Scan your MCP server configurations for security vulnerabilities, misconfigurations, and known CVEs. Free, open-source, instant results.
Paste your Claude Desktop or MCP config JSON, or enter a server URL, for an instant security grade.
Detect MCP servers running with missing authentication, plaintext HTTP transport, and publicly exposed endpoints without credential enforcement.
Find hardcoded API keys, bearer tokens, and passwords embedded directly in your MCP server configurations before attackers do.
Flag unencrypted channels, sudo privilege escalation, direct shell access, and deprecated or insecure transport types in your stack.
Identify servers running with elevated privileges, admin flags, or overly broad filesystem and network access patterns beyond least-privilege.
Catch placeholder values, duplicate server entries, empty configurations, and structural complexity risks that increase your attack surface.
Match your MCP packages against a curated database of known vulnerabilities, including CVE-2025-6514 (CVSS 9.6) and two additional critical CVEs.
Works with Claude Desktop, Cursor, and any MCP config format.
Full API documentation available at /docs. Integrate MCP Shield directly into your CI/CD pipeline or security tooling.
MCP Shield is MIT-licensed and fully open source. Install the CLI, use the web scanner, or self-host. Star us on GitHub to stay updated on new CVEs and checks.
Built by TimoLabs