From 501046aa5a34fbb4ec87db19b61125b64390dd68 Mon Sep 17 00:00:00 2001
From: armorer-labs <armorer-labs@users.noreply.github.com>
Date: Tue, 19 May 2026 11:29:11 +0800
Subject: [PATCH] Document Armorer Guard MCP proxy

---
 CONFIG.md | 28 +++++++++++++++++++++++++++-
 README.md | 17 +++++++++++++++++
 2 files changed, 44 insertions(+), 1 deletion(-)

diff --git a/CONFIG.md b/CONFIG.md
index e54ec2b..3730f37 100644
--- a/CONFIG.md
+++ b/CONFIG.md
@@ -69,6 +69,32 @@ The configuration file can be placed in either:
 | `exclude_tools` | array | No | `[]` | Tool names to exclude |
 | `requires_confirmation` | array | No | `[]` | Tools requiring user confirmation |
 
+### Guarding Local MCP Servers
+
+To inspect stdio MCP tool calls before they reach a local server, wrap the
+server command with [Armorer Guard](https://github.com/ArmorerLabs/Armorer-Guard):
+
+```json
+{
+  "mcpServers": {
+    "filesystem": {
+      "command": "armorer-guard",
+      "args": [
+        "mcp-proxy",
+        "--",
+        "npx",
+        "-y",
+        "@modelcontextprotocol/server-filesystem",
+        "/tmp"
+      ]
+    }
+  }
+}
+```
+
+Armorer Guard runs locally and blocks unsafe `tools/call` arguments when it
+detects prompt injection, credentials, exfiltration risk, or dangerous actions.
+
 ## Example Configuration
 
 ```json
@@ -123,4 +149,4 @@ The configuration file supports comments with `//` syntax:
     "api_key": "your-openai-api-key"
   }
 }
-```
\ No newline at end of file
+```
diff --git a/README.md b/README.md
index a698fcf..f828efc 100644
--- a/README.md
+++ b/README.md
@@ -57,6 +57,23 @@ This act as alternative client beside Claude Desktop. Additionally you can use a
    - The config file can be placed in either `~/.llm/config.json` or `$PWD/.llm/config.json`
    - You can comment the JSON config file with `//` if you like to switch around the configuration
 
+   To run a local MCP server behind a security gate, wrap its command with
+   [Armorer Guard](https://github.com/ArmorerLabs/Armorer-Guard):
+   ```json
+   {
+     "mcpServers": {
+       "fetch": {
+         "command": "armorer-guard",
+         "args": ["mcp-proxy", "--", "uvx", "mcp-server-fetch"]
+       }
+     }
+   }
+   ```
+
+   The proxy inspects MCP tool-call arguments locally for prompt injection,
+   credential leakage, exfiltration risk, and dangerous actions before
+   forwarding safe calls.
+
 3. Run the CLI:
    ```bash
    llm "What is the capital city of North Sumatra?"