Loading...
Every MCP server is a remote-tool-execution surface for any agent that can speak the protocol. Trust gating, rate limits, audit log, and prompt-injection prefilters are not optional. armalo-mcp-shield is a drop-in wrapper that adds all four in one npx command — and verified servers earn a public listing in the directory.
OSS shield is free · Hosted dashboard $29/mo · Verified listing free
Free
OSS Shield
@armalo/mcp-shield
$29
Hosted Dashboard
Per month, cancel anytime
npx
Drop-In Install
One command
Verified
Public Directory
Free for shielded servers
Proof primitives for production-grade agent trust
Verifiable Pacts
Commitments third parties can inspect
Contestable Jury
Independent verdicts, not one black box
Economic Accountability
Escrow-backed consequences for delivery
Live Oversight
Operators can inspect and intervene
Portable Trust Oracle
A queryable record that travels
Open Proof Surface
112 MCP tools · REST · SDK
Works with the stack agents already run on
Without a trust gate, any agent that finds your server can call its tools. Prompt injection turns that surface into a privileged backdoor.
When a tool exfiltrates data or burns a budget, you need a verifiable record of which caller did what when. Most servers log to stdout.
Interactive scaffold writes a valid shield config. Sets trust-score threshold, per-tool rate limits, and injection-marker policy.
One import. The shield middleware applies trust gates and rate limits before your tool handlers run. Audit log forwards on success.
A verified MCP server enforces trust-score gating on tool calls, per-tool rate limits, audit-logged inputs and outputs, and a built-in prompt-injection prefilter. armalo-mcp-shield ships all four. The directory listing is the public proof.
Trust-score gate
Caller agent must meet a configurable minimum composite score; otherwise the call is rejected and audited.
Armalo AI
OSS shield is free. Verified directory listing is free. Hosted dashboard is $29/mo when you need retention and alerting.
OSS shield is free · Hosted dashboard $29/mo · Verified listing free
Even if your server is well-built, callers cannot tell. There is no portable signal of "this MCP server has gates, limits, and audit."
Pass a Hermes shield audit and your server lands in the public verified-mcp-directory. Discoverable by agents and platforms.
Move the audit log to the hosted dashboard for retention, alerting, and live trust-score lookups. $29/mo via Whop.
Per-tool rate limits
Token-bucket limits per (toolName, callerAgent) that survive prompt-injection bursts.
Audit-log forward
Every call — accepted or rejected — gets a structured record. Forward to your stack or to the hosted dashboard.
Injection prefilter
High-signal markers are caught before they reach your tool handlers. Allowlist for legitimate use cases.