ShieldAPI MCP

shieldapi.scan_skill

Read-onlyIdempotent

Analyze AI agent skills for security risks including prompt injection, malicious code, and credential handling using static analysis across 8 risk categories. Returns risk scores and detailed findings.

Instructions

Scan an AI agent skill/plugin for security issues across 8 risk categories (Snyk ToxicSkills taxonomy). Checks for prompt injection, malicious code, suspicious downloads, credential handling, secret detection, third-party content, unverifiable dependencies, and financial access patterns. Static analysis only — no code execution. Returns risk score (0-100), severity-ranked findings with file locations, and human-readable summary.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`skill`	No	Raw SKILL.md content or skill name from ClawHub
`files`	No	Additional code files to analyze (max 20 files)

Implementation Reference

src/index.ts:203-220 (handler)

The implementation of shieldapi.scan_skill tool, which registers the tool and handles the request by calling the ShieldAPI POST endpoint.

server.tool(
  'shieldapi.scan_skill',
  'Scan an AI agent skill/plugin for security issues across 8 risk categories (Snyk ToxicSkills taxonomy). Checks for prompt injection, malicious code, suspicious downloads, credential handling, secret detection, third-party content, unverifiable dependencies, and financial access patterns. Static analysis only — no code execution. Returns risk score (0-100), severity-ranked findings with file locations, and human-readable summary.',
  {
    skill: z.string().optional().describe('Raw SKILL.md content or skill name from ClawHub'),
    files: z.array(z.object({
      name: z.string().describe('Filename including extension'),
      content: z.string().describe('File content as string'),
    })).optional().describe('Additional code files to analyze (max 20 files)'),
  },
  { title: 'Scan AI Skill/Plugin', readOnlyHint: true, destructiveHint: false, idempotentHint: true, openWorldHint: false },
  async (params) => {
    const body: Record<string, unknown> = {};
    if (params.skill) body.skill = params.skill;
    if (params.files) body.files = params.files;
    return formatResult(await callShieldApiPost('scan-skill', body));
  }
);

Tool Definition Quality

A4.1/5.0

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Strong supplement to annotations: confirms safety profile ('Static analysis only — no code execution' aligns with readOnlyHint/destructiveHint), details the 8 specific risk categories checked, and describes return format (score 0-100, findings, summary) compensating for missing output schema. Could mention performance or size limits.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Three dense sentences with zero waste. Front-loaded action, middle lists specific categories logically, end covers methodology and output. Every clause earns its place.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Comprehensive for a scanning tool: explains what gets analyzed, methodology constraints, risk taxonomy, and return structure despite no output schema. Annotations cover safety/idempotency. No gaps given tool complexity.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100% with clear descriptions ('Raw SKILL.md content', 'max 20 files'). Description aligns with schema but adds no additional parameter syntax detail; baseline 3 appropriate when schema carries full load.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

Excellent specific verb ('Scan') + resource ('AI agent skill/plugin') plus specific taxonomy ('Snyk ToxicSkills'). Clearly distinguishes from siblings like check_domain or check_url by specifying the skill/plugin target and the 8-category static analysis approach.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Provides clear scope (skills/plugins vs single IoCs) implying when to use, but lacks explicit 'when-not-to-use' or comparison to sibling 'full_scan' or 'check_prompt' tools. Static analysis constraint noted but no workflow guidance provided.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/alberthild/shield-api-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server