Show HN: MCP-Shield – Detect security issues in MCP servers

MCP-Shield is an open-source security scanning tool that detects vulnerabilities in MCP (Model Context Protocol) servers by analyzing instruction-level behavior to identify tool poisoning attacks, data exfiltration channels, and cross-origin manipulations. It scans installed servers in environments like Cursor and Claude Desktop, catching hidden instructions attempting to access sensitive files, shadow other tools, or exfiltrate data through various attack vectors.

Key Points

• •MCP-Shield is an open-source security scanning tool designed to detect vulnerabilities in MCP (Model Context Protocol) servers used in applications like Cursor and Claude Desktop
• •The tool performs instruction-level analysis beyond API surface inspection to identify hidden malicious instructions and tool poisoning attacks
• •Detects five main attack categories: hidden file access attempts (e.g., SSH keys), cross-origin manipulations, tool shadowing/behavior override, data exfiltration channels, and suspicious optional parameters
• •Scans installed MCP servers to reveal what each tool is actually attempting to do, exposing attacks that may not be visible from standard API documentation
• •Includes example vulnerabilities and clear detection output examples in the repository to help users understand the types of security issues it catches
• •Addresses growing security concerns in the MCP ecosystem by providing visibility into server behavior and preventing supply chain attacks through compromised tools
• •Early-stage project actively seeking community feedback on detection patterns, false positive rates, and additional vulnerability signatures to improve accuracy

Workflow Diagram

Concepts