New Research: Supply Chain Attack on Axios Pulls Malicious Dependency from npm.Details
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@dotsetlabs/overwatch

Package Overview
Dependencies
Maintainers
1
Versions
1
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@dotsetlabs/overwatch

Runtime security for AI-augmented development - MCP proxy, shell guardian, and audit logging

latest
Source
npmnpm
Version
0.1.0
Version published
Maintainers
1
Created
Source

Overwatch

The AI Agent Firewall

Runtime security proxy for MCP (Model Context Protocol). Overwatch protects AI development environments by detecting tool impersonation attacks and enforcing policy-based access control.

The Threat: Tool Shadowing

MCP is the standard protocol for AI agent tool access. While basic RBAC controls who can access tools, it doesn't verify what the tool actually is. This creates a critical attack surface:

  • Tool Shadowing (CVE-2025-6514): Malicious MCP servers impersonate legitimate tools (e.g., a fake postgres tool that exfiltrates queries)
  • Schema Mutation: Tools change behavior mid-session after initial trust is established
  • Name Collisions: Multiple servers expose tools with identical names but different implementations

Traditional firewalls don't monitor MCP traffic. Overwatch is the AI Agent Firewall.

Installation

npm install -g @dotsetlabs/overwatch

Core Features

1. Tool Shadowing Detection (FLAGSHIP)

Cryptographic verification that tools are what they claim to be.

DetectionSeverityDescription
Name CollisionCriticalSame tool name from multiple servers with different schemas
Schema MutationCriticalTool definition changed mid-session
Suspicious DescriptionHighTool description contains injection patterns
Hash VerificationHighTool schema hash doesn't match baseline

Tool Shadowing detection is enabled by default with no configuration required.

2. Policy-Based Access Control

Declarative policies for human-in-the-loop control without approval fatigue.

ApprovalEffect
[y]Allow once
[n]Deny
[5]Allow for 5 minutes
[s]Allow for session

3. Audit Logging

Complete audit trail of all MCP tool calls with export support for SIEM integration.

Usage

MCP Security Proxy

# Wrap any MCP server with policy enforcement
overwatch wrap npx @modelcontextprotocol/server-postgres

# Wrap with strict policy
overwatch wrap --policy strict npx @modelcontextprotocol/server-filesystem

Initialize & Diagnose

# Create overwatch.yaml config
overwatch init

# Check configuration
overwatch doctor

Audit Logs

# View recent activity
overwatch logs

# Tail logs in real-time
overwatch logs --tail

# Export for SIEM
overwatch logs --format cef > audit.cef

How Tool Shadowing Detection Works

               ┌─────────────────────────────┐
               │     Tool Shadowing          │
               │     Detector                │
               │ ┌─────────────────────────┐ │
AI Client ───▶│ │ • Hash tool schemas     │ │───▶ MCP Server
               │ │ • Detect collisions     │ │
               │ │ • Monitor mutations     │ │
               │ │ • Flag suspicious desc  │ │
               │ └─────────────────────────┘ │
               └─────────────────────────────┘

Configuration

# overwatch.yaml
servers:
  postgres:
    command: npx @modelcontextprotocol/server-postgres
    policies:
      - tools: ["query", "execute"]
        action: prompt

      - tools: ["*"]
        paths:
          deny: ["/etc/**", "~/.ssh/**"]

defaults:
  action: prompt

audit:
  enabled: true
  path: ~/.overwatch/audit.log
  format: json

Claude Desktop Integration

{
  "mcpServers": {
    "postgres": {
      "command": "overwatch",
      "args": ["wrap", "npx", "@modelcontextprotocol/server-postgres"]
    }
  }
}

CLI Commands

CommandDescription
overwatch wrap <cmd>Wrap an MCP server with security proxy
overwatch startStart proxy with config file
overwatch initCreate default configuration
overwatch doctorDiagnose configuration issues
overwatch logsView audit logs
overwatch statsView usage statistics
overwatch sessionsManage active sessions
overwatch policiesView configured policies

Why Overwatch?

What Overwatch DoesWhat Other Tools Do
Proxies MCP protocol trafficUnaware of MCP
Detects tool shadowing attacksNo tool verification
Policy at protocol layerApplication-level only
Session-based approvalsAll-or-nothing access

Part of Dotset Labs

Overwatch focuses on runtime protection of AI tool operations. For static analysis of AI config files, see Hardpoint.

SCAN (Hardpoint)  →  CONTROL (Overwatch)
Defend against       Stop Tool Shadowing
Rules File Backdoor  and Rogue Agents

License

MIT

Keywords

mcp
security
ai
proxy
shell
audit

FAQs

Package last updated on 10 Jan 2026

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Socket Named Top Sales Organization by RepVue

Company News

Socket Named Top Sales Organization by RepVue

Socket won two 2026 Reppy Awards from RepVue, ranking in the top 5% of all sales orgs. AE Alexandra Lister shares what it's like to grow a sales career here.

By Sarah Gooding  -  Apr 17, 2026
Socket Selected for OpenAI's Cybersecurity Grant Program

Company News

/

Security News

Socket Selected for OpenAI's Cybersecurity Grant Program

Socket is an initial recipient of OpenAI's Cybersecurity Grant Program, which commits $10M in API credits to defenders securing open source software.

By Sarah Gooding  -  Apr 16, 2026