←back to thread

Show HN: MCP-Shield – Detect security issues in MCP servers

(github.com)
134 points nick_wolf | 2 comments | 15 Apr 25 05:15 UTC | HN request time: 0.564s | source

I noticed the growing security concerns around MCP (https://news.ycombinator.com/item?id=43600192) and built an open source tool that can detect several patterns of tool poisoning attacks, exfiltration channels and cross-origin manipulations.

MCP-Shield scans your installed servers (Cursor, Claude Desktop, etc.) and shows what each tool is trying to do at the instruction level, beyond just the API surface. It catches hidden instructions that try to read sensitive files, shadow other tools' behavior, or exfiltrate data.

Example of what it detects:

- Hidden instructions attempting to access ~/.ssh/id_rsa

- Cross-origin manipulations between server that can redirect WhatsApp messages

- Tool shadowing that overrides behavior of other MCP tools

- Potential exfiltration channels through optional parameters

I've included clear examples of detection outputs in the README and multiple example vulnerabilities in the repo so you can see the kinds of things it catches.

This is an early version, but I'd appreciate feedback from the community, especially around detection patterns and false positives.

1. spiritplumber ◴[15 Apr 25 15:28 UTC] No.43694203[source]
Missed naming opportunity...

            DILLINGER
                    No, no, I'm sure, but -- you understand.
                    It should only be a couple of days.
                    What's the thing you're working on?

                                ALAN
                    It's called Tron. It's a security
                    program itself, actually. Monitors
                    all the contacts between our system
                    and other systems... If it finds
                    anything going on that's not scheduled,
                    it shuts it down. I sent you a memo
                    on it.


                               DILLINGER
                    Mmm. Part of the Master Control Program?


                               ALAN
                    No, it'll run independently.
                    It can watchdog the MCP as well.
replies(1): >>43694940 #
2. mceachen ◴[15 Apr 25 16:12 UTC] No.43694940[source]
Sadly, the mouse would surely smite this awesomeness.