Skip to main content
Glama
alberthild

ShieldAPI MCP

by alberthild
OverviewSchemaRelated ServersScoreDiscussions
JavaScript

shieldapi.check_prompt

Analyze text for prompt injection attacks across 4 categories using 200+ detection patterns before processing untrusted user input.

Instructions

Detect prompt injection in text. Analyzes across 4 categories (direct injection, encoding tricks, exfiltration, indirect injection) with 200+ detection patterns. Designed for real-time inline usage before processing untrusted user input. Returns boolean verdict, confidence score (0-1), matched patterns with evidence, and decoded content if encoding obfuscation was detected. Response time <100ms p95.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
promptYesThe text to analyze for prompt injection
contextNoContext hint for sensitivity: user-input (default), skill-prompt (higher tolerance), system-prompt (highest sensitivity)

Implementation Reference

  • src/index.ts:223-237 (handler)
    The 'shieldapi.check_prompt' tool registration and handler implementation. It uses 'callShieldApiPost' to send the prompt to the ShieldAPI backend.
    server.tool(
  'shieldapi.check_prompt',
  'Detect prompt injection in text. Analyzes across 4 categories (direct injection, encoding tricks, exfiltration, indirect injection) with 200+ detection patterns. Designed for real-time inline usage before processing untrusted user input. Returns boolean verdict, confidence score (0-1), matched patterns with evidence, and decoded content if encoding obfuscation was detected. Response time <100ms p95.',
  {
    prompt: z.string().describe('The text to analyze for prompt injection'),
    context: z.enum(['user-input', 'skill-prompt', 'system-prompt']).optional()
      .describe('Context hint for sensitivity: user-input (default), skill-prompt (higher tolerance), system-prompt (highest sensitivity)'),
  },
  { title: 'Detect Prompt Injection', readOnlyHint: true, destructiveHint: false, idempotentHint: true, openWorldHint: false },
  async (params) => {
    const body: Record<string, unknown> = { prompt: params.prompt };
    if (params.context) body.context = params.context;
    return formatResult(await callShieldApiPost('check-prompt', body));
  }
);
  • src/index.ts:118-134 (helper)
    The helper function that communicates with the ShieldAPI backend for the tools.
    async function callShieldApiPost(endpoint: string, body: Record<string, unknown>): Promise<unknown> {
  const url = new URL(`${SHIELDAPI_URL}/api/${endpoint}`);
  if (demoMode) {
    url.searchParams.set('demo', 'true');
  }

  const response = await paymentFetch(url.toString(), {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify(body),
  });
  if (!response.ok) {
    const body = await response.text();
    throw new Error(`ShieldAPI ${endpoint} failed (${response.status}): ${body.substring(0, 200)}`);
  }
  return response.json();
}
Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/alberthild/shield-api-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server