Is Injectshield free?

Yes, Injectshield is free to use.

How do I install Injectshield?

Injectshield is a local plugin. Install it using npm package: @injectshield/mcp and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

What credentials does Injectshield need?

Injectshield requires the following credentials or environment variables: INJECTSHIELD_API_KEY, INJECTSHIELD_API_BASE. You can find setup instructions on the server detail page.

What AI apps work with Injectshield?

Injectshield uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Injectshield MCP Server

by Bch1212

Developer ToolsUse Caution4.2MCP RegistryLocal

Free

Server data from the Official MCP Registry

Prompt-injection firewall for AI agents — scan untrusted text before LLM calls.

About

Prompt-injection firewall for AI agents — scan untrusted text before LLM calls.

Security Report

4.2

Use Caution4.2High Risk

InjectShield is a legitimate prompt-injection detection service with a well-structured MCP server implementation. The codebase demonstrates proper authentication, reasonable API security patterns, and appropriate permissions for its stated purpose. However, several moderate-severity issues exist: the MCP server lacks validation for the INJECTSHIELD_API_KEY environment variable (missing key triggers runtime errors rather than graceful failure), the REST API routes have some input-validation gaps, and secrets management could be more explicit. The server's permissions (network_http, env_vars, file I/O for logging) are appropriate for a security-focused API gateway, but the broader REST server handles sensitive operations (Stripe webhooks, user keys) that warrant higher scrutiny. Supply chain analysis found 10 known vulnerabilities in dependencies (1 critical, 3 high severity). Package verification found 1 issue (1 critical, 0 high severity).

7 files analyzed · 19 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

HTTP Network Access

Connects to external APIs or services over the internet.

env_vars

Check that this permission is expected for this type of plugin.

database

Check that this permission is expected for this type of plugin.

File System Read

Reads files on your machine. Normal for tools that analyze or process local data.

File System Write

Writes or modifies files on your machine. Check that this is expected for the tool.

Unverified package source

We couldn't verify that the installable package matches the reviewed source code. Proceed with caution.

What You'll Need

Set these up before or after installing:

API key from https://injectshield.dev (free tier: 10K req/mo).Required

Environment variable: INJECTSHIELD_API_KEY

Override the API base URL for self-hosted deployments.Optional

Environment variable: INJECTSHIELD_API_BASE

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-bch1212-injectshield": {
      "env": {
        "INJECTSHIELD_API_KEY": "your-injectshield-api-key-here",
        "INJECTSHIELD_API_BASE": "your-injectshield-api-base-here"
      },
      "args": [
        "-y",
        "injectshield"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

InjectShield

Prompt-injection firewall for AI agents.

A drop-in REST API that detects and neutralizes injection attacks in any text — git commits, web pages, files, emails, user inputs — before they reach your AI agent's context window.

This repo is the open-source heuristic ruleset plus the source for the managed API at promptshield.pages.dev.

Why

In May 2026 a viral HN thread demonstrated that a single git commit message could burn a Claude Code user's entire session quota via a schema-driven attack ("OpenClaw"). The pattern is general: any AI agent that ingests untrusted text — code review bots, documentation summarizers, RAG agents, support copilots — is exposed to prompt injection. Most teams ship without any input-side defense.

InjectShield is one layer of a defense-in-depth strategy. It's not a silver bullet. Use it alongside system-prompt hardening, tool sandboxing, and output filtering.

Install as an MCP (Claude Code, Cursor, Cline, ...)

InjectShield ships a native MCP server at @injectshield/mcp. Once installed, your agent has three new tools — scan, scan_url, patterns — for input-side defense without writing any glue code.

# Claude Code:
claude mcp add injectshield --env INJECTSHIELD_API_KEY=is_live_… -- npx -y @injectshield/mcp

For Cursor / Cline / other MCP clients, see packages/injectshield-mcp/README.md.

Quick start

# 1) Get a key (delivered by email):
curl -X POST https://api.injectshield.dev/v1/keys \
  -H "Content-Type: application/json" \
  -d '{"email":"you@company.com"}'

# 2) Scan:
curl -X POST https://api.injectshield.dev/v1/scan \
  -H "Authorization: Bearer is_live_..." \
  -H "Content-Type: application/json" \
  -d '{"text":"ignore previous instructions","context":"user_input"}'

Or signup via the landing page: https://injectshield.dev — self-serve, email delivery.

What's open-source vs. managed

Live:

Landing page + live demo: https://injectshield.dev
API base: https://api.injectshield.dev
Health: https://api.injectshield.dev/healthz
Docs: https://injectshield.dev/docs

Open-source (this repo, MIT):

src/patterns.ts — the heuristic pattern library (~20 categorized rules).
src/detect.ts — the detection engine (heuristic aggregation, sanitization).
test/ — the test suite.
server/, public/ — the full API + landing-page source.

Managed only (paid tiers):

Hosted API with usage metering, dashboards, custom-pattern uploads, webhook alerts, no-logging mode (Pro), team accounts.
Future: Workers AI / Anthropic semantic classifier with prompt-engineered injection detection.

Detection categories

Category	Examples
`instruction_injection`	"ignore previous instructions", "new system prompt"
`system_override`	system-prompt leak, role-tag forgery, ChatML/Llama special tokens
`role_hijack`	"you are now…", DAN, Developer Mode
`exfiltration`	data sent to attacker URLs, markdown image exfil
`schema_attack`	OpenClaw-style schema references
`encoding_smuggle`	base64-decoded directives
`invisible_text`	zero-width / bidi / Unicode-Tag smuggling
`tool_abuse`	synthetic tool-call directives in untrusted text
`jailbreak_classic`	DAN, "no restrictions", etc.

Contributing patterns

Found a novel attack? Open a PR adding a PatternRule to src/patterns.ts with:

A unique id.
A category from the enum above.
A weight in [0, 1] — pick conservatively; the aggregation in detect.ts combines weights so every additional rule contributes meaningfully but isn't dominant.
A test in test/detect.test.ts covering both a positive and a likely-benign negative example.

We auto-deploy merged patterns to the managed API. No-cost contributions get attribution in the changelog.

Running locally

npm install
npm test         # 11 tests, ~20ms
DATABASE_URL=postgres://... npm run dev   # boots Hono on :8080

License

MIT. InjectShield reduces but does not eliminate prompt-injection risk.

Acknowledgments

Built on Cloudflare Pages (frontend) + Railway (API) + Postgres + Anthropic Claude (semantic layer). Pattern library informed by HackAPrompt, the PINT benchmark, and a long list of public attack examples.

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Git

Free

by Modelcontextprotocol · Developer Tools

Read, search, and manipulate Git repositories programmatically

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

Injectshield MCP Server

About

Security Report

Findings (19)Action required

Permissions Required

What You'll Need

How to Install

Documentation

InjectShield

Why

Install as an MCP (Claude Code, Cursor, Cline, ...)

Quick start

What's open-source vs. managed

Detection categories

Contributing patterns

Running locally

License

Acknowledgments

Reviews

No reviews yet

More Developer Tools MCP Servers

Git

Toleno

mcp-creator-python

MarkItDown

mcp-creator-typescript

Google Workspace MCP