-
Notifications
You must be signed in to change notification settings - Fork 0
Home
dev-mondoshawan edited this page Jun 21, 2026
·
3 revisions
AI Agent Security Platform — Discover, monitor, and risk-score MCP servers across your organization.
As AI tools (Claude, Cursor, Windsurf, ChatGPT) increasingly rely on MCP (Model Context Protocol) servers to access filesystems, databases, shells, and APIs, the attack surface they expose grows silently. MCPShield gives you visibility: a lightweight Python agent scans MCP configurations on developer machines, scores each server for risk, and reports into a centralized multi-tenant dashboard.
| Feature | Description |
|---|---|
| Automatic Discovery | Scans Claude Desktop, Cursor, Windsurf, and custom MCP configs on Windows, macOS, and Linux |
| Risk Scoring Engine | Weighted 0–100 score across shell access, filesystem writes, credential exposure, network calls |
| Real-time Alerts | Fires on new high-risk servers and on score increases > 10 points |
| Centralized Dashboard | Org-wide risk distribution, top-risk servers, per-agent heartbeat, and alert history |
| Multi-tenant | Full data isolation — users, agents, servers, and alerts are scoped per organization |
| Privacy-first | Environment variable names only — credential values are never captured |
flowchart LR
subgraph dev["Developer Endpoints"]
direction TB
W[Windows]
M[macOS]
L[Linux]
end
subgraph agent["mcpshield-agent"]
direction TB
S1[Discover MCP configs]
S2[Score risk 0–100]
S3[Report via API key]
S1 --> S2 --> S3
end
subgraph backend["MCPShield Backend • FastAPI"]
direction TB
B1[Risk engine]
B2[Alert generator]
B3[(PostgreSQL)]
B1 --> B2 --> B3
end
subgraph ui["Security Dashboard • Next.js"]
direction TB
U1[Risk overview]
U2[Alerts]
U3[Agent status]
end
dev -->|pip install + scan| agent
agent -->|X-API-Key| backend
backend -->|JWT| ui
- Installation — Get MCPShield running
- Quick-Start — 5-minute walkthrough
- Agent-Usage — All CLI commands
- Risk-Scoring — How scores are calculated
- API-Reference — REST API reference
- Architecture — System design and data flow
| Component | Technology |
|---|---|
| Backend | FastAPI, SQLAlchemy 2.0, Alembic, PostgreSQL |
| Frontend | Next.js 14 App Router, React 18, Tailwind CSS |
| Agent | Python 3.11+, Click CLI, psutil |
| Auth | HS256 JWT (30 min access / 7 day refresh), bcrypt, SHA-256 API key hashing |
Getting Started
User Guide
Technical Reference