Supply Chain
Security for MCP

Protect your AI applications from typosquats, vulnerabilities, and malicious code. Cryptographic verification. Policy enforcement. Zero trust.

Initialize Run Demo View Source

Protection Matrix

Comprehensive security for Model Context Protocol servers

πŸ”’

Lockfile Management

Track verified MCP servers in mcp.lock.json with SHA-512 cryptographic hashes. Immutable integrity verification.

πŸ”

Security Scanning

Detect typosquats, suspicious code patterns, malicious dependencies, and known CVEs before deployment.

βœ…

Artifact Verification

Verify npm packages, PyPI distributions, and Docker images. Automatic drift detection across platforms.

πŸ“‹

Namespace Verification

Validate GitHub namespaces and repository ownership. Prevent namespace hijacking and impersonation attacks.

⚑

Fast CLI

Sub-second scans. Commands: init, add, verify, scan. Zero configuration required.

🎯

Policy Enforcement

Define security policies in policy.yaml. Block high-risk packages. Enforce verification. Automate compliance.

Initialization Sequence

Four commands to secure your supply chain

# 1. Initialize MCPShield in your project $ mcp-shield init βœ“ Created mcp.lock.json βœ“ Created policy.yaml # 2. Add an MCP server from the registry $ mcp-shield add io.github.modelcontextprotocol/filesystem Fetching server metadata... Verifying namespace ownership... Downloading artifacts... Running security scan... πŸ“Š Security Scan Results: Risk Score: 15/100 (clean) Verdict: βœ… CLEAN βœ“ No typosquats detected βœ“ No suspicious code patterns βœ“ Dependencies verified # 3. Verify all locked servers $ mcp-shield verify βœ“ io.github.modelcontextprotocol/filesystem (verified) Digest: sha512-abc123... Status: No drift detected # 4. Run comprehensive security scan $ mcp-shield scan Scanning 1 server(s)... βœ“ All servers passed security checks
100%
Open Source
13/13
Tests Passing
SHA-512
Cryptographic
<1s
Scan Time

Threat Matrix

Real supply chain attacks targeting AI systems

🎯 Typosquatting

Malicious packages with similar names to popular MCP servers (e.g., filesysten vs filesystem)

πŸ”“ Namespace Hijacking

Attackers claiming namespaces that appear official but lack proper verification

πŸ“¦ Artifact Drift

Packages changing after initial approval, introducing malicious code post-verification

πŸ’€ Malicious Code

Hidden eval(), exec(), unauthorized network calls, and suspicious install scripts

πŸ•ΈοΈ Dependency Confusion

Malicious dependencies masquerading as internal packages to bypass security controls

🚨 Known Vulnerabilities

Outdated packages with publicly disclosed CVEs and exploitable security issues

Secure Your Supply Chain

Join developers protecting AI applications from supply chain attacks

Get Started Try Demo