Provides real-time risk assessment of coding prompts using Orcho’s analysis API to prevent unsafe code execution.
Configuration
View docs{
"mcpServers": {
"guardd-mcp_server": {
"command": "npx",
"args": [
"-y",
"@orcho_risk/mcp-server"
],
"env": {
"ORCHO_API_KEY": "YOUR_API_KEY_HERE"
}
}
}
}Orcho MCP Server analyzes your coding prompts in real time to identify potential security risks, dangerous operations, and safety concerns before code is generated or executed. It integrates with Cursor to provide automated risk assessment and context-aware analysis for safer coding sessions.
You use Orcho MCP Server by connecting it to Cursor so prompts are analyzed before you run or generate code. You can assess prompts manually from the Cursor chat or enable automatic risk assessment for all prompts. When enabled, Orcho gathers context such as the current file, other files that will be changed, and the project dependency graph to compute a blast radius and a risk score. The system will display a risk level and guidance before you proceed. You can then decide to continue, revise your prompt, or abort based on the risk feedback.
Prerequisites you need before installation: Node.js v18 or newer and npm installed on your system.
Option 1: One-Click Install (recommended) This flow automatically configures the MCP server in Cursor when you paste the install link into your browser. After setup, replace the test API key with your real key and restart Cursor to activate.
Option 2: Manual Installation Follow these steps to run the MCP server locally and wire it into Cursor.
Step 1: Install the MCP server package globally.
npm install -g @orcho_risk/mcp-serverStep 2: Configure Cursor to use the MCP server. Create or edit the MCP configuration file at your home directory. On macOS/Linux use the path ~/.cursor/mcp.json. On Windows use C:\Users\<YourUsername>\.cursor\mcp.json.
{
"mcpServers": {
"orcho": {
"command": "npx",
"args": ["-y", "@orcho_risk/mcp-server"],
"env": {
"ORCHO_API_KEY": "your-api-key-here"
}
}
}
}Step 3: Start Cursor to activate the MCP server. Restart Cursor after updating the configuration.
Get your API key from Orcho to enable production use. You need to place the key in your MCP configuration so the server can authenticate with Orcho.
Replace the placeholder with your actual API key in the configuration file.
Security note: store API keys only in ~/.cursor/mcp.json (not in project files), never commit keys to version control, and rotate keys if they become exposed.
For initial testing you can use a placeholder test key, but it has limited functionality and rate limits.
Manual assessment: In Cursor chat, type @orcho assess_risk: Your prompt here to get a risk assessment for a single prompt.
Automatic assessment: Enable a Cursor project rule to assess all prompts automatically. This provides continuous risk feedback during your workflow.
Modern project rules enable seamless, automatic risk assessment. You can place a rule file in your project that points to Orcho’s MCP server to evaluate prompts before execution.
Orcho gathers context when available to improve risk calculations: the current file, other files to be modified, and an optional dependency graph. It then computes a blast radius to estimate impact and prioritizes high-risk prompts.
MCP server not loading: ensure the MCP configuration file is in the correct location and that Cursor has been restarted after changes.
API errors: verify the API key is valid and that you have network access to reach Orcho’s services.
This server supports both manual and automatic risk assessments. Always restart Cursor after making changes to the MCP configuration.
Assess a given prompt for risk, returning a risk level and suggested mitigations.
Provide context about the current file, other files to be modified, and dependency graph to improve risk analysis.
Identify high-risk prompts and confirm whether execution should proceed.
Seamless integration with Cursor via the Model Context Protocol to enable automatic risk assessment.