Carapace MCP Server

1

Add it to Claude Code

Run this in a terminal.

Run in terminal
claude mcp add carapace -- npx @modelcontextprotocol/inspector node dist/index.js
README.md

Armor for your AI agent.

Carapace MCP Server

Armor for your AI agent.

Carapace is a local-first security system for autonomous AI agents. It plugs into any MCP-compatible agent (OpenClaw, Claude Code, Codex, and others) and provides security verification, goal anchoring, drift detection, action logging, and session grading — all running on your machine with zero cloud dependencies.

The Problem

Autonomous AI agents can take real actions: send emails, make purchases, delete files, browse the web. Two critical risks come with this power:

Prompt Injection - Malicious instructions hidden in emails, web pages, or documents trick your agent into executing actions you never authorized. CrowdStrike and Cisco have both published warnings about this happening to OpenClaw users.

Goal Drift - Your agent starts organizing your inbox, and three hours later it's browsing Reddit because it followed a chain of links and lost focus. No malice involved — just a lack of persistent grounding.

Carapace solves both.

How It Works

Carapace runs as an MCP server on your machine. Your agent connects to it and calls its tools before, during, and after taking actions.

Security Checkpoint - Before any sensitive action (spending money, sending messages, deleting files), the agent checks with Carapace. You set the rules ("never spend more than $50," "never message these people"). Carapace blocks anything that violates your rules.

Rotating Key Anti-Hijacking - Every 30 minutes, Carapace generates a cryptographic verification key using a secret that never enters the agent's context window. The real agent has the key. A prompt injection can't forge it. Like a bouncer checking wristbands at a venue.

Goal Anchoring - Every 15 minutes, Carapace re-reads your goals, priorities, and constraints to the agent. It detects when the agent wanders off-task and flags drift before it becomes a problem.

Session Grading - At the end of each session, Carapace grades the agent's performance against your configured goals. Scores across goal alignment, security compliance, and constraint adherence. Generates actionable insights that feed back into the next session, making your agent sharper over time.

Tools

Carapace exposes 5 tools via the Model Context Protocol:

Tool Purpose
carapace_verify Security checkpoint. Validates actions against your rules, returns pass/block verdict with rotating key.
carapace_anchor Goal journal. Returns your goals, priorities, and constraints. Detects drift by comparing agent activity against configured categories.
carapace_log Action logger. Records what the agent did, flags unverified sensitive actions.
carapace_status Security posture summary. Health status, action counts, key rotation timing, drift level.
carapace_review Session grader. Analyzes all actions against goals, produces a scorecard with grades, highlights, and improvement insights.

Install

git clone https://github.com/jdesl55/carapace-mcp.git
cd carapace-mcp
npm install
npm run build

On first run, Carapace creates ~/.carapace/ with your config, database, and security secret.

Add to OpenClaw

Add to your OpenClaw MCP config (~/.config/openclaw/mcp.json):

{
  "mcpServers": {
    "carapace": {
      "command": "node",
      "args": ["/path/to/carapace-mcp/dist/index.js"]
    }
  }
}

Test with MCP Inspector

npx @modelcontextprotocol/inspector node dist/index.js

Configuration

All configuration lives in ~/.carapace/config.json. Edit it by hand or use the Carapace Dashboard for a visual interface.

{
  "security": {
    "keyRotationMinutes": 30,
    "spendingLimits": {
      "perAction": 50,
      "daily": 200,
      "warnAbove": 20
    },
    "contacts": {
      "mode": "blocklist",
      "blocked": ["scammer@evil.com"]
    },
    "domains": {
      "mode": "blocklist",
      "blocked": []
    },
    "blockedActions": [],
    "customRules": []
  },
  "anchor": {
    "refreshIntervalMinutes": 15,
    "goals": ["Manage inbox and respond to important emails"],
    "priorities": [{ "rank": 1, "text": "Never spend money without confirmation" }],
    "constraints": ["Never share personal information with unknown contacts"],
    "goalCategories": ["email", "calendar", "productivity"]
  }
}

Architecture

┌─────────────────┐     ┌──────────────────────┐     ┌─────────────────┐
│   AI Agent      │────▶│  Carapace MCP Server  │────▶│  ~/.carapace/   │
│  (OpenClaw)     │◀────│  (local, stdio)       │◀────│  config.json    │
└─────────────────┘     └──────────────────────┘     │  logs.db        │
                                                      │  .secret        │
┌─────────────────┐                                   │  insights.md    │
│   Dashboard     │──────────────────────────────────▶│                 │
│  (localhost)

Tools (5)

carapace_verifySecurity checkpoint that validates actions against rules and returns a pass/block verdict with a rotating key.
carapace_anchorGoal journal that returns goals, priorities, and constraints while detecting drift by comparing activity.
carapace_logAction logger that records agent activity and flags unverified sensitive actions.
carapace_statusProvides a security posture summary including health, action counts, and drift levels.
carapace_reviewSession grader that analyzes actions against goals to produce a scorecard with insights.

Configuration

claude_desktop_config.json
{"mcpServers": {"carapace": {"command": "node", "args": ["/path/to/carapace-mcp/dist/index.js"]}}}

Try it

Check my current security status and see if there are any drift warnings.
Verify if my current plan to send this email violates any security rules.
Review my last session performance and provide a scorecard on my goal alignment.
Log my recent actions and check if any sensitive operations were flagged.

Frequently Asked Questions

What are the key features of Carapace?

Security verification for sensitive actions like spending money or deleting files. Rotating cryptographic keys to prevent prompt injection and hijacking. Goal anchoring to detect and prevent agent task drift. Action logging for auditability and security compliance. Session grading to provide performance insights and goal alignment scores.

What can I use Carapace for?

Preventing autonomous agents from exceeding spending limits on automated purchases. Ensuring agents stay focused on specific tasks like inbox management without getting distracted. Blocking unauthorized agents from accessing or messaging sensitive contacts. Auditing agent behavior after a long-running session to identify security gaps.

How do I install Carapace?

Install Carapace by running: git clone https://github.com/jdesl55/carapace-mcp.git && cd carapace-mcp && npm install && npm run build

What MCP clients work with Carapace?

Carapace works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep Carapace docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.
Open Conare
View all ai-tools servers →

Related MCP Servers

Skill Seekers
The data layer for AI systems.
ai-tools11.1K stars
Context Mode
The other half of the context problem.
ai-tools5.6K stars
Semiotic
A React data visualization library designed for AI-assisted development.
ai-tools2.6K stars
RocketRide
Self-hosted, open-source AI pipeline platform for MCP tools
ai-tools1.6K stars
Context+
Semantic Intelligence for Large-Scale Engineering.
ai-tools1.5K stars
ShipSwift
AI-native SwiftUI component library — production-ready code for LLMs
ai-tools1.3K stars