- Make sure the version will not be include when search for the package in npm and git.

- Increase version
- Add more details for the pypi
- Add docs about the new scanner

Author: oroxenberg

README.md

@@ -1,15 +1,31 @@
-# MCP Gateway
 
-![Hugging Face Token Masking Example](docs/MCP_Flow.png)
+<div align="center">
+  <a href="https://pypi.org/project/mcp-gateway/">
+    <img src="https://img.shields.io/pypi/v/mcp-gateway.svg?color=blue" alt="PyPI version">
+  </a>
+  <a href="https://pypi.org/project/mcp-gateway/">
+    <img src="https://img.shields.io/pypi/pyversions/mcp-gateway.svg" alt="Python Versions">
+  </a>
+  <a href="./LICENSE">
+    <img src="https://img.shields.io/github/license/lasso-security/mcp-gateway" alt="License">
+  </a>
+  
+  # MCP Gateway
+
+</div>
+
+# Overview
+![](docs/MCP_Flow.png)
 
 MCP Gateway is an advanced intermediary solution for Model Context Protocol (MCP) servers that centralizes and enhances your AI infrastructure.
 
 MCP Gateway acts as an intermediary between LLMs and other MCP servers. It:
 
-1. Reads server configurations from a `mcp.json` file located in your root directory.
-2. Manages the lifecycle of configured MCP servers.
-3. Intercepts requests and responses to sanitize sensitive information.
-4. Provides a unified interface for discovering and interacting with all proxied MCPs.
+1. 📄 Reads server configurations from a `mcp.json` file located in your root directory.
+2. ⚙️ Manages the lifecycle of configured MCP servers.
+3. 🛡️ Intercepts requests and responses to sanitize sensitive information.
+4. 🔗 Provides a unified interface for discovering and interacting with all proxied MCPs.
+5. 🔒 **Security Scanner** - Analyzes server reputation and security risks before loading MCP servers.
 
 ## Installation
 
@@ -293,6 +309,7 @@ The Lasso guardrail checks content through Lasso's API for security violations b
 
 Read more on our website 👉 [Lasso Security](https://www.lasso.security/).
 
+
 ## Tracing
 
 ### Xetrack
@@ -398,6 +415,82 @@ D SELECT server_name,capability_name,path,content_text FROM db.events LIMIT 1;
 
 Of course you can use another MCP server to query the sqlite database 😊
 
+# Scanner
+
+The Security Scanner analyzes MCP servers for potential security risks before loading, providing an additional layer of protection through reputation analysis and tool description scanning.
+
+```bash
+mcp-gateway --scan -p basic
+```
+
+**Features:**
+- 🔍 **Reputation Analysis** - Evaluates server reputation using marketplace (Smithery, NPM) and GitHub data
+- 🛡️ **Tool Description Scanning** - Detects hidden instructions, sensitive file patterns, and malicious actions
+- ⚡ **Automatic Blocking** - Blocks risky MCPs based on reputation scores (threshold: 30) and security analysis
+- 📝 **Configuration Updates** - Automatically updates your MCP configuration file with scan results
+
+## Quickstart
+Initial configuration:
+```json
+{
+    "mcpServers": {
+        "mcp-gateway": {
+            "command": "mcp-gateway",
+            "args": [
+                "--mcp-json-path",
+                "~/.cursor/mcp.json",
+                "--scan"
+            ],
+            "servers": {
+                "filesystem": {
+                    "command": "npx",
+                    "args": [
+                        "-y",
+                        "@modelcontextprotocol/server-filesystem",
+                        "."
+                    ]
+                }
+            }
+        }
+    }
+}
+```
+After the first run, the scanner will analyze all configured MCP servers and add a `blocked` status to your configuration:
+```json
+{
+    "mcpServers": {
+        "mcp-gateway": {
+            "command": "mcp-gateway",
+            "args": [
+                "--mcp-json-path",
+                "~/.cursor/mcp.json",
+                "--scan"
+            ],
+            "servers": {
+                "filesystem": {
+                    "command": "npx",
+                    "args": [
+                        "-y",
+                        "@modelcontextprotocol/server-filesystem",
+                        "."
+                    ],
+                    "blocked": "passed"
+                }
+            }
+        }
+    }
+}
+```
+**Status Values:**
+- `"passed"` - Server passed all security checks and is safe to use
+- `"blocked"` - Server failed security checks and will be blocked from loading
+- `"skipped"` - Server scanning was skipped (manual override)
+- `null` - Server not yet scanned or previously blocked server now considered safe
+
+> **Note:** You can manually change a blocked server to `"skipped"` if you're confident it's safe.
+
+
+
 ## How It Works
 Your agent interacts directly with our MCP Gateway, which functions as a central router and management system. Each underlying MCP is individually wrapped and managed.
 
