ShieldAPI MCP

Server Details

security tools for AI agents: URL safety scanning, prompt injection detection (200+ patterns), email/password breach checks via HIBP, domain & IP reputation analysis, and AI skill supply chain scanning. Free tier (3 calls/day) or pay-per-request with USDC micropayments via x402.

Status: Healthy
Last Tested: 2026-03-11 01:30
Transport: Streamable HTTP
URL

See and control every tool call

Log every tool call with full inputs and outputs

Control which tools are enabled per connector

Manage credentials once, use from any MCP client

Monitor uptime and get alerted when servers go down

Available Tools

9 tools

shieldapi.check_domainInspect

Check domain reputation: DNS records, blacklists (Spamhaus, SpamCop, SORBS), SPF/DMARC, SSL.

ParametersJSON Schema

Name	Required	Description	Default
`domain`	Yes	Domain name to check (e.g. example.com)

shieldapi.check_emailInspect

Check if an email address has been exposed in known data breaches via HIBP.

ParametersJSON Schema

Name	Required	Description	Default
`email`	Yes	Email address to check

shieldapi.check_ipInspect

Check IP reputation: blacklists, Tor exit node detection, reverse DNS.

ParametersJSON Schema

Name	Required	Description	Default
`ip`	Yes	IPv4 address to check (e.g. 8.8.8.8)

shieldapi.check_passwordInspect

Check if a password hash (SHA-1) has been exposed in known data breaches via HIBP.

ParametersJSON Schema

Name	Required	Description	Default
`hash`	Yes	SHA-1 hash of the password (40 hex chars)

shieldapi.check_password_rangeInspect

Look up a SHA-1 hash prefix in the HIBP k-Anonymity database.

ParametersJSON Schema

Name	Required	Description	Default
`prefix`	Yes	First 5 characters of the SHA-1 password hash

shieldapi.check_promptInspect

Detect prompt injection in text. Analyzes across 4 categories (direct injection, encoding tricks, exfiltration, indirect injection) with 200+ detection patterns. Designed for real-time inline usage before processing untrusted user input. Returns boolean verdict, confidence score (0-1), matched patterns with evidence, and decoded content if encoding obfuscation was detected. Response time <100ms p95.

ParametersJSON Schema

Name	Required	Description	Default
`prompt`	Yes	The text to analyze for prompt injection
`context`	No	Context hint for sensitivity: user-input (default), skill-prompt (higher tolerance), system-prompt (highest sensitivity)

shieldapi.check_urlInspect

Check a URL for malware, phishing, and other threats. Uses URLhaus + heuristic analysis.

ParametersJSON Schema

Name	Required	Description	Default
`url`	Yes	The URL to check (e.g. https://example.com)

shieldapi.full_scanInspect

Run all security checks on a target (URL, domain, IP, or email). Most comprehensive scan.

ParametersJSON Schema

Name	Required	Description	Default
`target`	Yes	Target to scan — URL, domain, IP address, or email

shieldapi.scan_skillInspect

Scan an AI agent skill/plugin for security issues across 8 risk categories (Snyk ToxicSkills taxonomy). Checks for prompt injection, malicious code, suspicious downloads, credential handling, secret detection, third-party content, unverifiable dependencies, and financial access patterns. Static analysis only — no code execution. Returns risk score (0-100), severity-ranked findings with file locations, and human-readable summary.

ParametersJSON Schema

Name	Required	Description	Default
`files`	No	Additional code files to analyze (max 20 files)
`skill`	No	Raw SKILL.md content or skill name from ClawHub

To claim this server, publish a /.well-known/glama.json file on your server's domain with the following structure:

{
  "$schema": "https://glama.ai/mcp/schemas/connector.json",
  "maintainers": [
    {
      "email": "your-email@example.com"
    }
  ]
}

The email address must match the email associated with your Glama account. Once verified, the server will appear as claimed by you.

Server Details

Available Tools

Discussions

Your Connectors

Resources