Your AI tools connect to MCP servers — but who checks if those servers are secure? Project Shield is a CLI that grades your MCP setup in one command: `npx project-shield scan .` It catches prompt injection in tool descriptions, missing auth in MCP configs, leaked API keys (regex + entropy + context), and PII exposure. You get an A–F security grade, fix-it guides for every finding, and a deploy lock on F grade. No signup. No dashboard. Just run it. Free (5 scans/month) · Pro for teams.