@@ -413,6 +506,9 @@ Key Features
 * Includes intelligent risk assessment with MCP risk scoring.
 * Delivers real-time status monitoring and performance metrics.
 
+**Security Scanner**
+* Analyzes MCP server reputation and tool descriptions for security risks before loading.
+
 **Advanced Tracking**
 * Maintains detailed logs of all requests and responses for each guardrail.
 * Offers cost evaluation tools for MCPs requiring paid tokens.

mcp_gateway/__init__.py

@@ -4,4 +4,4 @@
 This package provides functionality to manage and route requests to multiple MCP servers.
 """
 
-__version__ = "0.1.0"
+__version__ = "1.1.0"

mcp_gateway/security_scanner/config.py

@@ -6,16 +6,15 @@
 
 # Configure file logging
 LOG_DIR = Path(os.path.expanduser("~/.mcp-gateway"))
-LOG_DIR.mkdir(parents=True, exist_ok=True) # Ensure the directory exists
+LOG_DIR.mkdir(parents=True, exist_ok=True)  # Ensure the directory exists
 LOG_FILE = LOG_DIR / "scanner.log"
 
 file_handler = logging.FileHandler(LOG_FILE)
-formatter = logging.Formatter('%(asctime)s - %(name)s - %(levelname)s - %(message)s')
+formatter = logging.Formatter("%(asctime)s - %(name)s - %(levelname)s - %(message)s")
 file_handler.setFormatter(formatter)
 logger.addHandler(file_handler)
 
 
-
 class URLS:
     SMITHERY = "https://smithery.ai/server/{project_name}"
     GITHUB = "https://github.com/{owner}/{project_name}"
@@ -36,9 +35,9 @@ class Keys:
 
     # Smithery specific keys
     GITHUB_LINK = "github_link"
-    VERIFIED = "verified" # Used in both Smithery and GitHub Owner
+    VERIFIED = "verified"  # Used in both Smithery and GitHub Owner
     IS_VERIFIED = "is_verified"
-    LICENSE = "license" # Used in both Smithery and GitHub Repo
+    LICENSE = "license"  # Used in both Smithery and GitHub Repo
     MONTHLY_TOOL_USAGE = "monthly_tool_usage"
     RUNNING_LOCAL = "running_local"
     PUBLISHED_AT = "published_at"
@@ -57,39 +56,55 @@ class Keys:
     OWNER_TYPE = "owner_type"
     TYPE = "type"
     LOCATION = "location"
-    NAME = "name" # Also used for license fallback
+    NAME = "name"  # Also used for license fallback
     TWITTER_USERNAME = "twitter_username"
     LOGIN = "login"
-    
+
     # NPM Collector specific keys (some might overlap if semantics are identical)
     PACKAGE_NAME = "package_name"
+    ORIGINAL_PACKAGE_NAME = "original_package_name"  # Package name with version tag
+    VERSION_TAG = "version_tag"
     DESCRIPTION = "description"
     DOWNLOADS_LAST_MONTH = "downloads_last_month"
     NUM_VERSIONS = "num_versions"
     DAYS_SINCE_LAST_UPDATED = "days_since_last_updated"
-    DAYS_SINCE_CREATED = "days_since_created" # Specifically for NPM package creation delta in days
-    LICENSE_INFO = "license_info" # For the potentially complex license object from NPM
+    DAYS_SINCE_CREATED = (
+        "days_since_created"  # Specifically for NPM package creation delta in days
+    )
+    LICENSE_INFO = "license_info"  # For the potentially complex license object from NPM
     NUM_MAINTAINERS = "num_maintainers"
     MAINTAINERS_NAMES = "maintainers_names"
     HOMEPAGE_URL = "homepage_url"
     BUG_TRACKER_URL = "bug_tracker_url"
     KEYWORDS = "keywords"
-    ERROR = "error" # For error messages
+    ERROR = "error"  # For error messages
 
