A security scanner that analyzes MCP servers and GitHub repositories for vulnerabilities using 59+ detection rules based on the OWASP MCP Top 10. You point it at an HTTP MCP endpoint or a repo URL, and it scans for tool poisoning, injection attacks, and other security issues. It returns findings with severity levels and exits with code 2 if it detects critical problems, making it straightforward to gate deployments in CI/CD pipelines. Requires a free API key from mcpshield.co. Reach for this when you're vetting third-party MCP servers before connecting them to Claude, or when you want automated security checks on your own servers before deployment.
claude mcp add --transport stdio mcpshield-dev-mcpshield -- npx -y mcpshield-cli