Aster Guard MCP scans AI config files for security risks before connection
Aster Works published Aster Guard MCP, a lightweight static scanner for MCP and Claude Code configuration files that checks for security risks before an AI agent connects to a server.
Score breakdown
MCP configurations can grant AI agents broad access to local files, shell commands, databases, and external APIs, and Aster Guard provides a static pre-connection check for those risks without requiring server execution or external calls.
- 01Aster Guard MCP is now available on the GitHub Marketplace as a GitHub Action.
- 02It statically scans MCP and Claude Code configuration files before a server connection is made.
- 03Detected risk patterns include hidden agent instructions, hardcoded secrets, sensitive file paths, dangerous shell commands, tool-name shadowing, and unknown remote endpoints.
Aster Works published Aster Guard MCP (`@asterworks/aster-guard`) to the GitHub Marketplace as a narrow, pre-connection security scanner for MCP and Claude Code configuration files. The motivation is the expanding attack surface that MCP introduces: a single `.mcp.json` entry can grant an AI agent access to local files, shell commands, browsers, databases, SaaS APIs, and internal developer tools, and tool descriptions can embed hidden instructions that shape agent behavior.
The scanner performs static analysis only — it does not start MCP servers, execute scanned commands, send telemetry, or call external APIs during normal scans, and it redacts secrets in output.
The scanner performs static analysis only — it does not start MCP servers, execute scanned commands, send telemetry, or call external APIs during normal scans, and it redacts secrets in output. It detects risk patterns including hidden agent instructions, hardcoded secrets, sensitive file paths (`.ssh`, cloud credentials, `.env`), shell execution and dangerous install commands, destructive commands, overbroad filesystem access, unknown remote MCP endpoints, tool-name shadowing, and obfuscated command patterns. Output includes a risk score, a grade, findings, and recommended next steps in both English and Japanese.
Developers can run it without a global install via `npx -y @asterworks/aster-guard scan` or target a specific file with `npx -y @asterworks/aster-guard scan .mcp.json`. The GitHub Action (`Aster-Works/aster-guard@v0.3.2`) supports a `fail-on: high` threshold and SARIF output that can be uploaded to GitHub code scanning via `github/codeql-action/upload-sarif@v3`. Aster Works explicitly scopes the tool as a pre-connection configuration check rather than a runtime firewall, antivirus, SIEM, or full supply-chain scanner, and is seeking feedback on finding clarity, detection coverage, and CI usefulness.
Key facts
- 01Aster Guard MCP is now available on the GitHub Marketplace as a GitHub Action.
- 02It statically scans MCP and Claude Code configuration files before a server connection is made.
- 03Detected risk patterns include hidden agent instructions, hardcoded secrets, sensitive file paths, dangerous shell commands, tool-name shadowing, and unknown remote endpoints.
- 04The scanner does not execute scanned commands, start MCP servers, send telemetry, or call external APIs during normal scans.
- 05Output includes a risk score, a grade, findings, and recommended next steps in English and Japanese.
- 06SARIF output is supported for upload to GitHub code scanning via `github/codeql-action/upload-sarif@v3`.
- 07Can be run without a global install using `npx -y @asterworks/aster-guard scan`; the GitHub Action is `Aster-Works/aster-guard@v0.3.2`.
Topics
Summary and scoring are generated automatically from the original article. We always link back to the publisher and never republish images or paywalled content. Last processed Jun 19, 2026 · 10:25 UTC. How this works →