MCP.so
Sign In
Servers
S

Shellward

@jnMetaCode

Overview

What is Shellward?

Shellward is an AI agent security middleware that protects AI agents from prompt injection, data exfiltration, and dangerous command execution. It acts as an LLM security middleware and AI agent firewall with 8-layer defense-in-depth, DLP-style data flow control, and zero dependencies.

How to use Shellward?

Install via npm (npm install shellward) for SDK integration, or add it as an MCP server in claude_desktop_config.json or .cursor/mcp.json. As an MCP server, it exposes 7 security tools (check_command, check_injection, scan_data, check_path, check_tool, check_response, security_status) and can be configured via environment variables (SHELLWARD_MODE, SHELLWARD_LOCALE, SHELLWARD_THRESHOLD).

Key features of Shellward

  • 8 defense layers including prompt guard, input auditor, tool blocker, and outbound guard
  • DLP model: data returns in full, outbound sends blocked when PII accessed
  • PII detection for SSN, credit cards, API keys, JWT, and Chinese ID/phone/bank cards
  • 32 injection rules (18 Chinese + 14 English) with risk scoring
  • Data exfiltration chain detection for bash bypass patterns
  • Zero dependencies and zero configuration

Use cases of Shellward

  • MCP security enforcement for Claude Desktop, Cursor, and other MCP clients
  • Tool call interception and filtering in autonomous AI agents
  • Adding agent guardrails to any LLM-powered workflow
  • Protecting customer-facing chatbots with tool access from prompt injection attacks
  • Runtime security for internal automation powered by LLMs

FAQ from Shellward

What platforms does Shellward integrate with?

Shellward supports Claude Desktop (MCP server), Cursor (MCP server), OpenClaw (MCP + plugin + SDK), Claude Code, LangChain, AutoGPT, OpenAI Agents, Hermes Agent, Dify/Coze, any MCP client, and any AI agent via SDK.

What is the difference between enforce mode and audit mode?

Enforce mode blocks and logs security violations, while audit mode only logs violations without blocking.

Does Shellward have any dependencies?

Shellward has zero dependencies — it works as a standalone MCP server over stdio without needing @modelcontextprotocol/sdk.

Where does Shellward store audit logs and data?

The README indicates Shellward logs audit trails for PII detection and provides /audit command for viewing logs in OpenClaw, but does not specify where logs are stored on disk.

How does Shellward handle data exfiltration attacks?

Shellward tracks data flow: when sensitive data is read (L2 detection), subsequent outbound sends (email, HTTP POST, curl, wget) are blocked by the data flow guard (L7).

More from Other