What are the requirements for AgentShield?

AgentShield requires a compatible MCP client such as Claude Desktop, Claude Code, or Cursor. No additional environment variables are needed for basic setup.

Is AgentShield free to use?

Yes, AgentShield is open source and free to use. You can find the source code on GitHub.

What MCP clients support AgentShield?

AgentShield works with any MCP-compatible client including Claude Desktop (Anthropic's official desktop app), Claude Code (CLI tool), Cursor, and other editors with MCP support.

How do I configure AgentShield?

Configure AgentShield by adding it to your MCP client's config file. For Claude Desktop, edit claude_desktop_config.json and add the server configuration. See the Configuration section above for a ready-to-use example.

AgentShield MCP Server

Q: How do I install AgentShield?

Install AgentShield by running: npx @elliotllliu/agent-shield scan ./path-to-target

Add it to Claude Code

Run this in a terminal.

Run in terminal

claude mcp add agent-shield -- npx -y @elliotllliu/agent-shield scan ./path/to/target

README.md

Full-stack security for AI agents — static analysis + MCP runtime interception.

🛡️ AgentShield

Give your AI a health check.

One scan. Thirteen engines. One report.

中文文档

You found an MCP Server / Skill / Plugin online and want to install it. But you're wondering:

Is this thing safe? Will it steal my API keys? Hijack my AI? Mine crypto?

AgentShield answers that in seconds. One command, 13 independent scanning engines, one clear report.

npx @elliotllliu/agent-shield scan ./that-thing-you-want-to-install

That's it. First run auto-installs all engines. After that, results come in seconds.

See It In Action

🛡️  安全检测报告
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

📁 检测对象:  ./mcp-puppeteer
🔧 检测引擎:  13 个独立扫描器
⏱  总耗时:    50.2s

──────────────────────────────────────────────────────
🔍 各方检测结论
──────────────────────────────────────────────────────

📋 AgentShield — 内置参考（AI Agent 基础检查）
   结论: ⚠️ 发现 1 处需关注
   • 代码混淆  📍 src/index.ts:1

🔍 Aguara — 通用代码安全
   结论: ✅ 未发现风险

🔎 Semgrep — 代码质量与注入检测
   结论: ✅ 未发现风险

🧪 Invariant — MCP Tool Poisoning 检测
   结论: ✅ 未发现风险

🔬 Trivy — 漏洞扫描 + 密钥检测
   结论: ✅ 未发现风险

🔑 Gitleaks — 密钥和 Token 泄露
   结论: ✅ 未发现风险

🐍 Bandit — Python 代码安全
   结论: ✅ 未发现风险

📡 Bearer — 数据流 + 隐私分析
   结论: ✅ 未发现风险

──────────────────────────────────────────────────────
📊 综合结论
──────────────────────────────────────────────────────

✅ 所有引擎均未检出风险
   （7/7 个外部引擎未检出风险）

  ✅ 后门/远程控制  — 7 个引擎均未检出
  ✅ 数据窃取       — 7 个引擎均未检出
  ✅ Prompt 注入    — 7 个引擎均未检出
  ✅ 挖矿行为       — 7 个引擎均未检出

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

One glance: 7 out of 7 external engines say it's clean. All major threats cleared. Safe to install.

Why Trust It?

Because it's not one engine making the call. It's 13 independent scanning engines, each a specialist in their own domain. We bring them together:

Engine	What it's best at
📋 AgentShield (reference)	AI Agent basics — skill hijack, prompt injection, MCP runtime
🔍 Aguara	General security — 177 rules, data exfil, taint tracking
🔎 Semgrep	Code quality — 2000+ rules, injection, XSS, hardcoded secrets
🧪 Invariant	MCP-specific — tool poisoning, cross-origin escalation, rug pull
🔬 Trivy	Vulnerability scan + secret detection + SBOM
🔑 Gitleaks	Secret and token leak detection
🐍 Bandit	Python code security
📡 Bearer	Data flow + privacy analysis
🐕 TruffleHog	Secret detection + verification if active
🌐 OSV-Scanner	Dependency vulnerabilities (Google OSV database)
🦑 Grype	Dependency vulnerability scanning
🟢 njsscan	Node.js / JavaScript security
🔐 detect-secrets	Secret detection (Yelp)

Each engine has its own strengths. We combine all of them into one report.

