Skip to main content
Glama
alberthild

ShieldAPI MCP

by alberthild
OverviewSchemaRelated ServersScoreDiscussions
JavaScript

shieldapi.scan_skill

Analyze AI agent skills for security risks including prompt injection, malicious code, and credential handling using static analysis across 8 risk categories. Returns risk scores and detailed findings.

Instructions

Scan an AI agent skill/plugin for security issues across 8 risk categories (Snyk ToxicSkills taxonomy). Checks for prompt injection, malicious code, suspicious downloads, credential handling, secret detection, third-party content, unverifiable dependencies, and financial access patterns. Static analysis only — no code execution. Returns risk score (0-100), severity-ranked findings with file locations, and human-readable summary.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
skillNoRaw SKILL.md content or skill name from ClawHub
filesNoAdditional code files to analyze (max 20 files)

Implementation Reference

  • src/index.ts:203-220 (handler)
    The implementation of shieldapi.scan_skill tool, which registers the tool and handles the request by calling the ShieldAPI POST endpoint.
    server.tool(
  'shieldapi.scan_skill',
  'Scan an AI agent skill/plugin for security issues across 8 risk categories (Snyk ToxicSkills taxonomy). Checks for prompt injection, malicious code, suspicious downloads, credential handling, secret detection, third-party content, unverifiable dependencies, and financial access patterns. Static analysis only — no code execution. Returns risk score (0-100), severity-ranked findings with file locations, and human-readable summary.',
  {
    skill: z.string().optional().describe('Raw SKILL.md content or skill name from ClawHub'),
    files: z.array(z.object({
      name: z.string().describe('Filename including extension'),
      content: z.string().describe('File content as string'),
    })).optional().describe('Additional code files to analyze (max 20 files)'),
  },
  { title: 'Scan AI Skill/Plugin', readOnlyHint: true, destructiveHint: false, idempotentHint: true, openWorldHint: false },
  async (params) => {
    const body: Record<string, unknown> = {};
    if (params.skill) body.skill = params.skill;
    if (params.files) body.files = params.files;
    return formatResult(await callShieldApiPost('scan-skill', body));
  }
);
Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/alberthild/shield-api-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server