RAGSHIELD
OfficialAllows forwarding of scan findings to Elasticsearch for indexing and search.
Integrates with GitHub code scanning by outputting SARIF format, enabling detection results to appear in GitHub's security alerts and pull request checks.
Allows forwarding of scan findings to Slack channels via cognis-connect.
Allows forwarding of scan findings to Splunk for centralized logging and analysis.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@RAGSHIELDscan ./docs for embedding anomalies"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
RAGSHIELD — RAG corpus poisoning detector — embedding anomalies, backdoor triggers
Part of the Cognis Neural Suite by Cognis Digital Cognis Open Collaboration License (COCL) v1.0 · domain:
ai-security
RAG corpus poisoning detector — embedding anomalies, backdoor triggers.
AI Security & Governance — securing LLMs, agents, and the MCP supply chain.
🔎 Example output
Real, reproducible output from the tool — runs offline:
$ ragshield-emit --version
ragshield 0.1.0$ ragshield-emit --help
usage: ragshield [-h] [--version] {scan} ...
RAGSHIELD - detect poisoning, backdoor triggers and embedding anomalies in a
RAG corpus (JSONL).
positional arguments:
{scan}
scan scan a JSONL corpus file for poisoning
options:
-h, --help show this help message and exit
--version show program's version number and exit
example: ragshield scan demos/01-basic/corpus.jsonl --format tableBlocks above are real
ragshieldoutput — reproduce them from a clone.
Sample result format (illustrative values — run on your own data for real findings):
{
"findings": [
{
"id": "1234",
"title": "Suspicious Activity",
"description": "Possible malicious activity detected on network 192.168.1.100",
"confidence": 0.8,
"created_at": "2023-02-15T14:30:00Z"
},
{
"id": "5678",
"title": "Malware Detection",
"description": "Malware detected on system with IP address 192.168.1.101",
"confidence": 0.9,
"created_at": "2023-02-15T14:31:00Z"
}
]
}Related MCP server: InjectShield
Usage — step by step
Install the
ragshieldcommand:pip install cognis-ragshield # or: pip install -e . from this repoScan a JSONL corpus for poisoning, backdoor triggers and embedding anomalies (
scanis the only subcommand; the corpus path is positional):ragshield scan demos/01-basic/corpus.jsonlTune the gate.
--fail-onsets the minimum severity that exits non-zero (mediumdefault; alsohigh,critical,any,never);--dup-thresholdcontrols the near-duplicate Jaccard cutoff (default0.9):ragshield scan corpus.jsonl --fail-on high --dup-threshold 0.85Read the output.
--format jsonemitsdoc_count,risk_score,poisonedand afindingslist (each withseverity,detector,doc_id,message); the defaulttablerenders the same data for humans:ragshield scan corpus.jsonl --format json > scan.jsonWire it into CI — the exit code is the gate, so a poisoned corpus fails the build:
- run: pip install cognis-ragshield - run: ragshield scan data/corpus.jsonl --fail-on high
Why
Security and intelligence teams need RAG corpus poisoning detector — embedding anomalies, backdoor triggers without standing up heavyweight infrastructure. ragshield is single-purpose, scriptable, CI-friendly, and self-hostable: point it at a target, get prioritized findings in the format your workflow already speaks (table, JSON, SARIF, HTML), and wire it into agents over MCP when you want it autonomous.
Install
pip install cognis-ragshield
# or, from this repo:
pip install -e ".[dev]"Quick start
ragshield --version
ragshield scan demos/ # run against the bundled demo
ragshield scan demos/ --format sarif --out r.sarif --fail-on high
ragshield scan demos/ --format html --out report.html
ragshield mcp # expose as an MCP server (Cognis.Studio / Claude Desktop / Cursor)Built-in demo scenarios
Each scenario folder includes a SCENARIO.md describing the situation and the findings to expect.
Output formats
Table (default) — human-readable terminal summary
JSON — machine-readable findings for pipelines
SARIF — drops into GitHub code-scanning / IDE problem panes
HTML — shareable report with severity rollups
How it fits the Cognis Neural Suite
ragshield is one of 52 tools in the Cognis Neural Suite. Every tool ships an MCP server, so Cognis.Studio agents can call them as scoped capabilities.
Sibling tools in ai-security: aegis, promptmirror, ledgermind, adversa, guardpost, hallumark, aicard, biascope, mcpharden, agentlog
Architecture & roadmap
Design notes:
docs/ARCHITECTURE.mdPlanned work:
ROADMAP.md
Contributing
PRs, new detections, and demo scenarios are welcome under the collaboration-pull model. See CONTRIBUTING.md and SECURITY.md.
Interoperability
ragshield composes with the 300+ tool Cognis suite — JSON in/out and a shared
OpenAI-compatible /v1 backbone. See INTEROP.md for the
suite map, composition patterns, and reference stacks.
Integrations
Forward ragshield's findings to STIX/MISP/Sigma/Splunk/Elastic/Slack/webhooks via
cognis-connect. See INTEGRATIONS.md.
License
Source-available under the Cognis Open Collaboration License (COCL) v1.0 — free for personal, internal-evaluation, research, and educational use; commercial / production use requires a license (licensing@cognis.digital). See LICENSE.
Responsible use
This is dual-use security software. Use it only against systems, data, and identities you own or are explicitly authorized in writing to test, and in compliance with applicable law.
About
Cognis Digital — Wyoming, USA · Making Tomorrow Better Today: Advanced Cybersecurity, AI Innovation, and Blockchain Expertise.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/cognis-digital/ragshield'
If you have feedback or need assistance with the MCP directory API, please join our Discord server