MCP.so
登录

MCP-Shield

@riseandignite

关于 MCP-Shield

Security scanner for MCP servers

基本信息

分类

其他

许可证

MIT

运行时

node

传输方式

stdio

发布者

riseandignite

配置

使用下面的配置,将此服务器添加到你的 MCP 客户端。

{
  "mcpServers": {
    "mcp-shield": {
      "command": "npx",
      "args": [
        "mcp-shield"
      ]
    }
  }
}

工具

未检测到工具

工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。

概览

What is MCP-Shield?

MCP-Shield scans your installed MCP (Model Context Protocol) servers and detects vulnerabilities such as tool poisoning attacks, data exfiltration channels, and cross-origin escalations. It is for developers and security teams who integrate MCP servers into AI workflows.

How to use MCP-Shield?

Run npx mcp-shield to scan standard MCP configuration locations. Use --path <path> to scan a specific config file, --claude-api-key <key> for enhanced AI analysis, --identify-as <client> to test client‑specific behavior, and --safe-list <servers> to exclude trusted servers. Run npx mcp-shield -h for full help.

Key features of MCP-Shield

  • Detects hidden instructions, exfiltration, and tool shadowing
  • Identifies sensitive file access attempts
  • Detects cross‑origin violations between servers
  • Supports Cursor, Claude Desktop, Windsurf, VSCode, Codeium configs
  • Optional Claude AI integration for deeper analysis
  • Safe‑list functionality to exclude trusted servers

Use cases of MCP-Shield

  • Scan new MCP servers before adding them to your environment
  • Regular security audits of your MCP configuration
  • Validate security during MCP server development
  • Verify no regression after updating MCP servers

FAQ from MCP-Shield

What vulnerability types does MCP-Shield detect?

It detects tool poisoning with hidden instructions, data exfiltration channels, tool shadowing and behavior modification, sensitive file access attempts, and cross‑origin violations between servers.

How do I use MCP-Shield with the Claude API?

Pass the --claude-api-key YOUR_API_KEY flag when running the scan. This enables AI‑powered analysis that provides detailed risk assessments and explanations for each detected vulnerability.

Can I scan a specific configuration file?

Yes, use the --path <path> option to point to a specific MCP config file (.mcp/*.json or claude_desktop_config.json). If omitted, MCP-Shield scans standard locations on your system.

Does MCP-Shield support a safe list?

Yes, use --safe-list "server1,server2" to exclude those servers from scanning and from cross‑origin violation detection.

What MCP client configurations does it support?

It supports Cursor, Claude Desktop, Windsurf, VSCode, and Codeium configuration files.

评论

其他 分类下的更多 MCP 服务器