Back to Browse
Free
Server data from the Official MCP Registry
AI security layer: code scanning, PII detection, prompt injection, secrets, CVEs
About
AI security layer: code scanning, PII detection, prompt injection, secrets, CVEs
Security Report
10.0
Low Risk10.0Low RiskValid MCP server (1 strong, 1 medium validity signals). No known CVEs in dependencies. Package registry verified. Imported from the Official MCP Registry.
3 files analyzed · 1 issue found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
Permissions Required
This plugin requests these system permissions. Most are normal for its category.
What You'll Need
Set these up before or after installing:
Default safety profile (general, education, healthcare, finance, children)
Environment variable: GUARDIANSHIELD_PROFILE
Path to the SQLite audit database
Environment variable: GUARDIANSHIELD_AUDIT_PATH
Set to 1 for debug logging
Environment variable: GUARDIANSHIELD_DEBUG
How to Install
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-sparkvibe-io-guardianshield": {
"env": {
"GUARDIANSHIELD_DEBUG": "your-guardianshield-debug-here",
"GUARDIANSHIELD_PROFILE": "your-guardianshield-profile-here",
"GUARDIANSHIELD_AUDIT_PATH": "your-guardianshield-audit-path-here"
},
"args": [
"guardianshield"
],
"command": "uvx"
}
}
}Documentation
View on GitHubFrom the project's GitHub README.
GuardianShield
Universal AI security layer — an open-source MCP server for code scanning, PII detection, prompt injection defense, secret detection, dependency auditing, and audit logging.
Zero dependencies · 27 MCP tools · 5 safety profiles · 108+ detection patterns
Features
- Code Vulnerability Scanning — SQL injection, XSS, command injection, path traversal with CWE IDs and auto-fix remediation
- Cross-line Data Flow Analysis — DeepEngine tracks tainted data from sources to sinks across multiple lines using AST-based taint propagation (Python) and regex (JS/TS)
- Dependency Security — Version-aware CVE matching against OSV.dev for PyPI, npm, Go, and Packagist ecosystems
- Manifest Parsing — Auto-detects 11 formats (requirements.txt, package.json, yarn.lock, go.mod, composer.json, and more)
- Prompt Injection Defense — 9+ detection patterns for instruction override, role hijacking, ChatML injection
- PII Detection — Email, SSN, credit card, phone, IP — with automatic redaction in findings
- Secret Detection — AWS keys, GitHub tokens, Stripe keys, JWTs, passwords, connection strings
- Safety Profiles — 5 built-in profiles (general, education, healthcare, finance, children)
- Audit Logging — SQLite-backed scan history with finding retrieval and filtering
Install
pip install guardianshield
Quick Start
# Register with Claude Code
claude mcp add guardianshield -- guardianshield-mcp
# Or run directly
guardianshield-mcp
Editor Integration
# Claude Code
claude mcp add guardianshield -- guardianshield-mcp
# VS Code (.vscode/mcp.json)
{"servers": {"guardianshield": {"type": "stdio", "command": "guardianshield-mcp"}}}
# Cursor (.cursor/mcp.json)
{"mcpServers": {"guardianshield": {"command": "guardianshield-mcp"}}}
# Claude Desktop (claude_desktop_config.json)
{"mcpServers": {"guardianshield": {"command": "guardianshield-mcp"}}}
MCP Tools
Scanning
| Tool | Description |
|---|---|
scan_code | Scan source code for vulnerabilities and hardcoded secrets |
scan_file | Scan a single file (auto-detects language from extension) |
scan_directory | Recursively scan a directory with filtering and progress streaming |
scan_input | Check user/agent input for prompt injection attempts |
scan_output | Check AI output for PII leaks and content violations |
check_secrets | Detect hardcoded secrets and credentials |
scan_files | Scan multiple files in one call |
scan_diff | Parse unified diff and scan only added lines |
Dependency Security
| Tool | Description |
|---|---|
check_dependencies | Check packages for known CVEs via OSV.dev (PyPI, npm, Go, Packagist) |
sync_vulnerabilities | Sync the local OSV vulnerability database |
parse_manifest | Parse any supported manifest file (11 formats) into dependency objects |
scan_dependencies | Scan a directory for manifest files and check all deps for vulnerabilities |
False Positive Management
| Tool | Description |
|---|---|
mark_false_positive | Mark a finding as false positive (flags future matches) |
list_false_positives | List active false positive records with optional filter |
unmark_false_positive | Remove a false positive record by fingerprint |
Engine Management
| Tool | Description |
|---|---|
list_engines | List available analysis engines with capabilities |
set_engine | Set active analysis engines for code scanning |
Three engines ship built-in: regex (line-by-line pattern matching, enabled by default), deep (cross-line taint tracking), and semantic (structure-aware confidence adjustment).
CI & Developer Workflow
| Tool | Description |
|---|---|
export_sarif | Export findings as SARIF 2.1.0 JSON for GitHub Code Scanning and CI |
save_baseline | Save current findings as a baseline for delta scanning |
scan_with_baseline | Scan code and report only new findings vs. baseline |
check_quality_gate | Evaluate findings against severity thresholds (pass/fail/warn) |
scan_files | Scan multiple files in one call |
scan_diff | Parse unified diff and scan only added lines |
Configuration & Utilities
| Tool | Description |
|---|---|
get_profile | Get current safety profile configuration |
set_profile | Switch safety profile (general, education, healthcare, finance, children) |
test_pattern | Test a regex pattern against sample code for custom pattern development |
audit_log | Query the security audit log |
get_findings | Retrieve past findings with filters |
shield_status | Get health, configuration, and OSV cache statistics |
Configuration
Set environment variables to customize behavior:
| Variable | Description | Default |
|---|---|---|
GUARDIANSHIELD_PROFILE | Default safety profile | general |
GUARDIANSHIELD_AUDIT_PATH | Path to SQLite audit database | ~/.guardianshield/audit.db |
GUARDIANSHIELD_DEBUG | Enable debug logging (1) | disabled |
Documentation
Full documentation: sparkvibe-io.github.io/GuardianShield
License
Apache 2.0
Reviews
No reviews yet
Be the first to review this server!
More Security MCP Servers
Toleno
Freeby Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
114
Stars
409
Installs
8.0
Security
4.8
Local
mcp-creator-python
Freeby mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.
-
Stars
56
Installs
10.0
Security
5.0
Local
MarkItDown
Freeby Microsoft · Content & Media
Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption
116.1K
Stars
15
Installs
6.0
Security
5.0
Local
mcp-creator-typescript
Freeby mcp-marketplace · Developer Tools
Scaffold, build, and publish TypeScript MCP servers to npm — conversationally
-
Stars
14
Installs
10.0
Security
5.0
Local
FinAgent
Freeby mcp-marketplace · Finance
Free stock data and market news for any MCP-compatible AI assistant.
-
Stars
13
Installs
10.0
Security
No ratings yet
Local
Google Workspace MCP
Freeby Taylorwilsdon · Productivity
Control Gmail, Calendar, Docs, Sheets, Drive, and more from your AI
1.6K
Stars
11
Installs
7.0
Security
No ratings yet
Local