MCPShield - MCP Security Scanner
Scan MCP (Model Context Protocol) servers for security vulnerabilities directly from VS Code. Two-pass analysis: 49 regex rules + LLM semantic detection.
Features
- Scan any MCP server by URL or GitHub repo before connecting
- Two-pass analysis: regex rules catch known patterns, LLM judge catches semantic attacks
- Security grades (A-F) with detailed findings and remediation guidance
- Status bar shows the last scan grade at a glance
- Results panel with severity breakdown, finding details, and fix suggestions
Usage
- Open the Command Palette (
Ctrl+Shift+P / Cmd+Shift+P)
- Run "MCPShield: Set API Key" and enter your API key (get one free at mcpshield.co)
- Run "MCPShield: Scan MCP Server" and paste the MCP server URL or GitHub repo
- Review the grade and findings
Commands
| Command |
Description |
MCPShield: Scan MCP Server |
Scan a URL or GitHub repo |
MCPShield: Scan URL from Clipboard |
Scan the URL currently in your clipboard |
MCPShield: Set API Key |
Store your MCPShield API key |
MCPShield: View Last Scan Results |
Re-open the results panel |
What It Detects
- Tool poisoning and prompt injection
- Hidden Unicode characters and encoding obfuscation
- Command injection, path traversal, SQL injection, SSRF
- Missing authentication and authorization
- Semantic manipulation (medical jargon camouflage, consent fabrication, instruction fragmentation)
- Cross-tool attack chains
- And 49+ more rule categories
Get an API Key
Sign up at mcpshield.co to get a free API key (10 scans/day).
Links
| |
