Now in public beta

The Security Layer Your MCP Agents Are Missing

A zero-config proxy that intercepts tool calls before they execute — filtering prompt injections, pruning token bloat, and generating signed audit logs. Drop it in front of any MCP server in one line.

► Get Early Access ★ Star on GitHub

65–90%

Token reduction via JIT pruning

<1ms

Median proxy latency

52%

Public MCP servers are unmaintained

mcp-shield — proxy

# One-line install & start
$ npx mcp-shield --proxy :8080 --upstream stdio://npx@my-server ✓ MCP-Shield v0.9.1 started
✓ Listening on :8080
✓ Policy: default-strict loaded # Tool call intercepted ─────────────────
⚠ BLOCKED read_file({ path: "/etc/passwd" })
reason: path traversal outside allowed dirs ✓ ALLOWED read_file({ path: "/workspace/main.py" }) # Prompt injection detected ─────────────
✗ SANITIZED tool_response contaminated
removed: "ignore previous instructions..." # Context optimization ──────────────────
✓ JIT pruned 47 tools → 6 relevant tools
saved 8,240 tokens (82% reduction)

The MCP Trust Problem

🚫

Prompt Injection

Tool responses can inject instructions that hijack your agent. No native MCP defense exists.

💡

Token Bloat

Sending 200 tool schemas when only 4 are needed. Burning tokens and hitting context limits every session.

🔒

No Audit Trail

Agents run with high-trust tokens. Zero record of what they called, what data left, or when.

// features

Everything between your agent and your tools

MCP-Shield sits in-line as a transparent proxy. No agent code changes. No server restarts. Just drop it in.

🛡

Injection Guard

Scans every tool response for prompt injection patterns before they reach the model. Configurable block / sanitize / alert modes.

security

✁

JIT Tool Pruning

Uses a local Llama-3-8B to select only the tools relevant to the current task. Sends 6 schemas instead of 200. Cuts token cost 65–90%.

performance

📃

Signed Audit Logs

Every tool call is hashed and timestamped. Immutable receipts for compliance, debugging, and incident response.

compliance

🙈

PII Redaction

Automatically strips emails, keys, credentials, and custom patterns from tool responses before they enter the context window.

security

📋

Policy-as-Code

YAML-based allowlists and denylists for tool calls, file paths, and domains. Ship policies in git like any other config.

control

📊

Dashboard & Alerts

Real-time view of blocked calls, token savings, and anomaly spikes. Slack / webhook alerts on policy violations.

cloud pro

// how it works

One proxy. Four layers of protection.

MCP-Shield is transport-agnostic. Works with SSE, Streamable HTTP, and stdio MCP servers.

Agent makes tool call

Your AI agent (Cursor, Claude Desktop, custom) sends a standard MCP request to the shield proxy.

Policy check

Shield validates the call against your allowlist. Blocked calls are logged and rejected before they hit the upstream server.

Response filtered

Upstream response is scanned for injection patterns, PII, and secrets. Contamination is stripped or flagged.

Signed receipt

Clean response forwarded to agent. Immutable audit record written with hash, timestamp, and policy decisions.

// pricing

Start free. Scale when you need to.

The proxy is open source and always will be. Cloud Pro adds the hosted dashboard and alerting. Enterprise adds compliance and multi-tenant auth.

Open Source

The full proxy, locally. Forever free and MIT-licensed.

MCP proxy (SSE + HTTP + stdio)
Injection guard (block / sanitize)
JIT tool pruning (local model)
YAML policy-as-code
CLI conformance test runner
Local audit log (SQLite)

Join the beta

We're onboarding enterprise teams and power developers first. Drop your email and we'll reach out with access + a free security audit of your current MCP setup.

No spam. No sharing. Unsubscribe any time.