MCP-Shield
@riseandignite
关于 MCP-Shield
Security scanner for MCP servers
基本信息
配置
使用下面的配置,将此服务器添加到你的 MCP 客户端。
{
"mcpServers": {
"mcp-shield": {
"command": "npx",
"args": [
"mcp-shield"
]
}
}
}工具
未检测到工具
工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。
概览
What is MCP-Shield?
MCP-Shield scans your installed MCP (Model Context Protocol) servers and detects vulnerabilities such as tool poisoning attacks, data exfiltration channels, and cross-origin escalations. It is for developers and security teams who integrate MCP servers into AI workflows.
How to use MCP-Shield?
Run npx mcp-shield to scan standard MCP configuration locations. Use --path <path> to scan a specific config file, --claude-api-key <key> for enhanced AI analysis, --identify-as <client> to test client‑specific behavior, and --safe-list <servers> to exclude trusted servers. Run npx mcp-shield -h for full help.
Key features of MCP-Shield
- Detects hidden instructions, exfiltration, and tool shadowing
- Identifies sensitive file access attempts
- Detects cross‑origin violations between servers
- Supports Cursor, Claude Desktop, Windsurf, VSCode, Codeium configs
- Optional Claude AI integration for deeper analysis
- Safe‑list functionality to exclude trusted servers
Use cases of MCP-Shield
- Scan new MCP servers before adding them to your environment
- Regular security audits of your MCP configuration
- Validate security during MCP server development
- Verify no regression after updating MCP servers
FAQ from MCP-Shield
What vulnerability types does MCP-Shield detect?
It detects tool poisoning with hidden instructions, data exfiltration channels, tool shadowing and behavior modification, sensitive file access attempts, and cross‑origin violations between servers.
How do I use MCP-Shield with the Claude API?
Pass the --claude-api-key YOUR_API_KEY flag when running the scan. This enables AI‑powered analysis that provides detailed risk assessments and explanations for each detected vulnerability.
Can I scan a specific configuration file?
Yes, use the --path <path> option to point to a specific MCP config file (.mcp/*.json or claude_desktop_config.json). If omitted, MCP-Shield scans standard locations on your system.
Does MCP-Shield support a safe list?
Yes, use --safe-list "server1,server2" to exclude those servers from scanning and from cross‑origin violation detection.
What MCP client configurations does it support?
It supports Cursor, Claude Desktop, Windsurf, VSCode, and Codeium configuration files.
其他 分类下的更多 MCP 服务器
Awesome-MCP-ZH
yzflyMCP 资源精选, MCP指南,Claude MCP,MCP Servers, MCP Clients
MaxKB
1Panel-dev🔥 MaxKB is an open-source platform for building enterprise-grade agents. 强大易用的开源企业级智能体平台。
Core Philosophy: Connect, Unify, Respond
mindsdbDelegate anything. It comes back done.

Sequential Thinking
modelcontextprotocolModel Context Protocol Servers
MCP Go 🚀
mark3labsA Go implementation of the Model Context Protocol (MCP), enabling seamless integration between LLM applications and external data sources and tools.
评论