Skip to main content
Glama

MCP Shield

Python CI License: MIT MCP

Security scanner and MCP server for Model Context Protocol servers, tools, prompts, and AI agent projects.

MCP gives agents access to tools. MCP Shield helps you catch the obvious dangerous parts before they reach production: leaked secrets, shell execution, risky tool descriptions, prompt-injection text, and CI-breaking security regressions.

mcp-scan .
[HIGH] code.shell_true server.py:42
  Shell execution is enabled.
  subprocess.run(cmd, shell=True)

[CRITICAL] secret.literal .env:1
  Possible hard-coded secret.
  OPENAI_API_KEY="sk-..."

Why MCP Shield

MCP servers often expose powerful capabilities: filesystem access, shell commands, network calls, credentials, browser automation, databases, and internal tools.

That is exactly where small mistakes become expensive:

  • a tool description encourages unsafe behavior

  • a test key becomes a real leaked token

  • an agent can call a shell command with user-controlled input

  • a prompt or resource contains injection text

  • CI has no security gate for MCP-specific risks

MCP Shield is the simple first line of defense: fast static checks, useful output, and a non-zero exit code when risk crosses your threshold.

Related MCP server: Mund

Features

  • runs as both a CLI and an MCP server

  • built on the official MCP Python SDK

  • CI-friendly severity gates

  • text, JSON, Markdown, and SARIF output

  • inline suppressions with rule IDs

  • .mcp-scan-ignore for fixtures and intentional demos

What It Finds

Risk

Examples

Hard-coded secrets

API keys, tokens, passwords, private keys

Process execution

subprocess, child_process, shell=True

MCP tool risk

tools named or described as delete, shell, token, secret, filesystem

Environment access

os.environ, process.env

Prompt injection text

"ignore previous instructions", system prompt leakage phrases

Install

From a local checkout:

pip install .

Run without installing:

python -m mcp_security_scanner.cli .

MCP Server

Run MCP Shield as a stdio MCP server:

mcp-shield-server

Available tools:

  • scan_path_tool - scan a local MCP server or agent project

  • list_rules - list rule IDs and descriptions

Example Claude Desktop-style command:

{
  "mcpServers": {
    "mcp-shield": {
      "command": "mcp-shield-server"
    }
  }
}

Usage

mcp-scan .
mcp-scan path/to/mcp-server
mcp-scan . --format json
mcp-scan . --format markdown --output mcp-security-report.md
mcp-scan . --format sarif --output mcp-shield.sarif
mcp-scan . --fail-on medium

Formats:

  • text for humans

  • json for automation

  • markdown for PR comments and reports

  • sarif for GitHub code scanning

Severity gates:

  • low

  • medium

  • high

  • critical

--fail-on high exits with code 1 when any high or critical finding exists.

Ignore Files

Create .mcp-scan-ignore in the scanned directory:

tests/
fixtures/
examples/unsafe-demo.py

Use this for intentional fixtures and demos. Do not use it to hide production risks.

Suppressions

Suppress a reviewed finding on the same line:

subprocess.run(cmd)  # mcp-shield: ignore code.subprocess

Use all only for test fixtures:

subprocess.run(cmd, shell=True)  # mcp-shield: ignore all

Example

Scan the intentionally unsafe example:

python -m mcp_security_scanner.cli examples/unsafe-mcp-server --fail-on critical

GitHub Actions

name: MCP security scan

on: [push, pull_request]

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: "3.12"
      - run: pip install .
      - run: mcp-scan . --fail-on high

Roadmap

  • MCP SDK-aware parsing for Python and TypeScript servers

  • safer default rule pack for enterprise MCP servers

  • prompt/resource-specific injection checks

  • PyPI release for pipx install mcp-shield

Repository Topics

Add these GitHub topics for discovery:

mcp, model-context-protocol, ai-agents, security, security-tools, scanner, devtools, llm, prompt-injection, static-analysis

GitHub recommends repository topics because they help people discover and contribute to projects by purpose and subject area.

Scope

MCP Shield is a static heuristic scanner. It catches common risks early, but it is not a full security audit.

Help It Grow

MCP security is moving fast. The most useful contributions right now are real-world unsafe MCP examples, low-noise detection rules, and CI integrations.

If MCP Shield catches something useful, star the repo so more MCP builders can find it.

Install Server
A
license - permissive license
C
quality
D
maintenance

Maintenance

Maintainers
Response time
Release cycle
Releases (12mo)
Commit activity

Resources

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/rob925/mcp-shield'

If you have feedback or need assistance with the MCP directory API, please join our Discord server