53% of MCP servers store API keys as plaintext in config files.
They get committed to git, shared across machines, exposed in breaches.
MCPGuard is a local-first CLI that:
- Scans your MCP configs for plaintext credentials
- Migrates them to your OS keychain (macOS/Linux/Windows)
- Replaces values with mcpguard:// references
- Injects credentials at runtime — never on disk
One command to audit, one to migrate. No cloud, no account, free and open source.
