CLI Reference
Full command reference for the SpiderShield CLI.
Installation
bash
"code-function">pip install "code-function">spidershield
spidershield scan
Static security analysis of an MCP server directory.
bash
"code-function">spidershield scan ./my-mcp-server| Flag | Description |
|---|---|
--format | Output format: text, json, sarif |
--output | Write report to file |
--verbose | Show detailed findings |
spidershield guard
Wrap a stdio MCP server with runtime policy enforcement.
bash
"code-function">spidershield guard "code-keyword">--preset balanced -- "code-function">npx server
| Flag | Description |
|---|---|
--preset | Policy preset: permissive, balanced, strict |
--policy | Path to custom policy YAML |
--dlp | DLP mode: log, redact, block |
--audit | Enable JSONL audit logging |
spidershield proxy
HTTP proxy mode for network-based MCP servers.
bash
"code-function">spidershield proxy "code-keyword">--policy strict -- python server.py
| Flag | Description |
|---|---|
--policy | Policy preset or YAML file path |
--port | Proxy listen port (default: 8080) |
--dlp | DLP mode: log, redact, block |
--audit | Enable JSONL audit logging |
spidershield rewrite
LLM-powered tool description rewriter for better quality.
bash
"code-function">spidershield rewrite ./my-mcp-server| Flag | Description |
|---|---|
--provider | LLM provider: anthropic, openai, gemini |
--dry-run | Preview changes without writing |
--cache | Use SHA-256 keyed rewrite cache |
spidershield harden
Generate security fix suggestions for an MCP server.
bash
"code-function">spidershield harden ./my-mcp-server| Flag | Description |
|---|---|
--format | Output format: text, json |
--auto-fix | Apply fixes automatically |
spidershield agent-check
Security audit for agent configs, skills, and toxic flows.
bash
"code-function">spidershield agent-check ./agent-config.yaml| Flag | Description |
|---|---|
--format | Output format: text, json, sarif |
--allowlist | Path to approved skills allowlist |
spidershield policy
Manage and validate security policies.
bash
"code-function">spidershield policy list | show | validate| Flag | Description |
|---|---|
list | Show available policy presets |
show <name> | Print a policy's rules |
validate <file> | Validate a custom policy YAML |
spidershield audit
Query and analyze audit logs.
bash
"code-function">spidershield audit show | stats| Flag | Description |
|---|---|
show | Display recent audit events |
stats | Aggregate statistics from audit logs |
--session | Filter by session ID |
--tool | Filter by tool name |