{"slug": "i-published-my-first-github-marketplace-action-aster-guard-mcp", "title": "I published my first GitHub Marketplace Action: Aster Guard MCP", "summary": "A developer published Aster Guard MCP, a lightweight, local-first security scanner for MCP and Claude Code configuration files, on the GitHub Marketplace. The tool statically scans configuration files for risk patterns such as exposed SSH keys, cloud credentials, and environment variables, providing a risk score, grade, and findings. It is designed as a pre-connection check to help developers assess the safety of MCP servers before integrating them into AI coding environments.", "body_md": "I just published my first GitHub Marketplace Action: **Aster Guard MCP**.\n\nMarketplace:\n\n[https://github.com/marketplace/actions/aster-guard-mcp](https://github.com/marketplace/actions/aster-guard-mcp)\n\nRepository:\n\n[https://github.com/Aster-Works/aster-guard](https://github.com/Aster-Works/aster-guard)\n\nIt is a lightweight, local-first security scanner for MCP and Claude Code configuration files.\n\nThe goal is intentionally small:\n\nBefore connecting an MCP server to your AI coding environment, check whether the configuration looks safe enough to trust.\n\nMCP is becoming a very practical way to connect AI coding tools to real developer systems.\n\nDepending on the MCP server, an AI agent may gain access to:\n\nThat is powerful. It is also a meaningful security boundary.\n\nFor example, a single `.mcp.json`\n\nentry can define a command to run, expose environment variables, grant filesystem access, or connect to a remote endpoint. Tool descriptions can also contain hidden instructions that shape how an agent behaves.\n\nSo I wanted a small check that runs before that connection happens.\n\nAster Guard statically scans MCP and Claude Code configuration files.\n\nThe important part is what it does **not** do:\n\nIt looks for risk patterns such as:\n\n`.ssh`\n\n, cloud credentials, and `.env`\n\nThe output includes a risk score, a grade, findings, and recommended next steps in English and Japanese.\n\nYou can run it without installing anything globally:\n\n```\nnpx -y @asterworks/aster-guard scan\n```\n\nOr scan a specific config file:\n\n```\nnpx -y @asterworks/aster-guard scan .mcp.json\n```\n\nNow that it is on GitHub Marketplace, you can add it to a workflow:\n\n```\n- uses: Aster-Works/aster-guard@v0.3.2\n  with:\n    path: .\n    fail-on: high\n```\n\nYou can also produce SARIF and upload the result to GitHub code scanning:\n\n```\n- uses: Aster-Works/aster-guard@v0.3.2\n  with:\n    path: .\n    fail-on: high\n    sarif: results.sarif\n\n- uses: github/codeql-action/upload-sarif@v3\n  if: always()\n  with:\n    sarif_file: results.sarif\n```\n\nAster Guard is not trying to be a full security platform.\n\nIt is not a runtime firewall, antivirus tool, SIEM, or complete supply-chain scanner. It is a narrow pre-connection check for MCP configuration risk.\n\nThat narrow scope is deliberate. I wanted something that individual developers and small teams can run quickly before trusting an unfamiliar MCP server.\n\nThis is still early, so the most useful feedback is practical:\n\nIf you are experimenting with MCP or Claude Code, I would love for you to try it on a real configuration and open an issue with anything confusing, noisy, or missing.\n\nLinks:", "url": "https://wpnews.pro/news/i-published-my-first-github-marketplace-action-aster-guard-mcp", "canonical_source": "https://dev.to/asterworks/i-published-my-first-github-marketplace-action-aster-guard-mcp-1d74", "published_at": "2026-06-19 07:14:19+00:00", "updated_at": "2026-06-19 07:30:28.835202+00:00", "lang": "en", "topics": ["developer-tools", "ai-safety", "ai-agents"], "entities": ["GitHub Marketplace", "Aster Guard MCP", "Claude Code", "MCP", "Aster-Works"], "alternates": {"html": "https://wpnews.pro/news/i-published-my-first-github-marketplace-action-aster-guard-mcp", "markdown": "https://wpnews.pro/news/i-published-my-first-github-marketplace-action-aster-guard-mcp.md", "text": "https://wpnews.pro/news/i-published-my-first-github-marketplace-action-aster-guard-mcp.txt", "jsonld": "https://wpnews.pro/news/i-published-my-first-github-marketplace-action-aster-guard-mcp.jsonld"}}