MCP.so
Sign In
E

EnigmAgent MCP

@Agnuxo1

About EnigmAgent MCP

AES-256-GCM + Argon2id encrypted local vault for AI agent credentials. Store API keys, tokens, and passwords safely. Reference them as {{PLACEHOLDER}} in any AI workflow — LangChain, CrewAI, AutoGen, n8n, and 40+ frameworks.

Basic information

Config

Add this server to your MCP-compatible client using the configuration below.

{
  "mcpServers": {
    "enigmagent": {
      "command": "npx",
      "args": [
        "-y",
        "enigmagent-mcp"
      ]
    }
  }
}

Tools

No tools detected

We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.

Overview

What is EnigmAgent MCP?

EnigmAgent MCP is a browser extension that acts as a credential vault for AI agents. It intercepts form submissions containing placeholders like {{GITHUB_TOKEN}} and replaces them with real secrets, keeping the actual values hidden from the agent’s context window, logs, or training data. It is designed for anyone who uses AI agents (Claude, ChatGPT, Cursor, browser automation) to perform tasks that require credentials.

How to use EnigmAgent MCP?

Install the extension by loading the unpacked extension/ folder in Chrome, Edge, or Firefox. Open the vault, create a new vault with a strong password, and add secrets using the add SECRET_NAME @domain value command in the chat. Instruct your AI agent to type placeholders like {{SECRET_NAME}} in form fields and submit; EnigmAgent resolves and injects the real credentials automatically.

Key features of EnigmAgent MCP

  • Placeholder secrets never appear in AI conversation, logs, or memory.
  • Argon2id key derivation with AES-256-GCM encryption.
  • Secrets are bound to specific domains for enforcement.
  • Document injection via {{DOC:filename}} for text files.
  • Form submit interception with no clipboard or console exposure.
  • Vault stored locally in chrome.storage.local, never synced to the cloud.

Use cases of EnigmAgent MCP

  • Let Claude type {{OPENAI_API_KEY}} on platform.openai.com without seeing the real key.
  • Allow Cursor or GitHub Copilot to commit code or open PRs without exposing tokens.
  • Automate setting repository secrets in GitHub Actions browser UI.
  • Configure webhook credentials in n8n or Zapier AI browser workflows.
  • Use placeholders for any form field on any domain after binding a secret.

FAQ from EnigmAgent MCP

How is the vault secured and where is it stored?

The vault is encrypted with Argon2id and AES-256-GCM, and stored only in chrome.storage.local — never in storage.sync or the cloud.

What happens when a form is submitted with a placeholder?

EnigmAgent intercepts the submit event, checks the domain, asks the background service worker to decrypt the secret, injects the real value into the form, and re-submits. The plaintext exists in memory for about one event-loop tick.

Can I use EnigmAgent with any AI provider?

Yes, it works with any AI agent that interacts with web forms in the browser — Claude, ChatGPT, Cursor, GitHub Copilot, n8n, Zapier, and more.

How does domain binding work?

When adding a secret with add NAME @domain value, the secret is pinned to that domain. EnigmAgent only resolves the secret on forms that match the bound domain, refusing mismatched origins.

Is the extension available on official stores?

Signed releases for the Chrome Web Store and Mozilla AMO are in progress. Currently, you must load the extension manually via developer mode.

Comments

More AI & Agents MCP servers