Security MCP Servers

Manage secrets and environment variables via Doppler. List projects, audit secrets, and track activity logs from any AI agent.

Block spam submissions on your forms and comments with an AI-powered filter that catches bots without annoying real users.

Hash and verify passwords with the industry-standard bcrypt algorithm. Two tools in one: hash with configurable salt rounds, and verify against stored hashes. Pure JS. Zero compilation.

Sign API requests and Webhooks deterministically. Instantly generate mathematical HMAC, SHA-256, or MD5 hashes without AI hallucinations.

Generate cryptographically secure random strings for API keys, tokens, and invite codes using Node.js crypto.randomBytes().

The ultimate anti-bot CAPTCHA API. Validate users, detect bots, and protect your forms with Geetest v4.

Manage 4399 Open Platform game distribution. Validate logins, query orders, and handle leaderboards directly from any AI agent.

Manage Oppo Game Open Platform distribution. Validate logins, query orders, and report game data directly from any AI agent.

Manage Vivo Game Open Platform distribution. Validate logins, query orders, and report game data directly from any AI agent.

An AI agent committed a Stripe API key to git, built SQL queries with string concatenation, and deployed an admin endpoint with no authentication. All in 4 minutes. The key was scraped from GitHub within 90 seconds. This tool forces input sanitization validation, secret management auditing, authentication enforcement, injection prevention, and dependency supply chain checks against OWASP Top 10.

LLMs cannot distinguish system instructions from user input. This tool forces 5-layer injection defense analysis: intent isolation, privilege containment, indirect vector scanning, output sanitization, and scope enforcement. OWASP LLM Top 10 #1 compliance.