Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| SHELLWARD_MODE | No | Determines whether to block and log (enforce) or log only (audit). | enforce |
| SHELLWARD_LOCALE | No | The language locale for the server. Auto-detects from system LANG if set to auto. | auto |
| SHELLWARD_THRESHOLD | No | Risk score threshold for injection detection, ranging from 0 to 100. | 60 |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| check_command | Check if a shell command is safe to execute. Detects rm -rf, reverse shells, fork bombs, curl|sh, etc. |
| check_injection | Detect prompt injection attempts in text. Supports 32+ rules for Chinese and English, with hidden character detection. |
| scan_data | Scan text for sensitive data: PII (Chinese ID cards, phone numbers, bank cards), API keys, passwords, private keys, JWT tokens, SSN, credit cards. |
| check_path | Check if a file path operation is safe. Protects .env, .ssh/, .aws/credentials, private keys, /etc/passwd, etc. |
| check_tool | Check if a tool name is allowed. Blocks payment/transfer tools, flags exec/shell tools as sensitive. |
| check_response | Check an AI response for security issues: canary token leaks and sensitive data exposure. |
| security_status | Get current ShellWard security status: mode, active layers, detection capabilities. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |