--- name: shieldon-setup version: 1.0.0 description: Set up Shieldon MCP server to scan AI agent skills before installation homepage: https://shieldon.dev --- # Shieldon MCP Setup Audit AI agent skills for malware and social engineering before adding them to your agent. ## What Shieldon Detects - **Credential theft:** AWS, GitHub, Stripe, Slack, cloud provider keys, private keys, and .env access - **Command injection:** curl | bash, reverse shells, privilege escalation - **Obfuscation:** Base64 payloads, eval() chains, hex encoding - **Data exfiltration:** POST to webhooks, paste services, DNS tunneling ## Installation Add Shieldon to your MCP config. Shieldon exposes an MCP Streamable HTTP endpoint — compatible with any MCP client that supports remote servers. **MCP config block:** ```json { "mcpServers": { "shieldon": { "url": "https://api.shieldon.dev/mcp" } } } ``` **Where to add it depends on your client:** | Client | Config file | |--------|------------| | Cursor | `.cursor/mcp.json` | | Claude Desktop | `claude_desktop_config.json` | | Windsurf | `.windsurf/mcp.json` | | Any MCP client | Wherever your client reads MCP server configs | After adding the config, restart your client or reload the session. The `audit_skill` tool will appear in your available MCP tools. ## Usage **Scan a skill by URL before installing:** ``` audit_skill(skill_url: "https://example.com/skill.md") ``` **Scan raw skill content directly:** ``` audit_skill(skill_content: "") ``` **Example response:** ```json { "scan_id": "a1b2c3d4", "risk_score": 75, "risk_level": "HIGH", "recommendation": "REVIEW", "findings": [ { "type": "Credential_AWS_Access_Key", "description": "AWS access key pattern detected", "severity": "HIGH", "evidence": "Matched '$aws_key' at offset 342: AKIAIOSFODNN7EXAMPLE" } ], "scans_remaining": 7 } ``` ## Rate Limits - **Free tier:** 10 scans per day per IP - **Privacy:** Skills are never stored. All scans are ephemeral. ## Support - Website: https://shieldon.dev