MCP Action Firewall MCP Server

1

Add it to Claude Code

Run this in a terminal.

Run in terminal
claude mcp add mcp-action-firewall -- uvx mcp-action-firewall --help
README.md

A transparent proxy that intercepts high-risk tool calls with OTP approval.

πŸ”₯ MCP Action Firewall

Works with any MCP-compatible agent

A transparent MCP proxy that intercepts dangerous tool calls and requires OTP-based human approval before execution. Acts as a circuit breaker between your AI agent and any MCP server.

How It Works

β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”    stdin/stdout    β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”    stdin/stdout    β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
β”‚ AI Agent β”‚ ◄────────────────► β”‚   MCP Action     β”‚ ◄────────────────► β”‚ Target MCP Serverβ”‚
β”‚ (Claude) β”‚                    β”‚   Firewall       β”‚                    β”‚ (e.g. Stripe)    β”‚
β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜                    β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜                    β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                                        β”‚
                                   Policy Engine
                                  β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
                                  β”‚ Allow? Block? β”‚
                                  β”‚ Generate OTP  β”‚
                                  β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

MCP servers don't run like web servers β€” there's no background process on a port. Instead, your AI agent (Claude, Cursor, etc.) spawns the MCP server as a subprocess and talks to it over stdin/stdout. When the chat ends, the process dies.

The firewall inserts itself into that chain:

Without firewall:
  Claude ──spawns──► mcp-server-stripe

With firewall:
  Claude ──spawns──► mcp-action-firewall ──spawns──► mcp-server-stripe

So you just replace the server command in your MCP client config with the firewall, and tell the firewall what the original command was:

Before (direct):

{ "command": "uvx", "args": ["mcp-server-stripe", "--api-key", "sk_test_..."] }

After (wrapped with firewall):

{ "command": "uv", "args": ["run", "mcp-action-firewall", "--target", "mcp-server-stripe --api-key sk_test_..."] }

Then the firewall applies your security policy:

  1. βœ… Safe calls (e.g. get_balance) β†’ forwarded immediately
  2. πŸ›‘ Dangerous calls (e.g. delete_user) β†’ blocked, OTP generated
  3. πŸ”‘ Agent asks user for the code β†’ user replies β†’ agent calls firewall_confirm β†’ original action executes

Installation

pip install mcp-action-firewall
# or
uvx mcp-action-firewall --help

Quick Start β€” MCP Client Configuration

Add the firewall as a wrapper around any MCP server in your client config:

{
  "mcpServers": {
    "stripe": {
      "command": "uv",
      "args": ["run", "mcp-action-firewall", "--target", "mcp-server-stripe --api-key sk_test_abc123"]
    }
  }
}

That's it. Everything after --target is the full shell command to launch the real MCP server β€” including its own flags like --api-key. The firewall doesn't touch those args, it just spawns the target and sits in front of it.

More Examples

Claude Desktop with per-server rules 
{
  "mcpServers": {
    "stripe": {
      "command": "uv",
      "args": [
        "run", "mcp-action-firewall",
        "--target", "uvx mcp-server-stripe --api-key sk_test_...",
        "--name", "stripe"
      ]
    },
    "database": {
      "command": "uv",
      "args": [
        "run", "mcp-action-firewall",
        "--target", "uvx mcp-server-postgre

Tools (1)

firewall_confirmConfirms a pending high-risk action using an OTP code.

Configuration

claude_desktop_config.json
{"mcpServers": {"stripe": {"command": "uv", "args": ["run", "mcp-action-firewall", "--target", "mcp-server-stripe --api-key sk_test_abc123"]}}}

Try it

β†’Delete the user record for 'john_doe' using the stripe tool.
β†’Execute the 'delete_user' function on the database server.
β†’Confirm the pending action with the OTP code I received.

Frequently Asked Questions

What are the key features of MCP Action Firewall?

Transparent proxy for MCP servers. OTP-based human approval for high-risk tool calls. Acts as a circuit breaker between AI agents and target servers. Compatible with any MCP-compliant agent like Claude or Cursor.

What can I use MCP Action Firewall for?

Preventing accidental deletion of production database records. Adding a human-in-the-loop layer to sensitive financial API calls. Securing AI agents that have access to administrative or destructive tools.

How do I install MCP Action Firewall?

Install MCP Action Firewall by running: pip install mcp-action-firewall

What MCP clients work with MCP Action Firewall?

MCP Action Firewall works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep MCP Action Firewall docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.
Open Conare
View all ai-tools servers β†’

Related MCP Servers

Skill Seekers
The data layer for AI systems.
ai-tools11.1K stars
Context Mode
The other half of the context problem.
ai-tools5.6K stars
Semiotic
A React data visualization library designed for AI-assisted development.
ai-tools2.6K stars
RocketRide
Self-hosted, open-source AI pipeline platform for MCP tools
ai-tools1.6K stars
Context+
Semantic Intelligence for Large-Scale Engineering.
ai-tools1.5K stars
ShipSwift
AI-native SwiftUI component library β€” production-ready code for LLMs
ai-tools1.3K stars