MCPShield Agent - AI Agent Security Scanner for MCP servers
Project description
MCPShield Agent
AI Agent Security Scanner - Discovers MCP servers on your system and reports them to MCPShield for security analysis.
Installation
# Install from PyPI
pip install mcpshield-agent
# Or install from source
pip install -e .
Quick Start
# 1. Configure with your API key (get from dashboard)
mcpshield configure --api-key mcp_sk_your_key_here
# 2. Scan for MCP servers
mcpshield scan
# 3. Check status
mcpshield status
Commands
| Command | Description |
|---|---|
mcpshield configure --api-key KEY |
Configure agent with API key |
mcpshield scan |
Scan and report MCP servers |
mcpshield scan --dry-run |
Scan without reporting |
mcpshield daemon |
Run continuous scheduled scanning |
mcpshield status |
Show agent status |
mcpshield list |
List found servers (no report) |
mcpshield --version |
Show version |
What It Scans
The agent looks for MCP server configurations in:
Windows:
%APPDATA%\Claude\claude_desktop_config.json%APPDATA%\Cursor\User\globalStorage\saoudrizwan.claude-dev\settings\cline_mcp_settings.json
macOS:
~/Library/Application Support/Claude/claude_desktop_config.json
Linux:
~/.config/Claude/claude_desktop_config.json~/.config/cursor/mcp.json
What It Reports
For each discovered MCP server:
- Server name - e.g., "filesystem", "postgres"
- Server type - e.g., "@modelcontextprotocol/server-filesystem"
- Command - Full command string
- Scope - Access scope (file paths, URLs)
- Environment variables - Names only, NOT values
- Status - Active or dormant
Configuration
Config is stored in:
- Windows:
%LOCALAPPDATA%\MCPShield\config.json - macOS:
~/Library/Application Support/MCPShield/config.json - Linux:
~/.config/mcpshield/config.json
{
"api_url": "https://api.mcpshield.app",
"api_key": "mcp_sk_..."
}
Daemon Mode (Continuous Scanning)
Run the agent in daemon mode for automatic scheduled scanning:
# Default: scan every hour (3600 seconds)
mcpshield daemon
# Custom interval: scan every 5 minutes
mcpshield daemon --interval 300
The daemon will:
- Scan for MCP servers at the configured interval
- Report discovered servers to the backend
- Send heartbeat updates
- Log each scan cycle
- Shut down gracefully on Ctrl+C
Security
- Never sends credential values - Only environment variable names
- Local config is secure - API key stored locally
- HTTPS by default - All API communication encrypted
Development
# Install in development mode
pip install -e .
# Run tests
pytest
# Run locally against dev API
mcpshield configure --api-key YOUR_KEY --api-url http://localhost:8000
License
MIT License - see LICENSE file.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file mcpshield_agent-0.1.2.tar.gz.
File metadata
- Download URL: mcpshield_agent-0.1.2.tar.gz
- Upload date:
- Size: 17.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6ce9d8e0eac01017bec4cfcee6abda062f53fae5bcfb6f4300b83781aeaf3f90
|
|
| MD5 |
4eb836a2f868ecc8e7651ecf9109dd79
|
|
| BLAKE2b-256 |
83ee166d1ee2cab0554d3d6ed0fb1d026a43aca1351f80c1d2e191d0a040eab6
|
File details
Details for the file mcpshield_agent-0.1.2-py3-none-any.whl.
File metadata
- Download URL: mcpshield_agent-0.1.2-py3-none-any.whl
- Upload date:
- Size: 16.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e66f98b4a10c04060b717d0936de98a2427c55b0e9b342390ec0f205f06d5a13
|
|
| MD5 |
69dbc2e38f0a40ecda8e2b7a9778afd1
|
|
| BLAKE2b-256 |
e07f6b49688d82896445bd6466bcf5ea88b09d563baf7380f779ab611549a396
|
