How to Secure MCP Tool Calls in n8n Workflows

n8n connects AI Agents to external tools via MCP. The tool definitions and tool call payloads flow without any integrity verification. A compromised MCP server can change a tool description between calls, inject instructions the LLM will follow, or modify parameters in transit. This isn't theoretical. The postmark-mcp attack used tool definition tampering to BCC every email to an attacker. CVE-2025-6514 (CVSS 9.6) achieved full RCE through mcp-remote. The MCPTox benchmark shows a 72.8% tool poisoning success rate across 20 LLM agents. I built an n8n community node based on MCPS (MCP Secure) -- an IETF Internet-Draft that adds a cryptographic signing layer to MCP. Same standards track as TLS and OAuth. Install npm install n8n-nodes-mcps Restart n8n. The "MCPS Security" node appears in your node library. What it does Drop it into any workflow that uses MCP tools. Select "Full Security Wrap" for one-step protection: Tool call signing -- every MCP tool call is signed with HMAC-SHA256 over