AEGIBIT
Free · Open Source · MIT · v0.2.1

Security for the protocol Anthropic refused to secure.

In April 2026, security researchers disclosed a critical RCE vulnerability in Anthropic's Model Context Protocol — affecting 150 million SDK downloads[1] and 200,000+ vulnerable production servers[2]. Anthropic confirmed the behavior is by design and stated that sanitization is the developer's responsibility. We took that seriously.

Try the scannerView on GitHubshield.aegibit.com

v0.2.1 · Five checks shipped

What MCP Shield catches today

Five checks across two manifest shapes — your MCP tool definitions and your MCP server configurations. Static scan or live probe of a running server. JSON output drops directly into your CI pipeline.

AEG-MCP-001

Tool Poisoning Detection

Hidden Unicode (zero-width, tag chars), prompt injection markers, dangerous capability exposure.

AEG-MCP-002

Schema Hardness Audit

Path/URL/command parameters without validation — directory traversal, SSRF, and injection risk.

AEG-MCP-003

Secret Exposure Detection

AWS, GitHub, Stripe, Slack, OpenAI, Anthropic, Google, and JWT credentials embedded in tool defs.

AEG-MCP-004

STDIO Launch Hardening

Unpinned npx/uvx supply-chain risk, shell wrappers, user-writable executable paths, credential env vars.

AEG-MCP-005

Transport Security

Plain-HTTP transports, embedded URL credentials, disabled TLS validation, unparseable URLs.

Web preview · v0.2.1

Try it on your manifest

Paste an MCP tool manifest or server config below. The scanner runs the five AEG-MCP checks live and returns findings ranked by severity. We do not store the manifest, the findings, or your IP — everything happens in one request.

·

Max 256 KB. 10 scans per hour per IP.

For production analysis

The web preview ships a subset of the full check set. For CI integration, SARIF output, and live MCP-server probing, install the CLI:

pip install aegibit-mcp-shield && aegibit-mcp scan path/to/manifest.json

Each check above traces to a documented module in the open-source repo at github.com/AegibitSecurity/mcp-shield. Every finding is reproducible by running the CLI on the same input.

Static scan

Drop a JSON manifest into aegibit-mcp scan — get a full security report in under a second. Auto-detects whether the file is a tool manifest or a server config and runs the relevant checks.

Live probe

Connect to a real running MCP server over stdio or HTTP, fetch its live tool list, run every check on the actual response your agent will see. Stdlib-only client — no extra dependencies.

Runtime (coming)

Inline policy enforcement on production MCP traffic. Pauses high-risk actions for human approval. Tamper-evident audit trail for SOC 2, ISO 42001, and India's DPDP Act. Free tier for solo developers.

Sources

Where the numbers come from

  1. [1]150 million SDK downloads. Aggregate install count across the official Model Context Protocol SDKs (TypeScript, Python, Go, Kotlin) at the time of the April 2026 disclosure, derived from npm, PyPI, pkg.go.dev, and Maven Central download telemetry. Methodology and citation chain →
  2. [2]200,000+ vulnerable production servers. Conservative estimate from the AEGIBIT Security research note, derived from the intersection of public MCP server registries (Smithery, mcp.so, Glama, Cline marketplace) and the subset that ship the unsafe stdio launch patterns flagged by AEG-MCP-004 at the time of the disclosure. Methodology and citation chain →

Figures are point-in-time at disclosure and have continued to grow. The mcp-shield repository README is the canonical source of record; if you find a discrepancy, please open an issue.

The full product lives at shield.aegibit.com

Install the scanner, scan your first manifest, and drop the findings into your CI in under five minutes. The Runtime alpha opens shortly — join the waitlist for early access.

Visit shield.aegibit.com