MCP-Shield
@riseandignite
About MCP-Shield
Security scanner for MCP servers
Basic information
Config
Add this server to your MCP-compatible client using the configuration below.
{
"mcpServers": {
"mcp-shield": {
"command": "npx",
"args": [
"mcp-shield"
]
}
}
}Tools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is MCP-Shield?
MCP-Shield scans your installed MCP (Model Context Protocol) servers and detects vulnerabilities such as tool poisoning attacks, data exfiltration channels, and cross-origin escalations. It is for developers and security teams who integrate MCP servers into AI workflows.
How to use MCP-Shield?
Run npx mcp-shield to scan standard MCP configuration locations. Use --path <path> to scan a specific config file, --claude-api-key <key> for enhanced AI analysis, --identify-as <client> to test client‑specific behavior, and --safe-list <servers> to exclude trusted servers. Run npx mcp-shield -h for full help.
Key features of MCP-Shield
- Detects hidden instructions, exfiltration, and tool shadowing
- Identifies sensitive file access attempts
- Detects cross‑origin violations between servers
- Supports Cursor, Claude Desktop, Windsurf, VSCode, Codeium configs
- Optional Claude AI integration for deeper analysis
- Safe‑list functionality to exclude trusted servers
Use cases of MCP-Shield
- Scan new MCP servers before adding them to your environment
- Regular security audits of your MCP configuration
- Validate security during MCP server development
- Verify no regression after updating MCP servers
FAQ from MCP-Shield
What vulnerability types does MCP-Shield detect?
It detects tool poisoning with hidden instructions, data exfiltration channels, tool shadowing and behavior modification, sensitive file access attempts, and cross‑origin violations between servers.
How do I use MCP-Shield with the Claude API?
Pass the --claude-api-key YOUR_API_KEY flag when running the scan. This enables AI‑powered analysis that provides detailed risk assessments and explanations for each detected vulnerability.
Can I scan a specific configuration file?
Yes, use the --path <path> option to point to a specific MCP config file (.mcp/*.json or claude_desktop_config.json). If omitted, MCP-Shield scans standard locations on your system.
Does MCP-Shield support a safe list?
Yes, use --safe-list "server1,server2" to exclude those servers from scanning and from cross‑origin violation detection.
What MCP client configurations does it support?
It supports Cursor, Claude Desktop, Windsurf, VSCode, and Codeium configuration files.
More Other MCP servers
MCP Toolbox for Databases
googleapisMCP Toolbox for Databases is an open source MCP server for databases.
Core Philosophy: Connect, Unify, Respond
mindsdbDelegate anything. It comes back done.
ICSS
chokcoco不止于 CSS
Reactive Resume
amruthpillaiA one-of-a-kind resume builder that keeps your privacy in mind. Completely secure, customizable, portable, open-source and free forever. Try it out today!
Nginx UI
0xJackyYet another WebUI for Nginx
Comments