io.github.MCPShield-Dev/mcpshield

Security scanner for MCP servers - detects tool poisoning and injection

UnknownNot tested

15FNo CVEsunknown

Quick Install

{
  "mcpServers": {
    "io-github-mcpshield-dev-mcpshield": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Setup guide

No install config available. Check the server's README for setup instructions.

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-mcpshield-dev-mcpshield)](https://mcppedia.org/s/io-github-mcpshield-dev-mcpshield)

Should you use this server?

Security scanner for MCP servers - detects tool poisoning and injection

✓

Is it safe?

No package registry to scan.

No authentication — any process on your machine can connect.

License not specified.

Is it maintained?

Commit history unknown.

Will it work with my client?

Transport: stdio. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.

README

MCPShield CLI

Scan MCP servers and GitHub repositories for security vulnerabilities.

Install

npm install -g mcpshield

Setup

Get a free API key at mcpshield.co/settings, then:

mcpshield auth mcp_sk_your_key_here

Usage

# Scan an HTTP MCP server
mcpshield scan --url https://mcp-server.example.com/mcp

# Scan a GitHub repository
mcpshield scan --github https://github.com/user/repo

# JSON output (for CI/CD)
mcpshield scan --url https://mcp-server.example.com/mcp --json

# Filter by severity
mcpshield scan --url https://mcp-server.example.com/mcp --severity high

Exit Codes

0 — Scan completed, no critical findings
1 — Error (invalid key, rate limit, scan failure)
2 — Scan completed with critical findings

Environment Variables

MCPSHIELD_API_KEY — API key (alternative to mcpshield auth)
MCPSHIELD_API_URL — Custom API endpoint (for self-hosted)

License

MIT

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Score Breakdown

MCPpedia Score

Click each category to see evidence

15F

Last scored 7h ago

How we score →

Security

3/30

No known vulnerabilities.

○

Known CVEs — No package registry to scan

○

Tool safety — No tools to analyze

○

Tool poisoning — No tools to analyze

○

Injection vectors — No tools to analyze

✓

Tool stability — Tool definitions stable

○

Dependency health — No package to analyze

✗

License — No license specified

○

Authentication — No authentication required

○

Repository — active repo

CVEs checked daily via OSV.dev. Score algorithm is open source.

Reviews

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.MCPShield-Dev/mcpshield safe to use?: io.github.MCPShield-Dev/mcpshield has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.MCPShield-Dev/mcpshield?: io.github.MCPShield-Dev/mcpshield can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with io.github.MCPShield-Dev/mcpshield?: io.github.MCPShield-Dev/mcpshield is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.

Similar servers

View all →

MCPpedia

Official

No CVEs92A

Search, evaluate, and compare 17,000+ MCP servers — each scored on security, maintenance, and efficiency.

5 toolsremote1468/wk2d ago

io.github.xkumakichi/xaip-mcp-server

No CVEs92A

AI agents get on-chain identity, credentials, reputation, escrow, and persistent memory on XRPL.

8 toolsremote154.4k/wk12h ago

Ggmcp

No CVEs88A

MCP server for scanning and remediating hardcoded secrets using GitGuardian’s API. Detect over 500 secret types and prevent credential leaks before code goes public.

5 toolsremote341d ago

Remnux Mcp Server

No CVEs88A

MCP server for using the REMnux malware analysis toolkit via AI assistants

5 toolsremote62349/wk15d ago

MCP Security Weekly

Get CVE alerts and security updates for io.github.MCPShield-Dev/mcpshield and similar servers.

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Should you use this server?

Security scanner for MCP servers - detects tool poisoning and injection

✓

Is it safe?

No package registry to scan.

No authentication — any process on your machine can connect.

License not specified.

Is it maintained?

Commit history unknown.

Will it work with my client?

Transport: stdio. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.

Usage

# Scan an HTTP MCP server mcpshield scan --url https://mcp-server.example.com/mcp # Scan a GitHub repository mcpshield scan --github https://github.com/user/repo # JSON output (for CI/CD) mcpshield scan --url https://mcp-server.example.com/mcp --json # Filter by severity mcpshield scan --url https://mcp-server.example.com/mcp --severity high

Score Breakdown

MCPpedia Score

Click each category to see evidence

15F

Last scored 7h ago

How we score →

Security

3/30

No known vulnerabilities.

○

Known CVEs — No package registry to scan

○

Tool safety — No tools to analyze

○

Tool poisoning — No tools to analyze

○

Injection vectors — No tools to analyze

✓

Tool stability — Tool definitions stable

○

Dependency health — No package to analyze

✗

License — No license specified

○

Authentication — No authentication required

○

Repository — active repo

CVEs checked daily via OSV.dev. Score algorithm is open source.

Frequently Asked Questions

Is io.github.MCPShield-Dev/mcpshield safe to use?

io.github.MCPShield-Dev/mcpshield has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.MCPShield-Dev/mcpshield?

io.github.MCPShield-Dev/mcpshield can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with io.github.MCPShield-Dev/mcpshield?

io.github.MCPShield-Dev/mcpshield is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.