Scan, improve, and certify MCP servers and AI agent skills

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for teehooaiowen from gravatar.com teehooaiowen

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: TeeShield
  • Tags ai-agent , mcp , security , skill-rating , tool-firewall
  • Requires: Python >=3.11
  • Provides-Extra: ai , dev
Classifiers
Report project as malware

Project description

TeeShield -- Security Scanner for MCP tools

TeeShield Verified PyPI License: MIT

npm audit for MCP tools. Scan tool definitions and detect unsafe descriptions before AI agents misuse them.

Why TeeShield?

We scanned 79 MCP tools across 7 public servers and found:

  • Average description quality: 3.1 / 10
  • 0% of tools have "Use when..." scenario triggers
  • 0% have parameter examples
  • Fewer than 5% have error handling guidance

AI agents pick which tool to call based on the description text. A vague description like "access filesystem" gives the agent no boundaries -- it doesn't know which directories are safe, whether it should read or write, or what happens on failure.

TeeShield scans tool descriptions, scores them, and rewrites them automatically.

Install

pip install teeshield

Requires Python 3.11+.

Quickstart

teeshield scan ./your-mcp-server

Example output:

            TeeShield Scan Report
   modelcontextprotocol/servers/filesystem
+---------------------------------------------+
| Metric                | Value     |   Score |
|-----------------------+-----------+---------|
| License               | MIT       |      OK |
| Tools                 | 14        |      OK |
| Security              | 0 issues  | 10.0/10 |
| Descriptions          |           |  3.2/10 |
| Architecture          |           | 10.0/10 |
| Tests                 | Yes       |      OK |
|                       |           |         |
| Overall               | Rating: B |  7.6/10 |
| Improvement Potential |           |  2.4/10 |
+---------------------------------------------+

Rewrite tool descriptions

TeeShield can automatically rewrite tool descriptions to be action-oriented, with scenario triggers, parameter examples, and error guidance.

# Preview changes (no files modified)
teeshield rewrite ./your-mcp-server --dry-run

# Apply changes to source files
teeshield rewrite ./your-mcp-server

Before (score 2.9):

"Shows the working tree status"

After (score 9.6):

"Query the current state of the Git working directory and staging area.
 Use when the user wants to check which files are modified, staged, or
 untracked before committing."

The rewriter works offline using templates (zero cost). Set ANTHROPIC_API_KEY for higher-quality LLM-powered rewrites.

Scan results across the MCP ecosystem

Server Tools Security Descriptions Overall Rating
filesystem 14 10.0 3.2 7.6 B
git 12 10.0 2.4 7.3 B
memory 9 10.0 2.3 7.3 B
fetch 1 9.0 3.5 7.3 B
supabase 30 9.0 2.3 6.4 B

Full report: MCP-SECURITY-REPORT.md | Raw data: CURATION-REPORT.md

Try it on an example

The repo includes example MCP servers for instant demo:

git clone https://github.com/teehooai/teeshield
cd teeshield

teeshield scan examples/insecure-server   # Rating: C (4.8/10)
teeshield scan examples/secure-server     # Rating: B (7.2/10)

What TeeShield checks

Descriptions (weighted 40%)

  • Scenario triggers ("Use when the user wants to...")
  • Parameter examples
  • Error handling guidance
  • Disambiguation between similar tools
  • Length (too short = vague, too long = noisy)

Security (weighted 30%)

  • Path traversal
  • Command injection
  • SQL injection
  • SSRF (unrestricted network access)
  • Credential exposure

Architecture (weighted 20%)

  • Test coverage
  • Error handling
  • Type annotations
  • Input validation patterns

License (weighted 10%)

  • MIT, Apache-2.0, BSD = OK
  • GPL, AGPL = warning
  • Missing = fail

Rating scale

Rating Score Meaning
A+ 9.0+ Production-ready
A 8.0+ Safe with minor suggestions
B 6.0+ Usable, needs improvements
C 4.0+ Significant issues
F <4.0 Unsafe, do not deploy

JSON output

teeshield scan ./server --format json
teeshield scan ./server --format json -o report.json

GitHub Action

Add TeeShield to your CI pipeline:

- uses: teehooai/teeshield@v0.1.0
  with:
    target: '.'
    fail-below: '6.0'

Commands

Command Description
teeshield scan <path> Scan and rate an MCP server
teeshield rewrite <path> Rewrite tool descriptions
teeshield harden <path> Security hardening recommendations
teeshield eval <original> <improved> Compare tool selection accuracy

Threat model

TeeShield is a static analysis linter, not a runtime sandbox.

What it catches:

  • Ambiguous tool definitions that lead to agent misuse
  • Missing side-effect declarations (writes, deletes, network calls)
  • Unsafe permission patterns (unbounded file access, unrestricted queries)
  • Vague descriptions that give agents no operational boundaries

What it does NOT do:

  • Runtime isolation or sandboxing
  • Prompt injection detection
  • Network traffic monitoring
  • Access control enforcement

TeeShield runs before deployment. For runtime protection, pair it with tools like MCP Proxy or container sandboxes.

License

MIT

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for teehooaiowen from gravatar.com teehooaiowen

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: TeeShield
  • Tags ai-agent , mcp , security , skill-rating , tool-firewall
  • Requires: Python >=3.11
  • Provides-Extra: ai , dev
Classifiers

Release history Release notifications | RSS feed

0.2.0

0.1.4

This version

0.1.3

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

teeshield-0.1.3.tar.gz (43.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

teeshield-0.1.3-py3-none-any.whl (27.8 kB view details)

Uploaded Python 3

File details

Details for the file teeshield-0.1.3.tar.gz.

File metadata

  • Download URL: teeshield-0.1.3.tar.gz
  • Upload date:
  • Size: 43.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for teeshield-0.1.3.tar.gz
Algorithm Hash digest
SHA256 19ec309695528b4c55768ec2a2f3d10d84c7b171fafc81a10314d203b8ecc7c5
MD5 e374a00755cff5c185bb0fac8103efea
BLAKE2b-256 f7acbba91b662da766b5d369ab30f07d74e288a61f714364e6d4ab1b06749a27

See more details on using hashes here.

Provenance

The following attestation bundles were made for teeshield-0.1.3.tar.gz:

Publisher: publish.yml on teehooai/teeshield

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file teeshield-0.1.3-py3-none-any.whl.

File metadata

  • Download URL: teeshield-0.1.3-py3-none-any.whl
  • Upload date:
  • Size: 27.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for teeshield-0.1.3-py3-none-any.whl
Algorithm Hash digest
SHA256 18aa92563e14785e7695c90727642b99cf71be9ab242dc23d82bee2470cc5ef9
MD5 4ca4d368c064d0e5ab03af4987f50585
BLAKE2b-256 69bc2f79bdc359780a9d7c5f9c47318efa144e3825aa1d553c725f6568e20bc5

See more details on using hashes here.

Provenance

The following attestation bundles were made for teeshield-0.1.3-py3-none-any.whl:

Publisher: publish.yml on teehooai/teeshield

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page