Document Armorer Guard MCP proxy

CONFIG.md

@@ -69,6 +69,32 @@ The configuration file can be placed in either:
 | `exclude_tools` | array | No | `[]` | Tool names to exclude |
 | `requires_confirmation` | array | No | `[]` | Tools requiring user confirmation |
 
+### Guarding Local MCP Servers
+
+To inspect stdio MCP tool calls before they reach a local server, wrap the
+server command with [Armorer Guard](https://github.com/ArmorerLabs/Armorer-Guard):
+
+```json
+{
+  "mcpServers": {
+    "filesystem": {
+      "command": "armorer-guard",
+      "args": [
+        "mcp-proxy",
+        "--",
+        "npx",
+        "-y",
+        "@modelcontextprotocol/server-filesystem",
+        "/tmp"
+      ]
+    }
+  }
+}
+```
+
+Armorer Guard runs locally and blocks unsafe `tools/call` arguments when it
+detects prompt injection, credentials, exfiltration risk, or dangerous actions.
+
 ## Example Configuration
 
 ```json
@@ -123,4 +149,4 @@ The configuration file supports comments with `//` syntax:
     "api_key": "your-openai-api-key"
   }
 }
-```
+```

README.md

@@ -57,6 +57,23 @@ This act as alternative client beside Claude Desktop. Additionally you can use a
    - The config file can be placed in either `~/.llm/config.json` or `$PWD/.llm/config.json`
    - You can comment the JSON config file with `//` if you like to switch around the configuration
 
+   To run a local MCP server behind a security gate, wrap its command with
+   [Armorer Guard](https://github.com/ArmorerLabs/Armorer-Guard):
+   ```json
+   {
+     "mcpServers": {
+       "fetch": {
+         "command": "armorer-guard",
+         "args": ["mcp-proxy", "--", "uvx", "mcp-server-fetch"]
+       }
+     }
+   }
+   ```
+
+   The proxy inspects MCP tool-call arguments locally for prompt injection,
+   credential leakage, exfiltration risk, and dangerous actions before
+   forwarding safe calls.
+
 3. Run the CLI:
    ```bash
    llm "What is the capital city of North Sumatra?"