Schema | ShieldAPI MCP

ShieldAPI MCP

Overview Schema Related Servers Score Discussions

Server Configuration

Describes the environment variables required to run the server.

Name	Required	Description	Default
`SHIELDAPI_URL`	No	API base URL	https://shield.vainplex.dev
`SHIELDAPI_WALLET_PRIVATE_KEY`	No	EVM private key for USDC payments. If not set, the server operates in demo mode with free tier limits.

Capabilities

Features and capabilities supported by this server

Capability	Details
`tools`	{ "listChanged": true }
`prompts`	{ "listChanged": true }

Tools

Functions exposed to the LLM to take actions

Name	Description
shieldapi.check_urlA	Check a URL for malware, phishing, and other threats. Uses URLhaus + heuristic analysis.
shieldapi.check_passwordA	Check if a password hash (SHA-1) has been exposed in known data breaches via HIBP.
shieldapi.check_password_rangeA	Look up a SHA-1 hash prefix in the HIBP k-Anonymity database.
shieldapi.check_domainA	Check domain reputation: DNS records, blacklists (Spamhaus, SpamCop, SORBS), SPF/DMARC, SSL.
shieldapi.check_ipA	Check IP reputation: blacklists, Tor exit node detection, reverse DNS.
shieldapi.check_emailA	Check if an email address has been exposed in known data breaches via HIBP.
shieldapi.full_scanA	Run all security checks on a target (URL, domain, IP, or email). Most comprehensive scan.
shieldapi.scan_skillA	Scan an AI agent skill/plugin for security issues across 8 risk categories (Snyk ToxicSkills taxonomy). Checks for prompt injection, malicious code, suspicious downloads, credential handling, secret detection, third-party content, unverifiable dependencies, and financial access patterns. Static analysis only — no code execution. Returns risk score (0-100), severity-ranked findings with file locations, and human-readable summary.
shieldapi.check_promptA	Detect prompt injection in text. Analyzes across 4 categories (direct injection, encoding tricks, exfiltration, indirect injection) with 200+ detection patterns. Designed for real-time inline usage before processing untrusted user input. Returns boolean verdict, confidence score (0-1), matched patterns with evidence, and decoded content if encoding obfuscation was detected. Response time <100ms p95.

Prompts

Interactive templates invoked by user choice

Name	Description
`security_assessment`	Generate a security assessment report for a target (domain, URL, IP, or email)
`quick_check`	Quick security check — automatically detects target type and runs the right scan

Resources

Contextual data attached and managed by the client

Name	Description
No resources

Server Configuration
Capabilities
Tools
Prompts
Resources

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/alberthild/shieldapi-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server