MCP.so
Sign In
P

Prompt Injection Shield

@aniketkarne

About Prompt Injection Shield

No overview available yet

Basic information

Category

Other

Transports

stdio

Publisher

aniketkarne

Submitted by

Aniket Karne

Config

Add this server to your MCP-compatible client using the configuration below.

{
  "mcpServers": {
    "PromptInjectionShield": {
      "command": "docker",
      "args": [
        "build",
        "-t",
        "shield-mcp",
        "."
      ]
    }
  }
}

Tools

No tools detected

We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.

Overview

What is Prompt Injection Shield?

Prompt Injection Shield is a local-first, zero-cost MCP server that detects malicious prompt injection and jailbreak attempts in user input. It acts as a security gateway that integrates with LLM workflows (such as Claude Desktop) to pre-screen prompts before they reach the model, keeping all data on the user’s machine.

How to use Prompt Injection Shield?

Install from source (pip install .) or via Docker. Run the server with python -m shield_mcp.server, then configure it as an MCP server in your client (e.g., add to claude_desktop_config.json with command python and args ["-m", "shield_mcp.server"]). The server exposes a single tool called analyze_prompt that accepts a prompt string and returns is_injection, risk_score, and category. You can optionally customize the risk threshold and log directory by creating a shield_config.json file.

Key features of Prompt Injection Shield

  • Local detection engine, no external API calls.
  • Three-tiered detection: heuristics, semantic ML model, and structural check.
  • Privacy-first: prompt text never leaves the machine.
  • Zero-cost security checks.
  • Integrates natively with Claude Desktop and any MCP‑compatible client.

Use cases of Prompt Injection Shield

  • Wrap a chatbot or RAG system to reject malicious prompts before they reach the main LLM.
  • Protect internal tools (code executors, database agents) from injected instructions in data context.
  • Red‑team own applications by using the risk_score to evaluate jailbreak attempts.
  • Pre‑screen any user input in an MCP‑enabled workflow without sending data to a third‑party API.

FAQ from Prompt Injection Shield

Does Prompt Injection Shield require an internet connection for detection?

No. The entire detection pipeline runs locally; no external API calls are made during analysis.

How does the detection work?

It uses three layers: Level 1 heuristics (regex) for known jailbreak patterns, Level 2 semantic analysis with a local DeBERTa model (protectai/deberta-v3-base-prompt-injection-v2), and Level 3 structural checks for obfuscation (Base64, Hex, high entropy strings).

Can I adjust the detection sensitivity?

Yes. Create a shield_config.json in the working directory and set “risk_threshold” (default 0.8) to control when a prompt is flagged as injection.

Where are logs stored?

Logs are saved by default in ~/.shield-mcp/logs; you can change the directory using the “log_dir” key in shield_config.json.

What transport does the server use?

The server is invoked via a command (e.g., python -m shield_mcp.server) and communicates over MCP’s standard input/output transport (stdio).

Comments

More Other MCP servers