protect-mcp-setup
Cedar policy enforcement and Ed25519 signed receipts gating every Claude Code tool call.
๐ก๏ธ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for protect-mcp-setup, derived from its capabilities.
AIVSS 5.9 ยท Medium
View MAESTRO 7-layer threat model โOverview
An Agent Skill that configures cryptographic governance for Claude Code tool calls. Every Bash/Edit/Write/WebFetch invocation is evaluated against an AWS Cedar policy before execution and produces an Ed25519-signed, hash-chained receipt verifiable offline. It runs bundled scripts to install runtime hooks and set up policy files โ a security-critical skill that itself governs agent tool execution.
Key features
- Cedar policy-gated tool execution
- Ed25519 signed, hash-chained receipts
- Offline-verifiable audit trail
Use cases
- Compliance-ready agent audit trails
- Policy-gating dangerous tool calls