AgentShield

AgentShield is a static analysis tool for MCP tool schemas. It scans for security issues before you deploy: overly broad permissions, missing input validation, prompt injection vectors, and unsafe tool descriptions.

Install

bun add -d @aiconnai/agentshield

Scan your tools

bunx @aiconnai/agentshield scan ./src/tools/

Example output:

Scanning 4 tool schemas...

WARN  [bash_execute] description may enable prompt injection
      "Execute any shell command" — remove "any"

ERROR [file_read] no path validation defined
      Add allowlist: { "path": { "pattern": "^/safe/dir/" } }

INFO  [get_weather] looks good

WARN  [web_search] consider rate limiting annotation

2 issues found (1 error, 1 warning)

Run in CI

# .github/workflows/security.yml
- name: Scan MCP schemas
  run: bunx @aiconnai/agentshield scan ./src/tools/ --fail-on error

See Also

• Architecture Overview
• Meridian Security