Skip to content

feat: add ATR agent threat scanning MCP server#28

Open
eeee2345 wants to merge 2 commits intoFuzzingLabs:masterfrom
eeee2345:feat/atr-mcp-server
Open

feat: add ATR agent threat scanning MCP server#28
eeee2345 wants to merge 2 commits intoFuzzingLabs:masterfrom
eeee2345:feat/atr-mcp-server

Conversation

@eeee2345
Copy link
Copy Markdown

@eeee2345 eeee2345 commented Apr 9, 2026

Summary

Add an ATR (Agent Threat Rules) MCP server for regex-based AI agent threat detection. Unlike other servers in this hub that wrap external binaries, this server is pure Python with zero external tool dependencies.

Tools

Tool Description
atr_scan_text Scan arbitrary text against 20 ATR rules. Supports context-aware filtering (skill mode excludes high-FP rules).
atr_scan_mcp_config Scan a full MCP config JSON — extracts each server's command/args and scans for threats. Env var values are redacted to prevent credential-exposure false positives.
atr_list_rules List loaded rules with optional category filter.
atr_rule_info Get details for a specific rule by ID.

Threat categories covered (20 rules)

Prompt injection (3), jailbreak (2), system prompt override/extraction (2), tool poisoning (2), data exfiltration (2), reverse shell (1), credential exposure (1), privilege escalation (1), cross-agent manipulation (1), hidden instructions (1), social engineering (1), path traversal (1), code injection (1), encoded payload (1).

This is a curated subset of 20 high-precision rules from the ATR standard (108 rules total, MIT licensed).

Files

File Description
agent-security/atr-mcp/server.py MCP server implementation (4 tools)
agent-security/atr-mcp/rules.json 20 bundled ATR rules
agent-security/atr-mcp/Dockerfile Alpine-based, non-root, following project template
agent-security/atr-mcp/README.md Usage docs
agent-security/atr-mcp/requirements.txt mcp, pydantic (2 deps)
docker-compose.yml Added atr-mcp service
tests/test_mcp_servers.py Added test registration
examples/claude-desktop-config.json Added config example

Key design choices

  • Context-aware scanning: context="skill" excludes 4 high-FP rules for SKILL.md content
  • Deduplication: One finding per rule per scan (no duplicates)
  • Env var redaction: MCP config scanner redacts env values before scanning
  • Pure Python: No external binary, read_only: true Docker filesystem, 256M memory limit

Test plan

  • Server registers 4 tools via @app.list_tools()
  • Added to test_mcp_servers.py parametrized tests
  • Dockerfile builds successfully
  • CI validation

Panguard AI added 2 commits April 9, 2026 17:52
feat: add ATR agent threat scanning MCP server
8d90b7d 
Add atr-mcp server providing regex-based AI agent threat detection:
- atr_scan_text: Scan text against 20 ATR rules
- atr_scan_mcp_config: Scan full MCP config for threats
- atr_list_rules: List loaded detection rules
- atr_rule_info: Get rule details

Pure Python, no external binary dependencies, <5ms per scan.
Source: https://github.com/anthropics/agent-threat-rules (MIT)
fix: address review feedback — dedupe findings, fix Dockerfile, conte…
9b25580 
…xt-aware filtering

- Remove unused pydantic-settings dependency
- Add SKILL_CONTEXT_DENYLIST for context-aware rule filtering
- Skip credential scanning on env var values in MCP config scan
- Fix Dockerfile to match project template (EXPOSE, PYTHONUNBUFFERED, vendor label)
- Deduplicate findings by rule_id per scan
- Fix double-scanning in atr_scan_mcp_config
- Fix redundant exception handling
- Document 20-rule subset in README
- Fix README example output accuracy
- Fix README source URL with community attribution
- Remove context enum constraint for free-form string
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@eeee2345