CompanyHelixar Labs

Open-source tools from the team building AI security.

Helixar Labs publishes security frameworks, scanners, and detectors under open-source licences. Built in the open, for the teams securing AI at the frontier.

Helixar-AI on GitHubMIT Licensed · Community contributions welcome

About Labs

Research that ships.

Helixar Labs is where our security research becomes public artefacts. When we build internal tools to harden our own platform, we look for opportunities to open-source the ones that benefit the broader engineering community.

Every project here is actively maintained, MIT-licensed, and designed to be dropped into real workflows — not academic prototypes. We measure success by whether security practitioners actually use them.

Contributions, issue reports, and real-world feedback from production AI deployments are what keep these projects useful.

Public Projects

3 open-source projects

MCP Security Checklist

Framework
71MIT

The practitioner's security framework for production MCP deployments.

A community-maintained, structured set of security controls for teams deploying Model Context Protocol servers and AI agent infrastructure. Covering seven domains — from mTLS enforcement and prompt injection defence to runtime monitoring and executive risk briefs — it bridges the gap between rapid MCP adoption and available security guidance.

  • 7 security domains with actionable controls
  • Top 10 critical controls including mTLS, least-privilege scoping, and behavioural anomaly detection
  • Available in Markdown, JSON, YAML, and interactive web format
  • Designed for CI/CD pipeline integration and SOC-team review

Coverage

Authentication & AuthorisationInput Validation & Prompt InjectionTool & Resource ExposureAPI Session SecurityMonitoring & ObservabilityNetwork & InfrastructureExecutive Risk Summary

Output Formats

MarkdownJSONYAMLWeb
Markdown
InteractiveView on GitHub

Sentinel

Scanner
21MIT

Automated security scanning for MCP server infrastructure.

An open-source CLI scanner built to surface misconfigurations before attackers do. Sentinel runs 26 detection rules across three modules — static configuration analysis, live endpoint probing, and container inspection — delivering severity-rated findings with remediation guidance. Drop it into your CI/CD in under five minutes.

  • 26 detection rules across config, endpoint, and container modules
  • SARIF 2.1 output for native GitHub Code Scanning integration
  • Configurable fail thresholds per severity level (critical → low)
  • Available on PyPI: pip install helixar-sentinel

Coverage

Configuration Analysis (10 rules)Live Endpoint Assessment (8 rules)Container Inspection (8 rules)

Output Formats

CLIJSONSARIFHTML
Python
View on GitHub

Unpinched

DetectorNew
MIT

Instant point-in-time detection of PinchTab and agentic browser bridge artifacts.

When the PinchTab story broke, we built a fast-response triage tool that answers one question: is it running here? Unpinched scans for PinchTab HTTP API exposure on common ports, running bridge processes, unauthenticated Chrome DevTools Protocol endpoints, and known filesystem artifacts — across macOS, Linux, and Windows. A 30-second triage for incident responders and CI/CD security gates.

  • Port scanning for PinchTab HTTP API on ports 8080–8090, 3000, 4000, 9222, 9229
  • Process detection for pinchtab, pinchtab-server, and browser-bridge executables
  • Unauthenticated Chrome DevTools Protocol (CDP) exposure check on localhost:9222
  • Filesystem artifact search across macOS, Linux, and Windows path conventions

Coverage

Port & API ExposureProcess MonitoringCDP Bridge DetectionFilesystem Artifact Analysis

Output Formats

CLIJSON
Go
ResearchView on GitHub

Coming Up

More research on the way.

Kubernetes manifest scanning, continuous monitoring for MCP endpoints, and agent behavioural baselining toolkits are in active development.

Follow Helixar-AI

Get Involved

Built for practitioners, by practitioners.

These tools are shaped by real-world feedback from engineers operating AI agents and browser automation in production. If you have encountered an attack pattern, misconfiguration class, or gap in coverage not addressed here, open an issue or pull request.

Contribute to MCP Security ChecklistContribute to SentinelContribute to Unpinched

Disclaimers

No guarantee of coverage. Open-source security tools are provided as practitioner aids, not as comprehensive security solutions. The MCP Security Checklist, Sentinel scanner, and Unpinched detector address known patterns and artifacts at the time of release; they do not guarantee detection or prevention of all threats in all environments. PinchTab detection specifically addresses point-in-time artifact scanning and does not provide continuous monitoring. Security posture depends on deployment configuration, operational practices, and threat actor capability.

Point-in-time limitation (Unpinched). Unpinched performs a single-point-in-time scan. It will not detect PinchTab activity that begins after the scan completes, nor will it detect sophisticated deployments that remove artifacts between scan intervals. For continuous detection and alerting, Helixar’s commercial platform is required.

As-is licence. All projects published under Helixar Labs are distributed under the MIT Licence on an “as-is” basis, without warranties of any kind, express or implied. Use in production environments is at the operator’s own risk. Review the full licence terms in each repository before deployment.

Scope limitations. Helixar Labs projects explicitly exclude model weight security, privacy regulation compliance (GDPR, CCPA, HIPAA), and general cloud infrastructure hardening. They are specialist tools for specific domains and should be used as part of a broader security programme, not as a substitute for one.

Third-party trademarks. References to third-party platforms, tools, protocols (including Model Context Protocol, Chrome DevTools Protocol, and PinchTab), and standards are for technical context only. Helixar Limited is not affiliated with, endorsed by, or in any way officially connected with the authors or governing bodies of referenced standards or tools.

Not security advice. Content published by Helixar Labs — including checklists, documentation, and research — constitutes informational material and does not constitute professional security consulting, legal, or compliance advice. Engage qualified security professionals to assess your specific environment.

Need continuous coverage, not just a snapshot?

The open-source tools are the starting point. Helixar’s commercial platform provides continuous runtime detection, alerting, and enforcement — catching PinchTab, and everything like it, from day one.

Talk to the Team