# key-guard A local MCP server that keeps API keys off Claude's servers. ## Why This Exists When Claude reads a file containing an API key, the raw key content gets sent to Claude's servers. key-guard prevents this by acting as a local middleman — Claude calls a tool, the tool reads the key and makes the API call locally, and only the result is returned to Claude.

风险评分

65/100 (Medium)

OpenClaw： suspicious
VirusTotal： benign
StaticScan： clean

# key-guard A local MCP server that keeps API keys off Claude's servers. ## Why This Exists When Claude reads a file containing an API key, the raw key content gets sent to Claude's servers. key-guard prevents this by acting as a local middleman — Claude calls a tool, the tool reads the key and makes the API call locally, and only the result is returned to Claude.

作者： Dominique Jeffrey Alamaro Maximilianus

Slug：key-guard

版本：1.0.1

更新时间：2026-03-24 13:40:48

风险信息

OpenClaw： suspicious

查看 OpenClaw 分析摘要（前 200 字预览）

The skill largely does what it claims (acts as a local MCP to avoid sending raw keys to Claude) but has several implementation and scope issues that could lead to accidental key leakage or misuse (arb...

[内容已截断]

VirusTotal： benign VT 报告

静态扫描： clean

No suspicious patterns detected.

README

README 未提供

文件列表

无文件信息

下载

下载官方 ZIP

原始 JSON 数据

{
    "latestVersion": {
        "_creationTime": 1773186706081,
        "_id": "k972brrjrk3k4fxdajhjqy6qv582nvsm",
        "changelog": "- Initial MCP server implementation added in key-guard.js for local security enforcement.\n- All API key management functions (including validation, API calls, safe file read\/write) are now handled via the MCP tool interface.\n- Ensures API keys are never exposed; all key-related access is routed through the local MCP server.\n- Protects sensitive files and scripts by masking keys and substituting only on the local server side.",
        "changelogSource": "user",
        "createdAt": 1773186706081,
        "version": "1.0.1"
    },
    "owner": {
        "_creationTime": 0,
        "_id": "publishers:missing",
        "displayName": "Dominique Jeffrey Alamaro Maximilianus",
        "handle": "domjeff",
        "image": "https:\/\/avatars.githubusercontent.com\/u\/50560333?v=4",
        "kind": "user",
        "linkedUserId": "kn79ywpenxj523rqh1bs7t92bx82kacv"
    },
    "ownerHandle": "domjeff",
    "skill": {
        "_creationTime": 1773047600246,
        "_id": "kd7ayasp6he6qfe3d0xt2kzpz582jvr1",
        "badges": [],
        "createdAt": 1773047600246,
        "displayName": "# key-guard  A local MCP server that keeps API keys off Claude's servers.  ## Why This Exists  When Claude reads a file containing an API key, the raw key content gets sent to Claude's servers. key-guard prevents this by acting as a local middleman — Claude calls a tool, the tool reads the key and makes the API call locally, and only the result is returned to Claude.",
        "latestVersionId": "k972brrjrk3k4fxdajhjqy6qv582nvsm",
        "ownerUserId": "kn79ywpenxj523rqh1bs7t92bx82kacv",
        "slug": "key-guard",
        "stats": {
            "comments": 0,
            "downloads": 392,
            "installsAllTime": 2,
            "installsCurrent": 2,
            "stars": 0,
            "versions": 2
        },
        "summary": "Security guardrail: prevents API keys from being sent to Claude. Triggers when user asks to call an external API, use a key, check credentials, read .env fil...",
        "tags": {
            "latest": "k972brrjrk3k4fxdajhjqy6qv582nvsm"
        },
        "updatedAt": 1774330848547
    }
}