@privacyscrubber/mcp-server
Zero-Trust Data Sanitization (ZTDS) Model Context Protocol (MCP) Server. Locally scrubs PII, secrets, credentials, and custom regex rules from files and text contexts before they reach remote LLM providers.
๐ Zero-Trust Data Flow
All sensitive parameters, identifiers, and variables are intercepted locally inside your machine's RAM. They are replaced by tokens (e.g. [EMAIL_1]) before being sent to the AI. Once the AI responds, the tokens are safely swapped back to original values in your local context.
[Raw Input / Files] โโ> [MCP sanitize_text] โโ> [Masked Tokens] โโ> [LLM API]
โ โ
(In-Memory Map) (Result)
โ โ
[Original Output] <โโโ [MCP reveal_text] <โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
๐ Installation
1. Install via Smithery
To automatically configure and run with your preferred client, install using Smithery:
npx -y @smithery/cli install @privacyscrubber/mcp-server --write-to-clients
2. Instant Run with NPX
Run the server directly without local installation:
npx -y @privacyscrubber/mcp-server
โ๏ธ Client Integrations
Claude Desktop
Add this to your Claude Desktop config file:
- macOS:
~/Library/Application Support/Claude/claude_desktop_config.json - Windows:
%APPDATA%\Claude\claude_desktop_config.json
{
"mcpServers": {
"privacyscrubber": {
"command": "npx",
"args": ["-y", "@privacyscrubber/mcp-server"],
"env": {
"PRIVACYSCRUBBER_KEY": "YOUR_OPTIONAL_PRO_LICENSE_KEY"
}
}
}
}
Cursor / Windsurf
- Navigate to Settings -> Features -> MCP.
- Add new MCP server:
- Name:
privacyscrubber - Type:
command - Command:
npx -y @privacyscrubber/mcp-server
- Name:
- Optional: Set
PRIVACYSCRUBBER_KEYas an environment variable in your system shell.
๐ ๏ธ Provided Tools & JSON-RPC Specifications
1. sanitize_text
Redacts PII, secrets, API keys, and credentials from a text block and populates the volatile local replacement mapping.
- Arguments:
text(string, required): The raw content or logs to sanitize.profile(string, optional): Gated industry detection profile (e.g., 'General', 'Dev', 'Medical', 'Legal', 'Compliance'). Defaults to 'General'.
- JSON-RPC Call Example:
{ "method": "tools/call", "params": { "name": "sanitize_text", "arguments": { "text": "Contact me at dev-key-1234 or jane.doe@company.com", "profile": "General" } } } - Response Example:
{ "content": [ { "type": "text", "text": "Contact me at [SECRET_1] or [EMAIL_1]" } ] }
2. reveal_text
Detokenizes the AI response back to the original values locally.
- Arguments:
text(string, required): The response from the LLM containing tokenized placeholders.
- JSON-RPC Call Example:
{ "method": "tools/call", "params": { "name": "reveal_text", "arguments": { "text": "Please reach out to [EMAIL_1] regarding the update." } } } - Response Example:
{ "content": [ { "type": "text", "text": "Please reach out to jane.doe@company.com regarding the update." } ] }
3. sanitize_file
Reads a local file, extracts text, sanitizes it, and returns the redacted template for LLM analysis.
- Supported Formats: Plain text (source code, logs, CSV, JSON, markdown) and Microsoft Word (
.docx) documents. - Arguments:
filePath(string, required): Absolute file path to read and sanitize.profile(string, optional): The industry detection profile.
๐ Browser Extension & Web Client
Looking for real-time protection directly inside your web browser?
- Chrome Extension: Get the PrivacyScrubber Chrome Extension to sanitize prompts directly inside ChatGPT, Claude, and Gemini in real-time.
- Web Sandbox: Use the zero-server browser sanitization tools at PrivacyScrubber Homepage.
๐ License & Commercial Upgrade
Standard use is free under the Free Tier (limits to the General PII profile). To unlock 22+ specialized industry profiles (DevOps, Medical, Legal, Finance) and custom regex rules, acquire a commercial license at privacyscrubber.com/pricing.