What types of threats does Prompt Shield scan for?

It performs 18 automated checks covering hidden text (zero-width chars, homoglyphs), prompt injection, sensitive data access (crypto wallets, env files), network exfiltration, and malicious code execution.

How are the security audit results presented?

The tool generates a standardized Markdown report including author trust scores, automated scan results for all 18 checks, a URL inventory, and a final verdict of Safe, Caution, or Avoid.

Does it work with Model Context Protocol (MCP) servers?

Yes, Prompt Shield is specifically designed to audit Claude Code skills, MCP servers, and npm package dependencies for potential vulnerabilities.

Can it verify the reputation of a plugin author?

Yes, Prompt Shield uses the GitHub API to analyze account age, contribution history, and community trust signals to provide an author trustworthiness score from 1 to 10.

Is the scanning process fully automated?

The tool provides 18 automated checks to catch common patterns, followed by a structured 8-step workflow that guides the user through a manual deep review for maximum security.

Prompt Shield Security Auditor

Name: Prompt Shield Security Auditor
Author: frenchieTST

byfrenchieTST

•

Security & Testing

Protects your Claude Code environment by performing comprehensive security audits on third-party skills, MCP servers, and npm packages.

Prompt Shield is a robust security auditing tool designed to safeguard Claude Code environments from malicious third-party code and supply chain vulnerabilities. It automates 18 distinct security checks to detect sophisticated threats like prompt injection, hidden data exfiltration, homoglyph attacks, and persistence mechanisms. By integrating GitHub API lookups for author verification with deep file analysis and network vector scanning, it provides developers with a clear risk assessment and actionable security reports before they install or execute new plugins, helping to ensure the integrity of the local development environment.

Key Features

011 GitHub stars

02Scans for data exfiltration vectors like hardcoded IPs and unauthorized network calls

03Deep author verification via GitHub API to assess developer trustworthiness

04Detection of hidden malicious content including zero-width characters and homoglyphs

0518 automated security checks covering encoding, injection, and data access

06Standardized security reports with clear risk levels and installation verdicts

Use Cases

01Scanning codebases for hidden prompt injection attacks and malicious background processes

02Verifying the security of an MCP server or npm package to mitigate supply chain risks

03Auditing a new Claude Code skill or plugin before installation to prevent environment compromise

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add frenchietst/prompt-shield prompt-shield

For use in Claude.ai and ChatGPT

Download Skill