Teeshield
Static security linter for MCP servers. Scans tool definitions for vulnerabilities (path traversal, SQL injection, SSRF), scores description quality, and auto-rewrites descriptions for safer agent tool selection.
What is Teeshield?
Teeshield is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to static security linter for mcp servers. scans tool definitions for vulnerabilities (path traversal, sql injection, ssrf), scores description quality, and auto-rewrites descriptions for safer agent too...
Static security linter for MCP servers. Scans tool definitions for vulnerabilities (path traversal, SQL injection, SSRF), scores description quality, and auto-rewrites descriptions for safer agent tool selection.
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- Static security linter for MCP servers. Scans tool definitio
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx teeshieldConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Teeshield
Teeshield (published as the spidershield package) is a static security linter and runtime guard for MCP servers. It scans tool definitions for path traversal, SQL injection, and SSRF vulnerabilities, scores description quality on an A–F scale, and can automatically rewrite unsafe tool descriptions. It also ships a Python SDK for embedding policy enforcement directly into MCP server code.
Prerequisites
- Python 3.11 or later
- pip package manager
- An MCP server project whose tool definitions you want to audit
- Optional: ANTHROPIC_API_KEY for LLM-powered description rewrites
Install spidershield
Install the package from PyPI. Python 3.11+ is required.
pip install spidershieldScan an MCP server project
Run the scan command against your server directory. It scores tool descriptions, detects code vulnerabilities, and outputs an overall quality grade.
spidershield scan ./my-mcp-serverAuto-rewrite unsafe tool descriptions
Use the rewrite command to automatically improve tool descriptions flagged by the scanner. Set ANTHROPIC_API_KEY for higher-quality LLM-assisted rewrites.
export ANTHROPIC_API_KEY="sk-ant-..."
spidershield rewrite ./my-mcp-serverRun the agent security check
The agent-check command audits all installed MCP servers on the current machine for known security issues.
spidershield agent-check .Wrap a server with the runtime proxy guard
Use the proxy or guard subcommands to run your MCP server behind a security enforcement layer that intercepts tool calls at runtime.
# Proxy mode (passthrough with filtering)
spidershield proxy -- python -m my_mcp_server
# Guard mode (subprocess enforcement)
spidershield guard -- node dist/server.jsEmbed the SpiderGuard SDK in your server
Import SpiderGuard into your MCP server code to enforce per-call security policies programmatically.
from spidershield import SpiderGuard, Decision
guard = SpiderGuard(
policy="balanced",
audit=True,
audit_dir="./logs",
dlp="redact"
)
result = guard.check("read_file", {"path": "/etc/passwd"})
if result.decision == Decision.DENY:
raise PermissionError(result.reason)Teeshield Examples
Client configuration
Run spidershield as a guard wrapping your existing MCP server process inside Claude Desktop.
{
"mcpServers": {
"guarded-server": {
"command": "spidershield",
"args": ["proxy", "--", "python", "-m", "my_mcp_server"]
}
}
}Prompts to try
Example prompts for using spidershield scan results inside Claude.
- "Scan the MCP servers in ./servers and list all critical vulnerabilities"
- "Rewrite the tool descriptions in my server project to improve the security score"
- "Check all installed MCP agent tools for path traversal risks"
- "What is the current security grade of my MCP server tool definitions?"Troubleshooting Teeshield
spidershield command not found after pip install
Confirm the pip install target is on your PATH. Run python -m spidershield scan . as an alternative, or activate the virtual environment where spidershield was installed.
LLM-powered rewrites produce generic output
Set ANTHROPIC_API_KEY in your environment before running spidershield rewrite. Without it the tool falls back to rule-based rewrites which are less context-aware.
Scan reports false positives on safe tool descriptions
Switch to the permissive policy preset (spidershield scan --policy permissive) or create a custom YAML policy file and load it with --policy ./my-policy.yaml to tune detection thresholds.
Frequently Asked Questions about Teeshield
What is Teeshield?
Teeshield is a Model Context Protocol (MCP) server that static security linter for mcp servers. scans tool definitions for vulnerabilities (path traversal, sql injection, ssrf), scores description quality, and auto-rewrites descriptions for safer agent tool selection. It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Teeshield?
Follow the installation instructions on the Teeshield GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with Teeshield?
Teeshield works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Teeshield free to use?
Yes, Teeshield is open source and available under the MIT License license. You can use it freely in both personal and commercial projects.
Teeshield Alternatives — Similar Security Servers
Looking for alternatives to Teeshield? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Teeshield in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Teeshield?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.