RootShield scans your MCP servers, API keys, and agent configs — then shows you the exposure graph. 100% offline. Zero data leaves your machine.
Free tier includes Secrets layer, Skill Shield, and Integrations
Every AI agent you install adds API keys, config files, and MCP connections to your machine. Nobody can see the full picture.
Developers run 3–5 AI agents with MCP servers, API keys, and configs scattered across their machine. A single misconfigured agent can expose secrets to every service it connects to. You need a way to see the exposure — before something goes wrong.
One tool to map every connection between your agents, secrets, and external services.
See every connection between your agents, secrets, and external services in an interactive force-directed graph.
Secrets, Permissions, Supply Chain, Egress, Schedule, Prompt Injection, and Cross-Agent — each a distinct view of your exposure.
Analyze any MCP server or skill before installing. See its capabilities, signals, and blast radius on your workspace.
Make your AI agents security-aware with automatic CLAUDE.md instruction file generation and monitoring.
Real-time alerts when agent configs change, with full source attribution so you know what happened and why.
See exactly what changed between inspections. SHA-256 baselines for every skill and config file on your machine.
No agents, no SDKs, no sign-up. Just a native macOS app that reads your local configs.
Grant read-only access to your agent config folders. RootShield never writes to your files.
One click scans everything — agents, MCP servers, secrets, and configs. Takes under 3 seconds.
Your exposure graph, posture score, and actionable findings — all in one view. No data ever leaves your machine.
Free tier gives you real security insights. Pro unlocks the full picture.
No. RootShield is 100% offline. It reads your local agent config files and renders everything on your machine. Zero network calls, zero telemetry, zero data collection. Your secrets stay on your device.
RootShield supports Claude Code, Cursor, Windsurf, Cline, OpenClaw, Gemini CLI, Ollama, LM Studio, Aider, Codex, Copilot, and any MCP server. New agents are added regularly — the scanner architecture is modular and extensible.
No. RootShield has a one-click Inspect button that scans everything automatically. The exposure graph and posture score make it easy to understand your security posture at a glance, even without a security background.
Free gives you the Secrets layer, findings summaries, 3 Skill Shield analyses per month, and the Integrations tab. Pro unlocks all 7 risk layers, the composite view, remediation guidance, Workspace Drift, Context Shield, monitoring details, exports, and unlimited Skill Shield.
Yes. The Team tier ($39/seat/month) includes everything in Pro plus a team posture dashboard, shared compliance reports, priority support, and feature tuning requests. Contact us for volume pricing.