Tool Integrity
Tool integrity verification protects you from supply chain attacks where an MCP server’s tools change without your knowledge.
Quarantine
Section titled “Quarantine”When you install a new server, all its tools start in a quarantined state. The tools are blocked from execution until you review and approve them.
This means a newly installed server cannot do anything until you have seen its tool list and confirmed it looks right.
Reviewing tools
Section titled “Reviewing tools”On the MCP Hub page, quarantined servers show an amber indicator with the number of tools waiting for review. Click it to see each tool’s name, description, and schema.
For each tool, you can:
- Approve: the tool becomes available for governance (its mode is set by your ruleset)
- Reject: the tool stays blocked
Or click Approve All to approve every tool on the server at once.
Schema change detection
Section titled “Schema change detection”After initial approval, MCPFirewall monitors tool schemas for changes. If a server updates a tool’s name, description, or parameter schema, the change is flagged.
When a change is detected:
- The server card shows an amber dot
- A WebSocket event updates the dashboard in real time
- The Monitor tab shows a toast notification
You review the diff (old vs. new schema) and approve or reject the change. Rejected changes keep the tool blocked until the server reverts or you accept the update.
Why this matters
Section titled “Why this matters”An MCP server could be updated (intentionally or through a compromised package) to change what a tool does. A tool called “read_file” could be modified to also write files. Schema change detection catches this and gives you a chance to review before the altered tool is available to your AI.