The built-in engine is reference-only — the overall conclusion is decided by the 7 external engines' consensus. The stronger they get, the stronger we get.

First Run

First time you run it, engines are auto-installed (to ~/.agentshield/, no sudo needed):

🔧 检查引擎...
  ✅ AgentShield — 已就绪
  📦 Aguara — 正在安装... 完成
  📦 Semgrep — 正在安装... 完成
  📦 Invariant — 正在安装... 完成
  📦 Trivy — 正在安装... 完成
  📦 Gitleaks — 正在安装... 完成
  📦 Bandit — 正在安装... 完成
  📦 Bearer — 正在安装... 完成

One-time setup. After that, it's instant.

What Can It Detect?

Risk	What it means
🔴 Skill Hijack	It's secretly modifying your AI's config
🔴 Backdoor	It can silently execute arbitrary code
🔴 Remote Control	It's connecting to external servers + opening a shell
⚠️ Data Theft	It reads your keys/files and sends them out
⚠️ Prompt Injection	It's secretly adding instructions to your AI
⚠️ Tool Poisoning	Hidden malicious instructions in tool descriptions
⚠️ Obfuscated Code	Code is intentionally unreadable — might be hiding something
⚠️ Vulnerabilities	Known CVEs in dependencies
⚠️ Secret Leaks	API keys, tokens, passwords in source code
ℹ️ Excessive Permissions	It asks for more than it needs

More Options

# HTML report (shareable)
agent-shield scan ./dir --html -o report.html

# JSON (for CI/CD)
agent-shield scan ./dir --json

# Chinese report (default)
agent-shield scan ./dir --lang zh

# SARIF (GitHub Code Scanning)
agent-shield scan ./dir --sarif -o results.sarif

Install

# Recommended: use npx, nothing to install
npx @elliotllliu/agent-shield scan ./my-skill/

Configuration

claude_desktop_config.json

{"mcpServers": {"agent-shield": {"command": "npx", "args": ["-y", "@elliotllliu/agent-shield", "scan", "./path/to/target"]}}}

Try it

→Scan the local directory ./my-new-mcp-server for security vulnerabilities.

→Run a security audit on the project in ./target-folder and output the results as an HTML report.

→Check the code in ./plugin-folder for potential prompt injection or tool poisoning risks.

→Perform a deep security scan on the repository at ./project and provide a JSON summary.

Frequently Asked Questions

What are the key features of AgentShield?

Uses 13 independent scanning engines for comprehensive security analysis. Detects prompt injection, data exfiltration, backdoors, and tool poisoning. Supports multi-language injection detection across 8 languages. Generates shareable HTML, JSON, and SARIF reports for CI/CD integration. Performs real-time MCP runtime interception and static analysis.

What can I use AgentShield for?

Verifying the safety of third-party MCP servers before installation. Auditing AI agent configurations for hidden malicious instructions. Scanning local project directories for hardcoded API keys and secrets. Integrating automated security checks into CI/CD pipelines for AI projects.

How do I install AgentShield?

Install AgentShield by running: npx @elliotllliu/agent-shield scan ./path-to-target

What MCP clients work with AgentShield?

AgentShield works with any MCP-compatible client including Claude Desktop, Claude Code, Cursor, and other editors with MCP support.

Turn this server into reusable context

Keep AgentShield docs, env vars, and workflow notes in Conare so your agent carries them across sessions.

Need the old visual installer? Open Conare IDE.

Open Conare

View all ai-tools servers →