Is Agentshield safe to use?

Agentshield has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install Agentshield?

Agentshield can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with Agentshield?

Agentshield is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Is Agentshield actively maintained?

Agentshield is actively maintained — last commit was 0 days ago. It has 655 GitHub stars.

Agentshield

Name: Agentshield
Author: affaan-m

by affaan-m

AI agent security scanner. Detect vulnerabilities in agent configurations, MCP servers, and tool permissions. Available as CLI, GitHub Action, ECC plugin, and GitHub App integration. 🛡️

655 0 tools GitHub

No known CVEs

MIT license

Actively maintained

Last commit 0d ago

Works with most clients

Transport: stdio

0 tools

Grade F

Edit this pageView history

AI / ML Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "agentshield": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/agentshield)](https://mcppedia.org/s/agentshield)

Read me

What Agentshield does

AI agent security scanner. Detect vulnerabilities in agent configurations, MCP servers, and tool permissions. Available as CLI, GitHub Action, ECC plugin, and GitHub App integration. 🛡️

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

41/100across 5 weighted dimensions

How we score →

0255075100

−59

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Agentshield safe to use?: Agentshield has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Agentshield?: Agentshield can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with Agentshield?: Agentshield is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is Agentshield actively maintained?: Agentshield is actively maintained — last commit was 0 days ago. It has 655 GitHub stars.

Similar servers

Others in ai-ml / security

View all →

Memory MCP Server98

Persistent memory using a knowledge graph

85.9k 5

Context Mode95

Privacy-first. MCP is the protocol for tool access. We're the virtualization layer for context.

15.1k 6

Gemini Cli95

An open-source AI agent that brings the power of Gemini directly into your terminal.

104.3k 8

Antigravity Workspace Template94

Workspace template + MCP server for Claude Code, Codex CLI, Cursor & Windsurf. Multi-agent knowledge engine (ag-refresh / ag-ask) that turns any codebase into a queryable AI assistant.

1.2k 2

MCP Security Weekly

Get CVE alerts and security updates for Agentshield and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

AI / ML Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "agentshield": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/agentshield)](https://mcppedia.org/s/agentshield)

Read me

What Agentshield does

AI agent security scanner. Detect vulnerabilities in agent configurations, MCP servers, and tool permissions. Available as CLI, GitHub Action, ECC plugin, and GitHub App integration. 🛡️

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

AgentShield

Security auditor for AI agent configurations

Scans Claude Code setups for hardcoded secrets, permission misconfigs,
hook injection, MCP server risks, and agent prompt injection vectors.
Available as CLI, GitHub Action, and GitHub App integration.

Quick Start · What It Catches · API Reference · Opus Pipeline · GitHub Action · Distribution · MiniClaw · Changelog

Why

The AI agent ecosystem is growing faster than its security tooling. In January 2026 alone:

12% of a major agent skill marketplace was malicious (341 of 2,857 community skills)
A CVSS 8.8 CVE exposed 17,500+ internet-facing instances to one-click RCE
The Moltbook breach compromised 1.5M API tokens across 770,000 agents

Developers install community skills, connect MCP servers, and configure hooks without any automated way to audit the security of their setup. AgentShield scans your .claude/ directory and flags vulnerabilities before they become exploits.

Built at the Claude Code Hackathon (Cerebral Valley x Anthropic, Feb 2026). Part of the Everything Claude Code ecosystem (42K+ stars).

Quick Start

# Scan your Claude Code config (no install required)
npx ecc-agentshield scan

# Or install globally
npm install -g ecc-agentshield
agentshield scan

That's it. AgentShield auto-discovers your ~/.claude/ directory, scans all config files, and prints a graded security report.

Discovery intentionally skips common generated directories such as node_modules, build output, and .dmux worktree mirrors so transient copies do not duplicate findings.

  AgentShield Security Report

  Grade: F (0/100)

  Score Breakdown
  Secrets        ░░░░░░░░░░░░░░░░░░░░ 0
  Permissions    ░░░░░░░░░░░░░░░░░░░░ 0
  Hooks          ░░░░░░░░░░░░░░░░░░░░ 0
  MCP Servers    ░░░░░░░░░░░░░░░░░░░░ 0
  Agents         ░░░░░░░░░░░░░░░░░░░░ 0

  ● CRITICAL  Hardcoded Anthropic API key
    CLAUDE.md:13
    Evidence: sk-ant-a...cdef
    Fix: Replace with environment variable reference [auto-fixable]

  ● CRITICAL  Overly permissive allow rule: Bash(*)
    settings.json
    Evidence: Bash(*)
    Fix: Restrict to specific commands: Bash(git *), Bash(npm *), Bash(node *)

  Summary
  Files scanned: 6
  Findings: 73 total — 19 critical, 29 high, 15 medium, 4 low, 6 info
  Auto-fixable: 8 (use --fix)

More commands

# Scan a specific directory
agentshield scan --path /path/to/.claude

# Auto-fix safe issues (replaces hardcoded secrets with env var references)
agentshield scan --fix

# JSON output for CI pipelines
agentshield scan --format json

# Generate an HTML executive security report
agentshield scan --format html > report.html

# Generate a portable audit bundle
agentshield scan --evidence-pack ./agentshield-evidence

# Three-agent Opus 4.6 adversarial analysis (requires ANTHROPIC_API_KEY)
agentshield scan --opus --stream

# Generate a secure baseline config
agentshield init

JSON reports now expose findings[].runtimeConfidence when AgentShield can distinguish active runtime config from project-local settings, template/example inventories, installed Claude plugin caches, declarativ

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

41/100across 5 weighted dimensions

How we score →

0255075100

−59

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Agentshield safe to use?: Agentshield has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Agentshield?: Agentshield can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with Agentshield?: Agentshield is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is Agentshield actively maintained?: Agentshield is actively maintained — last commit was 0 days ago. It has 655 GitHub stars.

Similar servers

Others in ai-ml / security

View all →

Memory MCP Server98

Persistent memory using a knowledge graph

85.9k 5

Context Mode95

Privacy-first. MCP is the protocol for tool access. We're the virtualization layer for context.

15.1k 6

Gemini Cli95

An open-source AI agent that brings the power of Gemini directly into your terminal.

104.3k 8

Antigravity Workspace Template94

Workspace template + MCP server for Claude Code, Codex CLI, Cursor & Windsurf. Multi-agent knowledge engine (ag-refresh / ag-ask) that turns any codebase into a queryable AI assistant.

1.2k 2

MCP Security Weekly

Get CVE alerts and security updates for Agentshield and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?