Universal AI security layer - MCP server for code scanning, PII detection, prompt injection defense, secret detection, and audit logging

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for sparkvibe from gravatar.com sparkvibe

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: Krishna
  • Tags ai , audit , code-scanning , guardrails , llm , mcp , pii , prompt-injection , secrets , security
  • Requires: Python >=3.9
  • Provides-Extra: dev , presidio
Classifiers
Report project as malware

Project description

GuardianShield

PyPI version Python License Tests

Universal AI security layer — an open-source MCP server for code scanning, PII detection, prompt injection defense, secret detection, dependency auditing, and audit logging.

Zero dependencies · 21 MCP tools · 5 safety profiles · 108+ detection patterns

Features

  • Code Vulnerability Scanning — SQL injection, XSS, command injection, path traversal with CWE IDs and auto-fix remediation
  • Cross-line Data Flow Analysis — DeepEngine tracks tainted data from sources to sinks across multiple lines using AST-based taint propagation (Python) and regex (JS/TS)
  • Dependency Security — Version-aware CVE matching against OSV.dev for PyPI, npm, Go, and Packagist ecosystems
  • Manifest Parsing — Auto-detects 11 formats (requirements.txt, package.json, yarn.lock, go.mod, composer.json, and more)
  • Prompt Injection Defense — 9+ detection patterns for instruction override, role hijacking, ChatML injection
  • PII Detection — Email, SSN, credit card, phone, IP — with automatic redaction in findings
  • Secret Detection — AWS keys, GitHub tokens, Stripe keys, JWTs, passwords, connection strings
  • Safety Profiles — 5 built-in profiles (general, education, healthcare, finance, children)
  • Audit Logging — SQLite-backed scan history with finding retrieval and filtering

Install

pip install guardianshield

Quick Start

# Register with Claude Code
claude mcp add guardianshield -- guardianshield-mcp

# Or run directly
guardianshield-mcp

Editor Integration

# Claude Code
claude mcp add guardianshield -- guardianshield-mcp

# VS Code (.vscode/mcp.json)
{"servers": {"guardianshield": {"type": "stdio", "command": "guardianshield-mcp"}}}

# Cursor (.cursor/mcp.json)
{"mcpServers": {"guardianshield": {"command": "guardianshield-mcp"}}}

# Claude Desktop (claude_desktop_config.json)
{"mcpServers": {"guardianshield": {"command": "guardianshield-mcp"}}}

MCP Tools

Scanning

Tool Description
scan_code Scan source code for vulnerabilities and hardcoded secrets
scan_file Scan a single file (auto-detects language from extension)
scan_directory Recursively scan a directory with filtering and progress streaming
scan_input Check user/agent input for prompt injection attempts
scan_output Check AI output for PII leaks and content violations
check_secrets Detect hardcoded secrets and credentials

Dependency Security

Tool Description
check_dependencies Check packages for known CVEs via OSV.dev (PyPI, npm, Go, Packagist)
sync_vulnerabilities Sync the local OSV vulnerability database
parse_manifest Parse any supported manifest file (11 formats) into dependency objects
scan_dependencies Scan a directory for manifest files and check all deps for vulnerabilities

False Positive Management

Tool Description
mark_false_positive Mark a finding as false positive (flags future matches)
list_false_positives List active false positive records with optional filter
unmark_false_positive Remove a false positive record by fingerprint

Engine Management

Tool Description
list_engines List available analysis engines with capabilities
set_engine Set active analysis engines for code scanning

Three engines ship built-in: regex (line-by-line pattern matching, enabled by default), deep (cross-line taint tracking), and semantic (structure-aware confidence adjustment).

Configuration & Utilities

Tool Description
get_profile Get current safety profile configuration
set_profile Switch safety profile (general, education, healthcare, finance, children)
test_pattern Test a regex pattern against sample code for custom pattern development
audit_log Query the security audit log
get_findings Retrieve past findings with filters
shield_status Get health, configuration, and OSV cache statistics

Configuration

Set environment variables to customize behavior:

Variable Description Default
GUARDIANSHIELD_PROFILE Default safety profile general
GUARDIANSHIELD_AUDIT_PATH Path to SQLite audit database ~/.guardianshield/audit.db
GUARDIANSHIELD_DEBUG Enable debug logging (1) disabled

Documentation

Full documentation: sparkvibe-io.github.io/GuardianShield

License

Apache 2.0

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for sparkvibe from gravatar.com sparkvibe

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Author: Krishna
  • Tags ai , audit , code-scanning , guardrails , llm , mcp , pii , prompt-injection , secrets , security
  • Requires: Python >=3.9
  • Provides-Extra: dev , presidio
Classifiers

Release history Release notifications | RSS feed

1.2.1

1.2.0

This version

1.1.1

1.1.0

1.1.0b1 pre-release

1.0.2

1.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

guardianshield-1.1.1.tar.gz (254.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

guardianshield-1.1.1-py3-none-any.whl (119.1 kB view details)

Uploaded Python 3

File details

Details for the file guardianshield-1.1.1.tar.gz.

File metadata

  • Download URL: guardianshield-1.1.1.tar.gz
  • Upload date:
  • Size: 254.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for guardianshield-1.1.1.tar.gz
Algorithm Hash digest
SHA256 ee8e96c71ab5fef69354aef03566c060ef3c7332a43375e07e41030b3193ee12
MD5 62deb89f0c967b8e8c8f6a022a76403f
BLAKE2b-256 5e128d5d5effbd561745ab92ebaa9c423aaf63589a7bb1dcf1f3872f891c50e0

See more details on using hashes here.

Provenance

The following attestation bundles were made for guardianshield-1.1.1.tar.gz:

Publisher: publish.yml on sparkvibe-io/GuardianShield

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file guardianshield-1.1.1-py3-none-any.whl.

File metadata

  • Download URL: guardianshield-1.1.1-py3-none-any.whl
  • Upload date:
  • Size: 119.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for guardianshield-1.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 2a8ba093b2e0c8fa73f3089b52a49ee36cb85b7c88e7967000d4b149adde5de4
MD5 2b464955fdc3fddfb24ca2eb382ab246
BLAKE2b-256 82ac184d7d2c920887409383535bcda7a7350ad934e0e215d8850f63dcaae1a2

See more details on using hashes here.

Provenance

The following attestation bundles were made for guardianshield-1.1.1-py3-none-any.whl:

Publisher: publish.yml on sparkvibe-io/GuardianShield

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page