ShieldNet MCP
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@ShieldNet MCPscan https://example.com"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
π‘οΈ ShieldNet MCP β Security Scanner for AI Agents
Bring security governance to any AI agent deployment via MCP.
Track: Secure & Govern MCP | MCP_HACK//26
What It Does
ShieldNet MCP is a zero-trust guardrail for AI agents. Before your agent connects to any external endpoint (API, webhook, third-party service), ShieldNet scans it and returns an ALLOW / WARN / BLOCK decision β with full findings and severity ratings.
Scan URLs for 50+ checks across 7 security modules
Governance decisions β auto-gate agent connections with ALLOW/WARN/BLOCK
Security headers audit β quick compliance check
Side-by-side comparisons β which endpoint is safer?
Session history β track all scans with grades and scores
Pre-built prompts β security audit & pre-deployment check workflows
Related MCP server: ZugaShield
Why It Matters
AI agents increasingly interact with external APIs and services. Without security governance:
An agent could connect to a compromised endpoint
Sensitive data could leak through misconfigured CORS
Injection attacks could manipulate agent behavior
ShieldNet acts as a security guardrail β scan first, connect later.
Architecture
ββββββββββββ βββββββββββββββββββββββββ
β β β agentgateway β
β AI AgentββββββββΆβ βββββββββββββββββββ β βββββββββββββββββ
β (Claude, β β β π ShieldNet β β β External β
β GPT, βββββββββ β MCP Server ββββΌββββββΆβ Service β
β etc.) β β β β β β (target URL) β
β β β β βββββββββββββ β β β β
ββββββββββββ β β β Scanners β β β βββββββββββββββββ
β ββββΌββββββββββββΌβββ β
β β β β
β ββββΌβββ βββββββββΌβββ β
β βHeadersβ βInjection β β
β β TLS β βInfo Disc β β
β β Auth β βMisconfig β β
β βRate β β β β
β βLimit β β β β
β ββββββββ ββββββββββββ β
β ALLOW / WARN / BLOCK β
ββββββββββββββββββββββββββFlow:
AI agent requests external connection
agentgateway routes to ShieldNet MCP
ShieldNet runs 7 scanner modules in parallel
Returns ALLOW/WARN/BLOCK + detailed findings
agentgateway enforces the decision
Scanner Modules (7)
# | Module | What It Checks |
1 |
| HSTS, CSP, X-Frame-Options, Cookie flags, CORS wildcards, info disclosure |
2 |
| Reflected XSS, SQLi, SSTI, Command Injection, Path Traversal, SSRF, Open Redirect |
3 |
| 25 sensitive paths (.env, .git, package.json, swagger, backups, server-status) |
4 |
| HTTP vs HTTPS, SSL/TLS redirect enforcement |
5 |
| JWT exposure, JWT |
6 |
| CORS origin reflection, TRACE method, version disclosure in error pages |
7 |
| 20-request burst test (aggressive mode only) |
Quick Start
1. Install
git clone https://github.com/hhhashexe/shieldnet-mcp.git
cd shieldnet-mcp
npm install2. Run a demo scan (no setup needed)
bash demo.sh https://example.comThis launches the MCP server, discovers available tools via tools/list, runs a live scan, and pretty-prints the results with colors. π€
3. Run the test suite
npm test75 integration tests covering all 6 MCP tools, 6 tools + 3 resources + 2 prompts.
4. Use as an MCP Server
Claude Desktop
Add to your claude_desktop_config.json:
{
"mcpServers": {
"shieldnet": {
"command": "node",
"args": ["/path/to/shieldnet-mcp/src/index.js"]
}
}
}With agentgateway
targets:
- name: shieldnet-security
provider:
type: mcp
config:
command: node
args: ["src/index.js"]See agentgateway.yaml for full configuration.
Raw JSON-RPC (stdio)
echo '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{},"clientInfo":{"name":"my-agent","version":"0.1"}}}
{"jsonrpc":"2.0","method":"notifications/initialized"}
{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"scan_url","arguments":{"url":"https://example.com"}}}' | node src/index.jsMCP Tools
Tool | Description |
Comprehensive scan β 7 modules, 50+ checks, A-F grade | |
Scan + governance decision (ALLOW/WARN/BLOCK) with confidence score | |
Quick security headers audit β PASS/WARN/FAIL verdict | |
Session scan history with grades | |
Side-by-side comparison of two URLs | |
View policy or evaluate a score against thresholds |
MCP Resources
Resource | Description |
| Full attack vector database |
| Session scan history |
| ALLOW/WARN/BLOCK thresholds |
MCP Prompts
Prompt | Description |
| Full audit with executive report |
| Gate check before deployment |
Security Governance
ShieldNet makes ALLOW/WARN/BLOCK decisions based on:
ALLOW β Score β₯ 70, no critical findings
WARN β Score 50-69, or high-severity findings
BLOCK β Score < 50, or any critical vulnerabilitiesReal-World Proof
ShieldNet has been used in production security audits:
3 CVEs discovered and responsibly disclosed
PayLock.xyz audit: 36 verified findings (4 Critical, 17 High)
Published on npm as
shieldnet(v0.3.2)
License
MIT β see LICENSE
Links
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/hhhashexe/shieldnet-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server