shieldbot

shieldbot

AI-powered security code review for Claude Code that runs multiple scanners (CodeQL, Semgrep, etc.) to detect vulnerabilities, secrets, and dependency CVEs, producing prioritized reports.

Category
Visit Server

README

Shieldbot — AI Security Code Review for Claude Code

PyPI License: MIT Python 3.11+ MCP Compatible

Shieldbot is an AI-powered security scanner that runs directly inside Claude Code. It combines deep dataflow analysis, 5,000+ static analysis rules, and advisory-database lookups with Claude's reasoning to detect vulnerabilities, hardcoded secrets, and CVE-affected dependencies — then synthesizes findings into a prioritized, actionable report.

One command. Full security audit. Zero context switching.

What It Scans

Scanner What It Catches Auto-installed
CodeQL Deep dataflow / taint-analysis SAST — SQL injection, XSS, path traversal, RCE, authentication flaws across 8+ languages
Semgrep (5,000+ rules) OWASP Top 10, CWE Top 25, SQL injection, XSS, SSRF, command injection
Bandit Python-specific security flaws (hardcoded passwords, weak crypto, shell injection)
Ruff Python code quality and security anti-patterns
detect-secrets API keys, tokens, passwords, private keys in source code
Dependabot CLI Ecosystem-specific security updates via GitHub's Dependabot engine (security-updates-only mode, requires Docker at runtime)
osv-scanner Dependency CVEs from the OSV / GitHub Advisory Database — works offline, no token required
Trivy Docker image CVEs (OS packages + libraries), Dockerfile misconfigurations, and secrets baked into image layers — runs automatically when a Dockerfile is found
pip-audit Python dependency CVEs (PyPI Advisory Database)
npm audit Node.js dependency CVEs

All scanners run in parallel. Findings are deduplicated, ranked by exploitability, and explained in plain English.

Auto-installed tools (CodeQL, osv-scanner, Dependabot CLI, Trivy) are downloaded automatically on first scan — no package manager or sudo required. Supports macOS and Linux on x86_64 and arm64. Trivy and Dependabot CLI require Docker at runtime (image builds / ecosystem updaters). Trivy scan strategy: (1) docker build → full image scan; (2) docker pull <base_image> → base image scan if build fails; (3) trivy fs filesystem fallback. When Docker build fails (e.g. network restrictions in CI), a prominent SCAN GAP warning is emitted and the base image is scanned directly. Pass --image <tag> / extra_images to scan a pre-built image directly.

Install as a Claude Code Plugin (Recommended)

Step 1 — Add the Shieldbot marketplace:

/plugin marketplace add BalaSriharsha/shieldbot

Step 2 — Install the plugin:

/plugin install shieldbot

Step 3 — Reload plugins:

/reload-plugins

Step 4 — Run a scan:

/shieldbot .
/shieldbot /path/to/repo
/shieldbot . --git-history

Or just ask Claude naturally:

  • "scan this repo for security vulnerabilities"
  • "check my code for hardcoded secrets"
  • "audit my Python dependencies for CVEs"

Install as a Standalone MCP Server

Add to your MCP client config (.mcp.json or claude_desktop_config.json):

{
  "mcpServers": {
    "shieldbot": {
      "command": "uvx",
      "args": ["shieldbot-mcp"]
    }
  }
}

Or install via pip:

pip install shieldbot-mcp

Pre-install Scanner Tools

CodeQL, osv-scanner, and Dependabot CLI are downloaded automatically on first scan, but you can pre-install them with the bundled CLI:

shieldbot-install              # install all four
shieldbot-install --codeql     # CodeQL only
shieldbot-install --osv        # osv-scanner only
shieldbot-install --dependabot # Dependabot CLI only
shieldbot-install --trivy      # Trivy only
shieldbot-install --force      # reinstall / upgrade to latest

Binaries are placed in ~/.local/bin. Add it to your shell profile if needed:

export PATH="$HOME/.local/bin:$PATH"

All three tools are fully open-source and installed from their official GitHub releases — no package manager, no sudo, no API keys:

Tool Source License
CodeQL CLI github/codeql-cli-binaries MIT
osv-scanner google/osv-scanner Apache-2.0
Dependabot CLI dependabot/cli MIT
Trivy aquasecurity/trivy Apache-2.0

MCP Tools

Tool Description
scan_repository Run a full parallel security scan and return a structured JSON report
check_scanner_tools Check which scanners are installed and available

scan_repository parameters

Parameter Type Default Description
repo_path string required Absolute path to the repository
skip_scanners list [] Scanners to skip — valid values: codeql, semgrep, bandit, ruff, detect-secrets, dependabot, pip-audit, npm-audit, trivy
scan_git_history bool false Also scan git commit history for leaked secrets
extra_images list [] Pre-built Docker image names/tags to scan directly with Trivy — use when docker build fails in restricted environments (e.g. ["mcr.microsoft.com/playwright:v1.50-noble"])

