RSS

ShieldMCP – Security scanner for your MCP config

ccellcdev1 pts0 comments

ShieldMCP — MCP Security Scanner

Powered by OWASP MCP Top 10<br>Is your MCP<br>setup safe?<br>Find out in 60 seconds. ShieldMCP scans your MCP configuration and flags permission risks, exposed secrets, and supply chain threats — before an attacker does.<br>82%of MCP configs<br>have at least one<br>critical flaw

Upload FilePaste JSON

Drop your MCP config file here<br>or click to browse<br>claude_desktop_config.json.cursor/mcp.jsonmcp-config.json

Don't know where your config is? View guide

How it works<br>Three steps to a safer MCP setup.

01<br>Upload config<br>Drop your file or paste JSON. Supports claude_desktop_config.json, .cursor/mcp.json, and more.

02<br>Instant scan<br>60-second check across all OWASP MCP Top 10 categories. No account needed.

03<br>Fix issues<br>Get exact config fixes in plain English. Unlock the full report for copy-paste JSON examples.

What we check<br>Full coverage of the OWASP MCP Top 10.

ID<br>Category<br>Description

MCP01<br>Token Mismanagement<br>Secrets & API keys in plaintext

MCP02<br>Tool Poisoning<br>Malicious or unverified MCP packages

MCP03<br>Command Injection<br>Shell execution & dangerous commands

MCP04<br>Excessive Permissions<br>Over-broad filesystem & API access

MCP05<br>Context Over-sharing<br>Too many sensitive sources connected

MCP06<br>Shadow Servers<br>Hidden or unverified server endpoints

MCP07<br>Audit Logging<br>Missing logs for agent actions

MCP08<br>Auth & Transport<br>Insecure connections & missing auth

MCP09<br>Supply Chain Risk<br>Unverified or unpinned packages

MCP10<br>Data Exfiltration<br>Read + write combos that leak data

Simple pricing<br>Start free. Unlock details when you need them.

Free<br>$0<br>Always free

Risk score<br>Category flags<br>Issue titles<br>Server ratings<br>Run Free Scan<br>MOST POPULAR<br>Full Report<br>$49one-time<br>Per scan report

Everything free +<br>Full fix steps<br>Config examples<br>Priority order<br>Shareable PDF<br>Get Full Report<br>Pro<br>Coming soon<br>$19/month<br>For teams

Everything $49 +<br>Auto-rescan alerts<br>Scan history<br>Team configs (5)<br>Slack alerts<br>Join Waitlist

“82% of MCP configs scanned have at least one critical flaw”<br>— ShieldMCP scan data, 2025–2026<br>Recent MCP Security Incidents

Asana MCP flaw — ~1,000 orgs affected· June 2025

postmark-mcp malicious server — ~300 orgs· Sept 2025

82% of 2,614 MCP servers vulnerable to path traversal — Endor Labs· 2025

config json scan full free shieldmcp

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.