MCP Shield
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@MCP Shieldscan the current directory for security risks"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
MCP Shield
Security scanner and MCP server for Model Context Protocol servers, tools, prompts, and AI agent projects.
MCP gives agents access to tools. MCP Shield helps you catch the obvious dangerous parts before they reach production: leaked secrets, shell execution, risky tool descriptions, prompt-injection text, and CI-breaking security regressions.
mcp-scan .[HIGH] code.shell_true server.py:42
Shell execution is enabled.
subprocess.run(cmd, shell=True)
[CRITICAL] secret.literal .env:1
Possible hard-coded secret.
OPENAI_API_KEY="sk-..."Why MCP Shield
MCP servers often expose powerful capabilities: filesystem access, shell commands, network calls, credentials, browser automation, databases, and internal tools.
That is exactly where small mistakes become expensive:
a tool description encourages unsafe behavior
a test key becomes a real leaked token
an agent can call a shell command with user-controlled input
a prompt or resource contains injection text
CI has no security gate for MCP-specific risks
MCP Shield is the simple first line of defense: fast static checks, useful output, and a non-zero exit code when risk crosses your threshold.
Related MCP server: Mund
Features
runs as both a CLI and an MCP server
built on the official MCP Python SDK
CI-friendly severity gates
text, JSON, Markdown, and SARIF output
inline suppressions with rule IDs
.mcp-scan-ignorefor fixtures and intentional demos
What It Finds
Risk | Examples |
Hard-coded secrets | API keys, tokens, passwords, private keys |
Process execution |
|
MCP tool risk | tools named or described as delete, shell, token, secret, filesystem |
Environment access |
|
Prompt injection text | "ignore previous instructions", system prompt leakage phrases |
Install
From a local checkout:
pip install .Run without installing:
python -m mcp_security_scanner.cli .MCP Server
Run MCP Shield as a stdio MCP server:
mcp-shield-serverAvailable tools:
scan_path_tool- scan a local MCP server or agent projectlist_rules- list rule IDs and descriptions
Example Claude Desktop-style command:
{
"mcpServers": {
"mcp-shield": {
"command": "mcp-shield-server"
}
}
}Usage
mcp-scan .
mcp-scan path/to/mcp-server
mcp-scan . --format json
mcp-scan . --format markdown --output mcp-security-report.md
mcp-scan . --format sarif --output mcp-shield.sarif
mcp-scan . --fail-on mediumFormats:
textfor humansjsonfor automationmarkdownfor PR comments and reportssariffor GitHub code scanning
Severity gates:
lowmediumhighcritical
--fail-on high exits with code 1 when any high or critical finding exists.
Ignore Files
Create .mcp-scan-ignore in the scanned directory:
tests/
fixtures/
examples/unsafe-demo.pyUse this for intentional fixtures and demos. Do not use it to hide production risks.
Suppressions
Suppress a reviewed finding on the same line:
subprocess.run(cmd) # mcp-shield: ignore code.subprocessUse all only for test fixtures:
subprocess.run(cmd, shell=True) # mcp-shield: ignore allExample
Scan the intentionally unsafe example:
python -m mcp_security_scanner.cli examples/unsafe-mcp-server --fail-on criticalGitHub Actions
name: MCP security scan
on: [push, pull_request]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: "3.12"
- run: pip install .
- run: mcp-scan . --fail-on highRoadmap
MCP SDK-aware parsing for Python and TypeScript servers
safer default rule pack for enterprise MCP servers
prompt/resource-specific injection checks
PyPI release for
pipx install mcp-shield
Repository Topics
Add these GitHub topics for discovery:
mcp, model-context-protocol, ai-agents, security, security-tools, scanner, devtools, llm, prompt-injection, static-analysisGitHub recommends repository topics because they help people discover and contribute to projects by purpose and subject area.
Scope
MCP Shield is a static heuristic scanner. It catches common risks early, but it is not a full security audit.
Help It Grow
MCP security is moving fast. The most useful contributions right now are real-world unsafe MCP examples, low-noise detection rules, and CI integrations.
If MCP Shield catches something useful, star the repo so more MCP builders can find it.
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Tools
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/rob925/mcp-shield'
If you have feedback or need assistance with the MCP directory API, please join our Discord server