     # Score component keys used in ProjectAnalyzer
     OWNER_SCORE = "owner_score"
     REPO_SCORE = "repo_score"
-    PROJECT_SCORE = "project_score"    # Key for the main project score (e.g., NPM's combined score)
-    SOURCE_SCORE = "source_score"      # Key for a marketplace-specific data score component
+    PROJECT_SCORE = (
+        "project_score"  # Key for the main project score (e.g., NPM's combined score)
+    )
+    SOURCE_SCORE = "source_score"  # Key for a marketplace-specific data score component
     SMITHERY_SCORE = "smithery_score"  # Specific key for Smithery score, also used in the error fallback logic
 
     # Specific Values
     ORGANIZATION_OWNER_TYPE = "Organization"
 
 
 # License Constants
-PERMISSIVE_LICENSES = {'mit', 'apache-2.0', 'bsd-3-clause', 'isc'}
-
-TRUSTED_ORGANIZATION_NAMES = ['lasso-security', 'smithery-ai', 'aws', 'google', 'microsoft', 'apple', 'facebook', 'twitter', 'github', 'gitlab', 'bitbucket',
-                              ]
-
+PERMISSIVE_LICENSES = {"mit", "apache-2.0", "bsd-3-clause", "isc"}
+
+TRUSTED_ORGANIZATION_NAMES = [
+    "lasso-security",
+    "smithery-ai",
+    "aws",
+    "google",
+    "microsoft",
+    "apple",
+    "facebook",
+    "twitter",
+    "github",
+    "gitlab",
+    "bitbucket",
+]

mcp_gateway/security_scanner/npm_collector.py

@@ -28,10 +28,71 @@ def __init__(self, package_name: str) -> None:
         Args:
             package_name: The name of the npm package to collect data for.
         """
-        self.package_name: str = package_name.lower()
+        self.original_package_name: str = package_name
+        self.package_name: str = self._parse_package_name(package_name)
+        self.version_tag: Optional[str] = self._extract_version_tag(package_name)
         self._raw_data: Optional[Dict[str, Any]] = None
         self._download_stats: Optional[Dict[str, Any]] = None
 
