23 tools from the Mund MCP Server, categorised by risk level.
View the Mund policy →mund_acknowledge_alert Mark a security event/alert as acknowledged.
Args:
- event_id (string): ID of the event to acknowledge
- acknowledged_by (string): Optional na... mund_audit_mcp_permissions Analyze the permission scope and capabilities of an MCP server's tools. Identifies network access, filesystem operations, command execution, and ot... mund_check_typosquatting Check if an MCP server name is potentially typosquatting a known legitimate server. Compares against a list of official and common MCP servers. mund_check_url Check if a URL is safe to access.
Validates URLs against known dangerous patterns including:
- Data exfiltration services (webhook.site, requestbi... mund_get_events Retrieve recent security events from the Mund monitoring system.
Supports filtering and pagination for efficient event retrieval.
Args:
- limit... mund_get_status Get the current status of the Mund monitoring system.
Returns information about:
- Active analyzers and their status
- Number of rules loaded
- Co... mund_intel_status Get threat intelligence health status including source coverage, pattern counts by category, and MITRE ATT&CK technique coverage. mund_list_intel_sources List all configured threat intelligence sources with their status, update intervals, and pattern counts. mund_list_patterns Browse threat detection patterns by source, category, or enabled status. mund_list_rules List all configured detection rules.
Args:
- type: Optional filter by detection type
- enabled_only: Only show enabled rules (default: false)
... mund_scan_content Scan text or code content for security vulnerabilities, secrets, PII, and other issues.
This tool analyzes the provided content using multiple sec... mund_scan_mcp_server Scan an MCP server manifest (server.json) for security issues before installation. Detects prompt injection in tool descriptions, typosquatting, em... mund_threat_scan Scan content using threat intelligence patterns. Returns findings with MITRE ATT&CK technique mappings. mund_toggle_pattern Enable or disable a specific threat detection pattern. mund_validate_command Validate a shell command for safety before execution.
Checks for dangerous patterns including:
- Destructive commands (rm -rf, format, etc.)
- Pri... 2/5 mund_add_intel_source Add a custom threat intelligence feed. Supports URL, file, and API sources. 2/5 mund_add_rule Add a custom security detection rule.
Create custom rules to detect specific patterns in content. Rules use regular expressions
for pattern matchi... 2/5 mund_allowlist_pattern Add a pattern to the allowlist.
Allowlisted patterns will be ignored by detection rules.
Args:
- pattern (string): Pattern to allowlist
- typ... 2/5 mund_block_pattern Add a pattern to the blocklist.
Blocked patterns will always be flagged regardless of other rules.
Args:
- pattern (string): Pattern to block
... 2/5 mund_configure_notification Configure a notification channel for security alerts.
Note: Full configuration requires environment variables. This tool can update
webhook URLs a... 2/5 mund_update_threat_intel Pull latest threat patterns from configured intelligence feeds. Updates MITRE ATT&CK mappings and community blocklists. 2/5 The Mund MCP server exposes 23 tools across 3 categories: Read, Write, Destructive.
Use Intercept, the open-source MCP proxy. Write YAML rules for each tool — rate limits, argument validation, or deny rules — then run Intercept in front of the Mund server.
Mund tools are categorised as Read (15), Write (6), Destructive (2). Each category has a recommended default policy.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept