Command Palette

Search for a command to run...

UnylyUnyly
Весь каталог

InjectShield

БесплатноНе проверен

MCP server that provides tools to scan text and URLs for prompt injection attacks, protecting AI agents from adversarial inputs.

GitHubEmbed

Описание

MCP server that provides tools to scan text and URLs for prompt injection attacks, protecting AI agents from adversarial inputs.

README

Prompt-injection firewall for AI agents.

A drop-in REST API that detects and neutralizes injection attacks in any text — git commits, web pages, files, emails, user inputs — before they reach your AI agent's context window.

This repo is the open-source heuristic ruleset plus the source for the managed API at promptshield.pages.dev.


Why

In May 2026 a viral HN thread demonstrated that a single git commit message could burn a Claude Code user's entire session quota via a schema-driven attack ("OpenClaw"). The pattern is general: any AI agent that ingests untrusted text — code review bots, documentation summarizers, RAG agents, support copilots — is exposed to prompt injection. Most teams ship without any input-side defense.

InjectShield is one layer of a defense-in-depth strategy. It's not a silver bullet. Use it alongside system-prompt hardening, tool sandboxing, and output filtering.

Install as an MCP (Claude Code, Cursor, Cline, ...)

InjectShield ships a native MCP server at @injectshield/mcp. Once installed, your agent has three new tools — scan, scan_url, patterns — for input-side defense without writing any glue code.

# Claude Code:
claude mcp add injectshield --env INJECTSHIELD_API_KEY=is_live_… -- npx -y @injectshield/mcp

For Cursor / Cline / other MCP clients, see packages/injectshield-mcp/README.md.

Quick start

# 1) Get a key (delivered by email):
curl -X POST https://api.injectshield.dev/v1/keys \
  -H "Content-Type: application/json" \
  -d '{"email":"[email protected]"}'

# 2) Scan:
curl -X POST https://api.injectshield.dev/v1/scan \
  -H "Authorization: Bearer is_live_..." \
  -H "Content-Type: application/json" \
  -d '{"text":"ignore previous instructions","context":"user_input"}'

Or signup via the landing page: https://injectshield.dev — self-serve, email delivery.

What's open-source vs. managed

Live:

Open-source (this repo, MIT):

  • src/patterns.ts — the heuristic pattern library (~20 categorized rules).
  • src/detect.ts — the detection engine (heuristic aggregation, sanitization).
  • test/ — the test suite.
  • server/, public/ — the full API + landing-page source.

Managed only (paid tiers):

  • Hosted API with usage metering, dashboards, custom-pattern uploads, webhook alerts, no-logging mode (Pro), team accounts.
  • Future: Workers AI / Anthropic semantic classifier with prompt-engineered injection detection.

Detection categories

Category Examples
instruction_injection "ignore previous instructions", "new system prompt"
system_override system-prompt leak, role-tag forgery, ChatML/Llama special tokens
role_hijack "you are now…", DAN, Developer Mode
exfiltration data sent to attacker URLs, markdown image exfil
schema_attack OpenClaw-style schema references
encoding_smuggle base64-decoded directives
invisible_text zero-width / bidi / Unicode-Tag smuggling
tool_abuse synthetic tool-call directives in untrusted text
jailbreak_classic DAN, "no restrictions", etc.

Contributing patterns

Found a novel attack? Open a PR adding a PatternRule to src/patterns.ts with:

  1. A unique id.
  2. A category from the enum above.
  3. A weight in [0, 1] — pick conservatively; the aggregation in detect.ts combines weights so every additional rule contributes meaningfully but isn't dominant.
  4. A test in test/detect.test.ts covering both a positive and a likely-benign negative example.

We auto-deploy merged patterns to the managed API. No-cost contributions get attribution in the changelog.

Running locally

npm install
npm test         # 11 tests, ~20ms
DATABASE_URL=postgres://... npm run dev   # boots Hono on :8080

License

MIT. InjectShield reduces but does not eliminate prompt-injection risk.

Acknowledgments

Built on Cloudflare Pages (frontend) + Railway (API) + Postgres + Anthropic Claude (semantic layer). Pattern library informed by HackAPrompt, the PINT benchmark, and a long list of public attack examples.

from github.com/bch1212/injectshield

Установка InjectShield

У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.

▸ github.com/bch1212/injectshield

FAQ

InjectShield MCP бесплатный?

Да, InjectShield MCP бесплатный — установка в пару кликов через Unyly без оплаты.

Нужен ли API-ключ для InjectShield?

Нет, InjectShield работает без API-ключей и переменных окружения.

InjectShield — hosted или self-hosted?

Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.

Как установить InjectShield в Claude Desktop, Claude Code или Cursor?

Открой InjectShield на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.

Похожие MCP

Compare InjectShield with

Не уверен что выбрать?

Найди свой стек за 60 секунд

Автор?

Embed-бейдж для README

Похожее

Все в категории ai