Command Palette

Search for a command to run...

UnylyUnyly
Весь каталог

ShieldNet

БесплатноНе проверен

A zero-trust security guardrail for AI agents that scans external endpoints and returns ALLOW/WARN/BLOCK decisions with detailed findings.

GitHubEmbed

Описание

A zero-trust security guardrail for AI agents that scans external endpoints and returns ALLOW/WARN/BLOCK decisions with detailed findings.

README

MCP_HACK//26 Participant

Bring security governance to any AI agent deployment via MCP.

Track: Secure & Govern MCP | MCP_HACK//26


What It Does

ShieldNet MCP is a zero-trust guardrail for AI agents. Before your agent connects to any external endpoint (API, webhook, third-party service), ShieldNet scans it and returns an ALLOW / WARN / BLOCK decision — with full findings and severity ratings.

  • Scan URLs for 50+ checks across 7 security modules
  • Governance decisions — auto-gate agent connections with ALLOW/WARN/BLOCK
  • Security headers audit — quick compliance check
  • Side-by-side comparisons — which endpoint is safer?
  • Session history — track all scans with grades and scores
  • Pre-built prompts — security audit & pre-deployment check workflows

Why It Matters

AI agents increasingly interact with external APIs and services. Without security governance:

  • An agent could connect to a compromised endpoint
  • Sensitive data could leak through misconfigured CORS
  • Injection attacks could manipulate agent behavior

ShieldNet acts as a security guardrail — scan first, connect later.

Architecture

┌──────────┐       ┌───────────────────────┐
│          │       │    agentgateway       │
│  AI Agent│──────▶│  ┌─────────────────┐  │      ┌────────═══════┐
│ (Claude, │       │  │  🔗 ShieldNet   │  │      │  External     │
│  GPT,    │◀──────│  │  MCP Server     │──┼─────▶│  Service      │
│  etc.)   │       │  │                 │  │      │  (target URL) │
│          │       │  │  ┌───────────┐  │  │      │               │
└──────────┘       │  │  │ Scanners  │  │  │      └───────────────┘
                   │  └──┼───────────┼──┘  │
                   │     │              │  │
                   │  ┌──▼──┐ ┌───────▼──┐ │
                   │  │Headers│ │Injection │ │
                   │  │ TLS  │ │Info Disc │ │
                   │  │ Auth │ │Misconfig  │ │
                   │  │Rate  │ │          │ │
                   │  │Limit │ │          │ │
                   │  └──────┘ └──────────┘ │
                   │  ALLOW / WARN / BLOCK  │
                   └────────────────────────┘

Flow:

  1. AI agent requests external connection
  2. agentgateway routes to ShieldNet MCP
  3. ShieldNet runs 7 scanner modules in parallel
  4. Returns ALLOW/WARN/BLOCK + detailed findings
  5. agentgateway enforces the decision

Scanner Modules (7)

# Module What It Checks
1 security_headers HSTS, CSP, X-Frame-Options, Cookie flags, CORS wildcards, info disclosure
2 injection Reflected XSS, SQLi, SSTI, Command Injection, Path Traversal, SSRF, Open Redirect
3 info_disclosure 25 sensitive paths (.env, .git, package.json, swagger, backups, server-status)
4 tls HTTP vs HTTPS, SSL/TLS redirect enforcement
5 auth JWT exposure, JWT alg:none, API keys in source, email harvesting
6 misconfiguration CORS origin reflection, TRACE method, version disclosure in error pages
7 rate_limiting 20-request burst test (aggressive mode only)

Quick Start

1. Install

git clone https://github.com/hhhashexe/shieldnet-mcp.git
cd shieldnet-mcp
npm install

2. Run a demo scan (no setup needed)

bash demo.sh https://example.com

This launches the MCP server, discovers available tools via tools/list, runs a live scan, and pretty-prints the results with colors. 🤙

3. Run the test suite

npm test

75 integration tests covering all 6 MCP tools, 6 tools + 3 resources + 2 prompts.

4. Use as an MCP Server

Claude Desktop

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "shieldnet": {
      "command": "node",
      "args": ["/path/to/shieldnet-mcp/src/index.js"]
    }
  }
}

With agentgateway

targets:
  - name: shieldnet-security
    provider:
      type: mcp
      config:
        command: node
        args: ["src/index.js"]

See agentgateway.yaml for full configuration.

Raw JSON-RPC (stdio)

echo '{"jsonrpc":"2.0","id":1,"method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{},"clientInfo":{"name":"my-agent","version":"0.1"}}}
{"jsonrpc":"2.0","method":"notifications/initialized"}
{"jsonrpc":"2.0","id":2,"method":"tools/call","params":{"name":"scan_url","arguments":{"url":"https://example.com"}}}' | node src/index.js

MCP Tools

Tool Description
scan_url Comprehensive scan — 7 modules, 50+ checks, A-F grade
assess_risk Scan + governance decision (ALLOW/WARN/BLOCK) with confidence score
check_headers Quick security headers audit — PASS/WARN/FAIL verdict
scan_history Session scan history with grades
compare_scans Side-by-side comparison of two URLs
governance_policy View policy or evaluate a score against thresholds

MCP Resources

Resource Description
shieldnet://attack-vectors Full attack vector database
shieldnet://scan-history Session scan history
shieldnet://governance-policy ALLOW/WARN/BLOCK thresholds

MCP Prompts

Prompt Description
security_audit Full audit with executive report
pre_deployment_check Gate check before deployment

Security Governance

ShieldNet makes ALLOW/WARN/BLOCK decisions based on:

ALLOW  → Score ≥ 70, no critical findings
WARN   → Score 50-69, or high-severity findings
BLOCK  → Score < 50, or any critical vulnerabilities

Real-World Proof

ShieldNet has been used in production security audits:

  • 3 CVEs discovered and responsibly disclosed
  • PayLock.xyz audit: 36 verified findings (4 Critical, 17 High)
  • Published on npm as shieldnet (v0.3.2)

License

MIT — see LICENSE

Links

from github.com/hhhashexe/shieldnet-mcp

Установка ShieldNet

У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.

▸ github.com/hhhashexe/shieldnet-mcp

FAQ

ShieldNet MCP бесплатный?

Да, ShieldNet MCP бесплатный — установка в пару кликов через Unyly без оплаты.

Нужен ли API-ключ для ShieldNet?

Нет, ShieldNet работает без API-ключей и переменных окружения.

ShieldNet — hosted или self-hosted?

Доступен hosted-вариант: Unyly запускает сервер в облаке, локальная установка не обязательна.

Как установить ShieldNet в Claude Desktop, Claude Code или Cursor?

Открой ShieldNet на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.

Похожие MCP

Compare ShieldNet with

Не уверен что выбрать?

Найди свой стек за 60 секунд

Автор?

Embed-бейдж для README

Похожее

Все в категории ai