Dockerfile / docker-compose fix utilities

Shieldbot includes a command-line fixer that the agent uses to analyse and patch Dockerfiles and compose files:

# Analyse a Dockerfile and generate a fix plan from scan results
python -m shieldbot.fixers.dockerfile_fixer analyze Dockerfile shieldbot-report.json

# List all FROM stages and their detected package managers
python -m shieldbot.fixers.dockerfile_fixer list-stages Dockerfile

# List all RUN install commands and their packages
python -m shieldbot.fixers.dockerfile_fixer list-installs Dockerfile

# List all image: references in a docker-compose file
python -m shieldbot.fixers.dockerfile_fixer list-compose-images docker-compose.yml

# Check Docker Hub for a newer/patched base image tag
python -m shieldbot.fixers.dockerfile_fixer suggest-base-upgrade ubuntu:20.04

GitHub Actions Integration

Add Shieldbot to any repository in 3 lines. Findings appear in the Security > Code Scanning tab via SARIF upload.

# .github/workflows/shieldbot.yml
name: Shieldbot Security Scan
on:
  push:
    branches: [main, master]
  pull_request:
    branches: [main, master]
  schedule:
    - cron: '0 8 * * 1'  # Weekly scan

permissions:
  contents: read
  security-events: write  # Required for Code Scanning upload

jobs:
  shieldbot:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - uses: BalaSriharsha/shieldbot@main

All available inputs:

Input Default Description
path . Directory to scan
fail-on high Fail build if findings at or above this level
skip-scanners `` Comma-separated scanners to skip
scan-git-history false Scan git history for leaked secrets
upload-sarif true Upload to GitHub Code Scanning
sarif-file shieldbot-results.sarif SARIF output path

Outputs: total-findings, risk-score, sarif-file

See .github/workflows/shieldbot-example.yml for the full annotated example.

Exit Codes (CI/CD Integration)

Code Meaning
0 Clean — no findings above threshold
1 Medium+ findings detected
2 High+ findings detected
3 Critical findings detected

Use exit codes to gate deployments in GitHub Actions, GitLab CI, or any pipeline.

How It Works

  1. Detect — Shieldbot profiles the repository (languages, package managers, git history)
  2. Auto-install — Any missing scanner tools (CodeQL, osv-scanner, Dependabot CLI) are downloaded from GitHub releases for the current OS and architecture
  3. Scan — All applicable scanners run in parallel via asyncio.gather()
  4. Deduplicate — Findings are deduplicated by exact hash and proximity (±3 lines), with scanner priority: CodeQL → Semgrep → Bandit → detect-secrets → Dependabot/osv-scanner → pip-audit/npm-audit → Trivy
  5. Analyze — Claude synthesizes raw scanner output into prioritized findings with context
  6. Report — Structured output with executive summary, risk score, and remediation steps

Requirements

  • Python 3.11+
  • Claude Code (for plugin mode)
  • Docker (optional — required at runtime for Trivy image scanning and Dependabot CLI's ecosystem updaters)

Contributing

Issues and pull requests welcome at github.com/BalaSriharsha/shieldbot.

License

MIT — see LICENSE

Recommended Servers

playwright-mcp

playwright-mcp

A Model Context Protocol server that enables LLMs to interact with web pages through structured accessibility snapshots without requiring vision models or screenshots.

Official
Featured
TypeScript
Magic Component Platform (MCP)

Magic Component Platform (MCP)

An AI-powered tool that generates modern UI components from natural language descriptions, integrating with popular IDEs to streamline UI development workflow.

Official
Featured
Local
TypeScript
Audiense Insights MCP Server

Audiense Insights MCP Server

Enables interaction with Audiense Insights accounts via the Model Context Protocol, facilitating the extraction and analysis of marketing insights and audience data including demographics, behavior, and influencer engagement.

Official
Featured
Local
TypeScript
VeyraX MCP

VeyraX MCP

Single MCP tool to connect all your favorite tools: Gmail, Calendar and 40 more.

Official
Featured
Local
graphlit-mcp-server

graphlit-mcp-server

The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. Ingest anything from Slack to Gmail to podcast feeds, in addition to web crawling, into a Graphlit project - and then retrieve relevant contents from the MCP client.

Official
Featured
TypeScript
Kagi MCP Server

Kagi MCP Server

An MCP server that integrates Kagi search capabilities with Claude AI, enabling Claude to perform real-time web searches when answering questions that require up-to-date information.

Official
Featured
Python
E2B

E2B

Using MCP to run code via e2b.

Official
Featured
Neon Database

Neon Database

MCP server for interacting with Neon Management API and databases

Official
Featured
Exa Search

Exa Search

A Model Context Protocol (MCP) server lets AI assistants like Claude use the Exa AI Search API for web searches. This setup allows AI models to get real-time web information in a safe and controlled way.

Official
Featured
Qdrant Server

Qdrant Server

This repository is an example of how to create a MCP server for Qdrant, a vector search engine.

Official
Featured