Skip to main content
Glama
balasriharsha

shieldbot

Server Configuration

Describes the environment variables required to run the server.

NameRequiredDescriptionDefault

No arguments

Capabilities

Features and capabilities supported by this server

CapabilityDetails
tools
{
  "listChanged": false
}
prompts
{
  "listChanged": false
}
resources
{
  "subscribe": false,
  "listChanged": false
}
experimental
{}

Tools

Functions exposed to the LLM to take actions

NameDescription
scan_repositoryA

Run a full security scan on a repository.

Executes the following scanners in parallel:

  • CodeQL (deep dataflow / taint-analysis SAST, open-source CLI)

  • Semgrep (5,000+ OWASP/CWE rules)

  • bandit (Python-specific security linter)

  • ruff (Python quality + security patterns)

  • detect-secrets / gitleaks (hardcoded secrets)

  • osv-scanner / dependabot (dependency CVEs via OSV/GHSA advisory DB)

  • pip-audit (Python CVEs)

  • npm-audit (Node.js CVEs)

  • trivy (Docker image CVEs, misconfigurations, and baked-in secrets — runs when a Dockerfile is found)

Returns a JSON report with deduplicated, severity-ranked findings.

Args: repo_path: Absolute or relative path to the repository to scan. skip_scanners: Optional list of scanner names to skip. Valid values: codeql, semgrep, bandit, ruff, detect-secrets, dependabot, pip-audit, npm-audit, trivy scan_git_history: If True, scan git history for leaked secrets (requires gitleaks to be installed). extra_images: Pre-built Docker image names/tags to scan directly with Trivy. Use when docker build fails in a restricted environment. Example: ["mcr.microsoft.com/playwright:v1.50-noble"]

Returns: JSON string containing the full SecurityReport with all findings, per-scanner metadata, severity counts, and scan duration.

check_scanner_toolsA

Check which security scanner tools are installed and available.

Returns a JSON object mapping each tool name to its availability status and install path (or install instructions if missing).

Prompts

Interactive templates invoked by user choice

NameDescription

No prompts

Resources

Contextual data attached and managed by the client

NameDescription

No resources

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/balasriharsha/shieldbot'

If you have feedback or need assistance with the MCP directory API, please join our Discord server