AI-powered security code review MCP server for Claude Code — combines Semgrep (5,000+ rules), bandit, detect-secrets, pip-audit, and npm-audit
Project description
shieldbot-mcp
AI-powered security code review MCP server for Claude Code.
Combines Semgrep (5,000+ rules), bandit, ruff, detect-secrets, pip-audit, and npm-audit with Claude's security expertise to deliver prioritized, actionable security reports.
Install
pip install shieldbot-mcp
Or run directly via uvx (recommended for MCP):
uvx shieldbot-mcp
Usage with Claude Code
Install the plugin:
/plugin install shieldbot
Then ask Claude naturally:
- "scan this repo for security issues"
- "check for hardcoded secrets"
- "audit my dependencies for CVEs"
Or use the slash command:
/shieldbot-scan .
/shieldbot-scan /path/to/repo --min-severity high
/shieldbot-scan . --git-history
MCP tools exposed
| Tool | Description |
|---|---|
scan_repository |
Full parallel security scan → JSON report |
check_scanner_tools |
Check which scanners are installed |
Add to any MCP client
{
"mcpServers": {
"shieldbot": {
"command": "uvx",
"args": ["shieldbot-mcp"]
}
}
}
Scanners
| Scanner | Coverage |
|---|---|
| Semgrep 5,000+ rules | OWASP Top 10, CWE Top 25, injection, XSS, SSRF, taint |
| bandit | Python security |
| ruff | Python quality + security |
| detect-secrets | API keys, passwords, tokens |
| pip-audit | Python CVEs (PyPI Advisory DB) |
| npm audit | Node.js CVEs |
Publish to PyPI
pip install hatchling build twine
python -m build
twine upload dist/*
License
MIT
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file shieldbot_mcp-1.0.0.tar.gz.
File metadata
- Download URL: shieldbot_mcp-1.0.0.tar.gz
- Upload date:
- Size: 20.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
1a9b4b9d0fdfe4888fd057daae1ffa08d6298f2c8e94cd996107746bb5b12f89
|
|
| MD5 |
6865164c11a33b861f6a6edfd785260a
|
|
| BLAKE2b-256 |
a3d2f9a96e0d6ea2a0096caefcd76e91d405631b1010e1a95635fef7d06b6d35
|
File details
Details for the file shieldbot_mcp-1.0.0-py3-none-any.whl.
File metadata
- Download URL: shieldbot_mcp-1.0.0-py3-none-any.whl
- Upload date:
- Size: 30.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
22daa8947e69f2bebcf1b1da237c6a9d9fb908c6d6da0c89352510dbf2cb4c48
|
|
| MD5 |
d350b47c94951a24f391a0f860eaf449
|
|
| BLAKE2b-256 |
32cdee57f33aede31a3e80e90e2716bda8c3f9c9c3692ae9df66eeb88956903d
|