+    def _parse_package_name(self, package_name: str) -> str:
+        """
+        Parses the package name to remove version tags.
+
+        Examples:
+            - "@upstash/context7-mcp@latest" -> "@upstash/context7-mcp"
+            - "express@4.18.2" -> "express"
+            - "@angular/core@16.0.0" -> "@angular/core"
+
+        Args:
+            package_name: The raw package name potentially with version tag
+
+        Returns:
+            The clean package name without version tag
+        """
+        package_name = package_name.strip()
+
+        # Handle scoped packages (e.g., @scope/package@version)
+        if package_name.startswith("@"):
+            # Find the last @ symbol, which should be the version separator
+            # We need to be careful because scoped packages already have one @
+            parts = package_name.split("@")
+            if len(parts) > 2:  # @scope/package@version has 3 parts when split by @
+                # Reconstruct without the version: @scope/package
+                return "@" + "@".join(parts[1:-1])
+            else:
+                # No version tag, return as-is
+                return package_name.lower()
+        else:
+            # Handle regular packages (e.g., package@version)
+            if "@" in package_name:
+                return package_name.split("@")[0].lower()
+            else:
+                return package_name.lower()
+
+    def _extract_version_tag(self, package_name: str) -> Optional[str]:
+        """
+        Extracts the version tag from a package name.
+
+        Args:
+            package_name: The raw package name potentially with version tag
+
+        Returns:
+            The version tag if present, None otherwise
+        """
+        package_name = package_name.strip()
+
+        # Handle scoped packages
+        if package_name.startswith("@"):
+            parts = package_name.split("@")
+            if len(parts) > 2:  # @scope/package@version
+                return parts[-1]  # Return the last part as version
+        else:
+            # Handle regular packages
+            if "@" in package_name:
+                return package_name.split("@")[-1]
+
+        return None
+
     def _fetch_json(self, url: str) -> Optional[Dict[str, Any]]:
         """
         Synchronously fetches JSON data from a given URL using requests.
@@ -240,6 +301,8 @@ def get_all_data(self) -> Dict[str, Any]:
 
         return {
             Keys.PACKAGE_NAME: self.package_name,
+            Keys.ORIGINAL_PACKAGE_NAME: self.original_package_name,
+            Keys.VERSION_TAG: self.version_tag,
             Keys.DESCRIPTION: self.description,
             Keys.GITHUB_LINK: self.github_url,
             Keys.DOWNLOADS_LAST_MONTH: self.downloads_last_month,

mcp_gateway/server.py

@@ -42,6 +42,7 @@
 )
 logger = logging.getLogger(__name__)
 
+
 class Server:
     """Manages the connection and interaction with a single proxied MCP server."""
 
@@ -66,15 +67,14 @@ def __init__(self, name: str, config: Dict[str, Any]):
         self._prompts: List[types.Prompt] = []
         logger.info(f"Initialized Proxied Server: {self.name}")
 
-    
     @property
     def blocked(self) -> Literal["blocked", "skipped", "passed", None]:
         return self.config.get("blocked")
-    
+
     @blocked.setter
     def blocked(self, value: Literal["blocked", "skipped", "passed", None]):
         self.config["blocked"] = value
-    
+
     @property
     def session(self) -> ClientSession:
         """Returns the active ClientSession, raising an error if not started."""
@@ -382,3 +382,16 @@ class GetewayContext:
     proxied_servers: Dict[str, Server] = field(default_factory=dict)
     plugin_manager: Optional[PluginManager] = None
     mcp_json_path: Optional[str] = None
+
+
+def main():
+    """Entry point for backward compatibility - delegates to gateway.main()"""
+    # Import here to avoid circular imports
+    from mcp_gateway.gateway import main as gateway_main
+
+    logger.info("Starting MCP Gateway server via legacy server.py entry point...")
+    gateway_main()
+
+
+if __name__ == "__main__":
+    main()

pyproject.toml

@@ -1,12 +1,28 @@
 [project]
 name = "mcp-gateway"
-version = "1.0.0"
+version = "1.1.0"
 description = "A gateway for MCP servers"
 readme = "README.md"
 requires-python = ">=3.10"
 license = "MIT"
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Intended Audience :: Developers",
+    "License :: OSI Approved :: MIT License",
+    "Programming Language :: Python :: 3",
+    "Programming Language :: Python :: 3.10",
+    "Programming Language :: Python :: 3.11",
+    "Programming Language :: Python :: 3.12",
+    "Programming Language :: Python :: 3.13",
+    "Operating System :: OS Independent",
+    "Topic :: Software Development :: Libraries :: Python Modules",
+    "Topic :: Internet :: WWW/HTTP :: HTTP Servers",
+    "Topic :: System :: Networking",
+]
 dependencies = [
+    "beautifulsoup4>=4.13.4",
     "mcp[cli]>=1.6.0",
+    "requests>=2.32.3",
 ]
 
 [project.optional-dependencies]