MCP / privacy proxy / open source

Your AI sees aliases.
Your secrets stay yours.

OpenMaskit is an MCP proxy that strips sensitive values from tool responses before they reach your AI agent — and puts them back when the agent calls home.

Install Read the source ↗

§ 01 / 03 Masking Sensitive values become stable aliases.

{
  "name": "auth-service-7f4b",
  "pod_ip": "10.42.18.247",
  "sa_token": "eyJhbGciOiJSUzI1NiIs..."
}

{
  "name": "pod_1",
  "pod_ip": "ip_1",
  "sa_token": "token_1"
}

§ 02 / 03 Guardrails Block dangerous tool calls before they reach upstream.

{
  "tool": "execute_sql",
  "args": {
    "query": "DROP TABLE users;"
  }
}

BLOCKED

reason: Destructive SQL blocked
matched: regex /DROP TABLE/i
by: guardrail #3

§ 03 / 03 Injections Silently add required arguments the agent shouldn't see.

{
  "tool": "send_message",
  "args": {
    "text": "Deploy complete"
  }
}

{
  "tool": "send_message",
  "args": {
    "text": "Deploy complete",
    "channel": "#bot-updates",+ injected
    "as_user": "deploy-bot"+ injected
  }
}

§ 01 The problem

Every MCP tool response your agent reads becomes part of its context window. Hostnames, tokens, customer emails, internal IPs — once they're in the prompt, they're somewhere: in transit, in logs, in someone else's training pipeline. The agent doesn't need the real values to do its job. It just needs something to refer to them by.

§ 02 How it fits in

CLIENT AI agent Claude · Cursor · Codex · …

mcp / http

PROXY OpenMaskit localhost · open source

stdio / http

UPSTREAM MCP server Slack · GitHub · Postgres · …

Drop OpenMaskit between your agent and the MCP servers it already talks to. Responses pass through; sensitive values are replaced with stable aliases on the way out, and swapped back to real values on the way in.

§ 03 Where it runs

Everything runs on your machine.

Masking happens locally. Aliases are computed locally. The audit log is local, encrypted at rest. Real values, masked values, tool-call payloads — none of it ever crosses the wire to us. Read the privacy policy →

§ 04 Try it

# requires Python 3.10+ (uvx fetches one if needed)
UV_INDEX_URL=https://test.pypi.org/simple/ \
UV_EXTRA_INDEX_URL=https://pypi.org/simple/ \
uvx --from openmaskit==0.1.0 openmaskit

Pre-release. OpenMaskit is currently published to TestPyPI while we finalize the first release; once 0.1.0 lands on PyPI proper this becomes uvx openmaskit. Don't have uv? curl -LsSf https://astral.sh/uv/install.sh | sh. Then open http://127.0.0.1:9473 — the README has the full reference.

§ 05 Enterprise

Running this across a team?

We're building a version of OpenMaskit for organizations — central policy, shared masking rules, audit retention, SSO, and support. The shape of it is still being drawn, and the earliest conversations carry the most weight. If that sounds like you, write to business@maskitmcp.com — tell us what you'd need it to do.

Your AI sees aliases. Your secrets stay yours.

Your AI sees aliases.
Your secrets stay yours.