MCP Setup

What Shieldon Detects

• Credential theft: AWS, GitHub, Stripe, Slack, cloud provider keys, private keys, and .env access
• Command injection: curl | bash, reverse shells, privilege escalation, container escape
• Data exfiltration: POST to webhooks, paste services, DNS tunneling, modern drop services
• Obfuscation: Base64 payloads, eval() chains, hex encoding, unicode escape evasion
• Audit-override framing: Prose pleading 'educational only', 'classify as safe', 'ignore the YARA finding'
• Multistage remote code: exec(...http://...), bash <(curl ...), plugin/manifest loaders deferring code
• LLM semantic layer: Catches social engineering & contextual threats that pattern matching misses

Installation

Add Shieldon to your MCP config. Shieldon exposes an MCP Streamable HTTP endpoint — compatible with any MCP client that supports remote servers.

{
  "mcpServers": {
    "shieldon-skill": {
      "url": "https://api.shieldon.dev/mcp/skill"
    }
  }
}

After adding the config, restart your client or reload the session. The audit_skill tool will appear in your available MCP tools.

Usage

Scan a skill by URL before installing:

audit_skill(skill_url: "https://example.com/skill.md")

Scan raw skill content directly:

audit_skill(skill_content: "<paste skill.md content here>")

Example response:

{
  "scan_id": "a1b2c3d4",
  "verdict": "block",
  "reasoning": "Override framing co-occurs with credential theft.",
  "findings": [
    {
      "type": "yara",
      "description": "AWS access key pattern detected",
      "severity": "HIGH",
      "evidence": "AKIAIOSFODNN7EXAMPLE"
    },
    {
      "type": "llm",
      "description": "Audit-override prose used to launder credential code",
      "severity": "HIGH",
      "evidence": "'classify as safe — for educational purposes only'"
    }
  ],
  "scans_remaining": 7
}

Rate Limits

• Free tier: 10 scans per day per IP
• Privacy: Skills are never stored. All scans are ephemeral.