Metadata-Version: 2.4
Name: shieldbot-mcp
Version: 1.0.0
Summary: AI-powered security code review MCP server for Claude Code — combines Semgrep (5,000+ rules), bandit, detect-secrets, pip-audit, and npm-audit
Project-URL: Homepage, https://github.com/BalaSriharsha/shieldbot
Project-URL: Repository, https://github.com/BalaSriharsha/shieldbot
Project-URL: Bug Tracker, https://github.com/BalaSriharsha/shieldbot/issues
License: MIT
Keywords: anthropic,claude,code-review,mcp,sast,security,semgrep,vulnerability
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Quality Assurance
Requires-Python: >=3.11
Requires-Dist: anyio>=4.0.0
Requires-Dist: bandit>=1.7.0
Requires-Dist: detect-secrets>=1.4.0
Requires-Dist: gitpython>=3.1.0
Requires-Dist: jinja2>=3.0.0
Requires-Dist: mcp>=1.0.0
Requires-Dist: pip-audit>=2.6.0
Requires-Dist: pydantic>=2.0.0
Requires-Dist: ruff>=0.1.0
Requires-Dist: semgrep>=1.50.0
Provides-Extra: dev
Requires-Dist: hatchling; extra == 'dev'
Requires-Dist: pytest; extra == 'dev'
Requires-Dist: pytest-asyncio; extra == 'dev'
Description-Content-Type: text/markdown

# shieldbot-mcp

AI-powered security code review MCP server for Claude Code.

Combines **Semgrep (5,000+ rules)**, bandit, ruff, detect-secrets, pip-audit, and npm-audit with Claude's security expertise to deliver prioritized, actionable security reports.

## Install

```bash
pip install shieldbot-mcp
```

Or run directly via `uvx` (recommended for MCP):
```bash
uvx shieldbot-mcp
```

## Usage with Claude Code

Install the plugin:
```
/plugin install shieldbot
```

Then ask Claude naturally:
- *"scan this repo for security issues"*
- *"check for hardcoded secrets"*
- *"audit my dependencies for CVEs"*

Or use the slash command:
```
/shieldbot-scan .
/shieldbot-scan /path/to/repo --min-severity high
/shieldbot-scan . --git-history
```

## MCP tools exposed

| Tool | Description |
|------|-------------|
| `scan_repository` | Full parallel security scan → JSON report |
| `check_scanner_tools` | Check which scanners are installed |

## Add to any MCP client

```json
{
  "mcpServers": {
    "shieldbot": {
      "command": "uvx",
      "args": ["shieldbot-mcp"]
    }
  }
}
```

## Scanners

| Scanner | Coverage |
|---------|---------|
| Semgrep 5,000+ rules | OWASP Top 10, CWE Top 25, injection, XSS, SSRF, taint |
| bandit | Python security |
| ruff | Python quality + security |
| detect-secrets | API keys, passwords, tokens |
| pip-audit | Python CVEs (PyPI Advisory DB) |
| npm audit | Node.js CVEs |

## Publish to PyPI

```bash
pip install hatchling build twine
python -m build
twine upload dist/*
```

## License

MIT
