Show HN: MCP-Shield – Detect security issues in MCP servers
a year ago
- #vulnerability-scanning
- #MCP
- #security
- MCP-Shield scans MCP servers for vulnerabilities like tool poisoning, exfiltration, and cross-origin escalations.
- Can be run via npx with optional Claude API key or config file path.
- Detects hidden instructions, sensitive file access, and data exfiltration attempts in tools.
- Identifies high-risk vulnerabilities like SSH key access disguised as calculator tools.
- Flags tool shadowing where one tool modifies another's behavior without user knowledge.
- Supports scanning config files for various platforms including Claude Desktop and VSCode.
- Recommends scanning before adding new MCP servers, during audits, and after updates.
- Open-source project under MIT License, welcoming contributions.