_poisoning
Scores tool usage alignment with specifications to detect poisoning

Note: Tool names inferred from detection engine descriptions, as no explicit tool documentation was provided

Comparable tools

mcp-security-monitorai-threat-detectormcp-guardianllm-security-proxy

Installation

# Clone the repository
git clone https://github.com/82ch/MCP-Dandan.git
cd MCP-Dandan

# Install all dependencies (Python + Node.js)
npm run install-all

Running the Application

# Start both server and desktop UI
npm run dev

The server will start on http://127.0.0.1:8282 and the Electron desktop app will launch automatically.

Claude Desktop Configuration

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "mcp-dandan": {
      "command": "python",
      "args": ["path/to/mcp-dandan/server.py"]
    }
  }
}

FAQ

What security threats does MCP-Dandan detect?: MCP-Dandan detects multiple types of threats including command injection attempts, file system exposure, PII leaks, data exfiltration, and tools poisoning using LLM-based semantic analysis.
How do I configure the Tools Poisoning Engine?: To enable the Tools Poisoning Engine, you need to input your MISTRAL_API_KEY in the settings panel. This allows the system to compare tool specifications against actual usage and detect potential tool misuse.

Compare MCP-Dandan with

MCP-Dandan vs ultimate_mcp_server MCP-Dandan vs mcp-server-chart MCP-Dandan vs everything MCP-Dandan vs memory MCP-Dandan vs fetch

GitHub →

Last updated 2026-05-17 · Auto-generated from public README + GitHub signals.