I published my first GitHub Marketplace Action: Aster Guard MCP

A developer published Aster Guard MCP, a lightweight, local-first security scanner for MCP and Claude Code configuration files, on the GitHub Marketplace. The tool statically scans configuration files for risk patterns such as exposed SSH keys, cloud credentials, and environment variables, providing a risk score, grade, and findings. It is designed as a pre-connection check to help developers assess the safety of MCP servers before integrating them into AI coding environments.

I just published my first GitHub Marketplace Action: Aster Guard MCP . Marketplace: https://github.com/marketplace/actions/aster-guard-mcp https://github.com/marketplace/actions/aster-guard-mcp Repository: https://github.com/Aster-Works/aster-guard https://github.com/Aster-Works/aster-guard It is a lightweight, local-first security scanner for MCP and Claude Code configuration files. The goal is intentionally small: Before connecting an MCP server to your AI coding environment, check whether the configuration looks safe enough to trust. MCP is becoming a very practical way to connect AI coding tools to real developer systems. Depending on the MCP server, an AI agent may gain access to: That is powerful. It is also a meaningful security boundary. For example, a single .mcp.json entry can define a command to run, expose environment variables, grant filesystem access, or connect to a remote endpoint. Tool descriptions can also contain hidden instructions that shape how an agent behaves. So I wanted a small check that runs before that connection happens. Aster Guard statically scans MCP and Claude Code configuration files. The important part is what it does not do: It looks for risk patterns such as: .ssh , cloud credentials, and .env The output includes a risk score, a grade, findings, and recommended next steps in English and Japanese. You can run it without installing anything globally: npx -y @asterworks/aster-guard scan Or scan a specific config file: npx -y @asterworks/aster-guard scan .mcp.json Now that it is on GitHub Marketplace, you can add it to a workflow: - uses: Aster-Works/aster-guard@v0.3.2 with: path: . fail-on: high You can also produce SARIF and upload the result to GitHub code scanning: - uses: Aster-Works/aster-guard@v0.3.2 with: path: . fail-on: high sarif: results.sarif - uses: github/codeql-action/upload-sarif@v3 if: always with: sarif file: results.sarif Aster Guard is not trying to be a full security platform. It is not a runtime firewall, antivirus tool, SIEM, or complete supply-chain scanner. It is a narrow pre-connection check for MCP configuration risk. That narrow scope is deliberate. I wanted something that individual developers and small teams can run quickly before trusting an unfamiliar MCP server. This is still early, so the most useful feedback is practical: If you are experimenting with MCP or Claude Code, I would love for you to try it on a real configuration and open an issue with anything confusing, noisy, or missing. Links: