MCP-Dandan
MCP-Dandan is an integrated monitoring service that observes MCP (Model Context Protocol) communications and detects security threats in real time. It features a modern desktop UI built with Electron for easy monitoring and management.
mcp-dandan.mp4
- Real-time MCP Traffic Monitoring: Intercepts and analyzes MCP communications
- Multi-Engine Threat Detection:
- Command Injection Detection
- File System Exposure Detection
- PII Leak Detection
- Data Exfiltration Detection
- Tools Poisoning Detection (LLM-based)
- Desktop UI: Electron-based application with interactive dashboard
- Interactive Tutorial: Built-in tutorial system for new users
- Blocking Capabilities: Real-time threat blocking with user control
- Cross-Platform: Supports Windows, macOS, and Linux
# Install all dependencies (Python + Node.js)
npm run install-all# Start both server and desktop UI
npm run devThe server will start on http://127.0.0.1:8282 and the Electron desktop app will launch automatically.
Identifies potential command injection patterns in tool calls.
Monitors unauthorized file system access attempts.
Detects potential leakage of personally identifiable information.
Identifies suspicious data transfer patterns.
Uses semantic analysis to detect misuse of MCP tools:
- Compares tool specifications vs actual usage
- Scores alignment (0-100) with detailed breakdown
- Auto-categorizes severity: none/low/medium/high
Mistral_setting.mp4
Input your MISTRAL_API_KEY for Tool Poisoning Engine
- Real-time Dashboard: Monitor MCP traffic and threats in real time
- Interactive Tutorial: Learn how to use the system with step-by-step guides
- Blocking Interface: Review and control threat blocking actions
- Settings Panel: Configure detection engines and system behavior
- Chat Panel: Interact with the system and view logs