One trusted place to get MCP servers and agent skills.
A vetted catalogue your teams pull from, served through one gateway, and watched at runtime. Not another list of what's banned.
Your agents' tools come from anywhere.
Pulled from anywhere
MCP servers and skills get added like npm packages: from repos, registries, and blog posts. Nobody checks the source.
Vetted once isn't vetted
A server that was clean at review can start serving malicious tool descriptions tomorrow. A static allowlist never sees it happen.
One in three
Snyk found prompt injections in 36% of the agent skills it analyzed. The supply chain is already compromised. Source
Vetting that doesn't stop at review.
Your team decides what enters the catalogue. The gateway serves it, and keeps checking every request after.
Vetted in
Your security team vets what enters the catalogue: who's behind a server, which tools it exposes, and what its descriptions actually say. Guardbase offers a curated starter set.
Served through one gateway
Employees paste one gateway URL into their agent and authorize once. Credentials are stored and rotated by Guardbase, not scattered across laptops.
Watched at runtime
Requests through the gateway are checked for prompt injections in tool descriptions. A poisoned response is blocked before it reaches the agent.
Expose the server, or just three of its tools.
For every MCP server in the catalogue, admins choose what each user or group gets: everything the server exposes, or a subset. The agent never sees the rest.
Nothing unvetted goes unnoticed.
The catalogue isn't a wishlist. It's connected to what actually runs on your endpoints.
Found
Agent Inventory spots an MCP server on an endpoint that isn't in the catalogue. It shows up as an open alert.
Decide
Route it through the gateway, or allowlist it for local use. Stdio servers included.
Resolved
The alert closes itself when the server is vetted into the catalogue or disappears from the endpoint.
A catalogue people actually use.
Self-serve
Browse the catalogue in the browser, request access or entirely new servers. No ticket to security.
Works like any MCP server
One URL, authorize once, done. The agent sees the tools as if it were connected directly.
No context bloat
Every exposed tool definition eats tokens from the agent's context window. Endpoints bundle just the servers a team needs under one URL, so the context stays available for actual work.
The catalogue is better with eyes on the fleet.
Trusted Tools deploys standalone. Paired with Agent Inventory, every unvetted server on an endpoint surfaces on its own.
Common questions.
Your security team. Guardbase provides a curated starter set to begin from, and employees can request new servers through the portal.
Who hosts and authors the server, which tools it exposes, and what its descriptions return, including screening for prompt injections. And because that can change after review, the gateway keeps checking at runtime.
Local servers can be allowlisted for use on the endpoint. Inline monitoring applies to traffic through the gateway.
The request is blocked inline, before the poisoned content reaches the agent.
MCP servers today. A skills registry is on the roadmap.
No. Trusted Tools deploys standalone. Pair it with Agent Inventory and the catalogue stays connected to what actually runs on your endpoints.
Give your teams a trusted source.
Book a demo and see the catalogue, the gateway, and a poisoned response getting blocked.