Skip to main content
Detect scans devices for MCP server configurations and skill artifacts in supported client applications. Deploy via your MDM or run manually to discover shadow MCP servers and skills across your organization.

How It Works

  1. Configuration Discovery: The Runlayer CLI reads MCP configuration files, skill artifacts (SKILL.md, AGENTS.md, rule files), and installed plugin artifacts from known locations
  2. Secure Submission: Configuration, skill, and plugin data is securely submitted to Runlayer
  3. Classification: Runlayer classifies each discovery:
    • MCP Servers are classified as:
      • Managed: Running through Runlayer (approved and monitored)
      • Shadow: Configured outside Runlayer (flagged for review)
    • Skills are classified as:
      • Managed: Published and managed through Runlayer
      • Shadow: Installed outside organizational control (flagged for review)
      • Outdated: Previously managed but now out of date
    • Skill Risk Levels: Each discovered skill is assigned a risk level:
      • High: Skill contains risky instructions (prompt injection, data exfiltration patterns)
      • Medium: Skill has potentially risky characteristics that warrant review
      • Low: Skill has minor concerns but is unlikely to pose a threat
      • Minimal: Skill appears safe with no concerning patterns detected
  4. Alerting: Administrators and security teams are notified of newly discovered shadow servers and skills

Security Team Workflow

  • Get visibility into all MCP servers and skills across your organization
  • Identify which AI tools employees are using (Cursor, Claude, VS Code, etc.)
  • Build an inventory of shadow integrations and skills for risk assessment
  • Track trends in MCP and skill adoption over time
When shadow MCP servers are discovered, evaluate:
  • Source: Is the MCP from a known vendor or unknown source?
  • Permissions: What data and systems can it access?
  • User context: Who configured it and for what purpose?
  • Network exposure: Does it connect to external endpoints?
When shadow skills are discovered, evaluate:
  • Risk level: Is the skill flagged as High or Medium risk?
  • Instructions: Does the skill contain prompts that could manipulate AI behavior?
  • Source: Is the skill from a trusted repository or an unknown source?
  • Scope: What actions does the skill instruct the AI to perform?
Based on risk assessment:
  • Low risk: Migrate to Runlayer-managed server or skill for visibility
  • Medium risk: Require user to submit for approval review
  • High risk: Immediate remediation via MDM policy or direct intervention
  • Risky: Incident response, credential rotation, forensic analysis

Supported Clients

ClientmacOSWindowsSkillsPlugins
Cursor
VS Code
Claude Desktop / Cowork
Claude Code
Windsurf
Goose
Zed
OpenCode
Codex

Shadow Skills Discovery

Detect discovers skill artifacts alongside MCP server configurations in the same scan. Each discovered skill is classified and assigned a risk level based on its content.

Skill Classification

ClassificationDescription
ShadowSkill installed outside organizational control, not published in Runlayer
ManagedSkill published and managed through Runlayer
OutdatedSkill was previously managed but the published version has since been updated

Risk Levels

Skills flagged as High or Medium risk warrant immediate attention from security teams.
Risk LevelDescription
HighContains risky instructions — prompt injection, data exfiltration patterns, or unsafe automation
MediumPotentially risky characteristics that warrant review
LowMinor concerns, unlikely to pose a threat
MinimalNo concerning patterns detected

Shadow Plugins Discovery

Detect also discovers installed plugin artifacts alongside MCP servers and skills. Discovered plugins are classified using the same managed/shadow model:
ClassificationDescription
ShadowPlugin installed outside organizational control, not published in Runlayer
ManagedPlugin published and managed through Runlayer
Plugin discoveries appear in the Analytics dashboard alongside MCP server and skill data. Re-analysis also covers plugins — reclassifying them when catalog data changes.

Deployment

MDM Deployment

Deploy Detect across your organization directly from the Runlayer dashboard:
1

Navigate to Shadow MCPs

Go to SettingsShadow MCPs in the Runlayer dashboard
2

Configure Detect

Click Configure under the Detect section and select your MDM platform
3

Follow the Setup Guide

The in-app setup guide provides the deployment script and configuration for your MDM. Copy the generated script and API key, then follow the instructions for your platform.

Manual Installation

For testing or individual device setup, run the CLI directly. Install the Runlayer CLI: 
curl -LsSf https://astral.sh/uv/install.sh | sh
uvx runlayer --help
Configure credentials: Create an organization API key in the Runlayer dashboard (SettingsAPI Keys) with the Detect Scan role, then store it in the CLI: 
uvx runlayer org-api-key add ai-watch --secret rl_org_your_key_here --host https://your-instance.runlayer.com
Run a scan: 
uvx runlayer scan --org-api-key ai-watch

# Dry run - see what would be submitted without sending
uvx runlayer scan --org-api-key ai-watch --dry-run

# Verbose output
uvx runlayer scan --org-api-key ai-watch --verbose
The scan discovers MCP server configurations, skill artifacts (global and project-level), and installed plugin artifacts in a single pass.

Custom Integration

Use these modular components to build your own Detect integration when you need custom scheduling or deployment infrastructure. Install the CLI as a tool: 
uv tool install runlayer
Example: Cron Job (macOS/Linux) 
crontab -e

# Run daily at 9 AM
0 9 * * * /path/to/uvx runlayer scan
Example: Task Scheduler (Windows) 
$action = New-ScheduledTaskAction -Execute "uvx" -Argument "runlayer scan"
$trigger = New-ScheduledTaskTrigger -Daily -At 9am
Register-ScheduledTask -TaskName "Detect Scan" -Action $action -Trigger $trigger

Viewing Results

After a scan, view discovered servers, skills, and plugins in the Runlayer dashboard:
  1. Navigate to Analytics
  2. The Shadow MCP section shows:
    • Total devices scanned
    • Managed vs. shadow servers
    • Newly discovered shadow servers
  3. The Shadow Skills section shows:
    • Shadow skills by risk level (High, Medium, Low, Minimal)
    • Skill classification breakdown (Shadow, Managed, Outdated)
    • Top repositories with shadow skills
    • Skill discovery trends over time
  4. The Shadow Plugins section shows:
    • Managed vs. shadow plugins
    • Plugin classification breakdown

Resolving Unmatched Usernames

Detect automatically resolves device usernames to Runlayer users using tiered matching (email, name patterns, etc.). Some usernames may remain unresolved due to typos, missing users, or ambiguous matches. Administrators can manually match these usernames from the dashboard.
1

Navigate to Shadow MCPs

Go to SettingsShadow MCPs in the Runlayer dashboard
2

Find Unresolved Usernames

Scroll to the Unresolved Usernames section below Detect Re-analysis. This section only appears when there are unresolved usernames.
3

Match Usernames to Users

For each unresolved username, search for the correct user in the dropdown and click Match to link the username to that user. All devices associated with that username will be updated.
Manual username matches are recorded in the audit log, including the admin who performed the match, the username, the matched user, and the number of devices affected.

Enforce

Block shadow MCP tool calls in real-time

Responding to Discoveries

Security team response framework

Re-analyzing Classifications

Refresh server and skill classifications after changes

Troubleshooting

Common issues and solutions