grade C

10 days ago

glama

Defense MCP

This is a Linux OS hardening tool. Take a fresh install and immediately harden the heck out of it using just your favourite LLM agent and natural language prompts. "Make my system secure" or "Do a full security audit of my system."

→ bottobot/defense-mcp-server · listed on glama

Install from

Glama

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

⚠️

Tool descriptions don’t match what handlers do

1 tool describes read intent but its handler mutates — dns_security (line 701: /^0\.0\.0\.0\s+(\S+)/.exec(line.trim()))

✅

No credential exfiltration, no sensitive file access, no obfuscation

Static analysis found nothing flowing your secrets to unexpected places.

✅

Open source with a license and README

Anyone can audit the code, the license is declared, and the publisher documents what it does.

🔐

You'll be asked for 1 credential: MCP_API_KEY

These are read from process.env at runtime. Make sure you trust where they’ll be sent.

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

configDEFENSE_MCP_ALLOWED_DIRS— "": "/tmp,/home,/var/log"

configDEFENSE_MCP_ALLOWED_TOOLS

configDEFENSE_MCP_AUTO_INSTALL— false node build/index.js

configDEFENSE_MCP_BACKUP_DIR

configDEFENSE_MCP_BACKUP_ENABLED— true Auto-backup before system changes

configDEFENSE_MCP_CHANGELOG_PATH

configDEFENSE_MCP_COMMAND_TIMEOUT

configDEFENSE_MCP_DRY_RUN— "": "true",

configDEFENSE_MCP_LOG_FILE

configDEFENSE_MCP_LOG_LEVEL— info Log verbosity (debug/info/warn/error)

configDEFENSE_MCP_LOG_MAX_FILES

configDEFENSE_MCP_LOG_MAX_SIZE

configDEFENSE_MCP_MAX_OUTPUT_SIZE

configDEFENSE_MCP_NETWORK_TIMEOUT

configDEFENSE_MCP_POLICY_DIR

configDEFENSE_MCP_PREFLIGHT— true Enable pre-flight dependency checks

configDEFENSE_MCP_PREFLIGHT_BANNERS— true Show pre-flight status in tool output

configDEFENSE_MCP_PROTECTED_PATHS

configDEFENSE_MCP_QUARANTINE_DIR

configDEFENSE_MCP_RATE_LIMIT_GLOBAL

configDEFENSE_MCP_RATE_LIMIT_PER_TOOL

configDEFENSE_MCP_RATE_LIMIT_WINDOW

configDEFENSE_MCP_READ_ONLY

configDEFENSE_MCP_REDACT_OUTPUT

configDEFENSE_MCP_REQUIRE_CONFIRMATION— true Require confirmation for destructive actions

configDEFENSE_MCP_RUNTIME_PATH_VERIFY

configDEFENSE_MCP_SUDO_TIMEOUT

configDEFENSE_MCP_THIRD_PARTY_INSTALL— Requires explicit =true to enable

configDEFENSE_MCP_TIMEOUT_DEFAULT

configDEFENSE_MCP_TIMEOUT_LYNIS

configDEFENSE_MCP_TIMEOUT_NMAP

configDISPLAY

configLOGNAME

🔐 secretMCP_API_KEY

configMCP_PORT— 3100 HTTP server port (when MCP_TRANSPORT=http)

configMCP_TRANSPORT— stdio Transport mode: stdio or http

configSSH_CONNECTION

configSSH_TTY

configSUDO_ASKPASS

configWAYLAND_DISPLAY

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 7 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/bottobot-defense-mcp-server-odpyzn)](https://m8ven.ai/mcp/bottobot-defense-mcp-server-odpyzn)

commit: fbd5e81cb100a2d32696433dde77509c667bd6f2

code hash: 7a48c2d60f09a8e4e075c9d2ac82c77015e7e723a0bcb25649c7ce2b30c24d4f

verified: 4/11/2026, 2:26:45 PM

view raw JSON →