MCP security
MCP server security checklist for agent users
An MCP server expands what an agent can do. Before connecting one, review both the server command and the tool surface it exposes to the model.
Review the launch command
Check the exact binary, package manager command, arguments, working directory, and environment variables used to start the server. Prefer pinned package versions over floating latest installs.
Map exposed tools to real permissions
Tool names can sound harmless while granting file writes, network calls, database access, or command execution. Review what each tool can reach, not just how it is described.
Limit local filesystem reach
Use narrow workspace paths where possible. Avoid granting a server access to the whole home directory unless that broad authority is the point of the tool.
Separate trusted and untrusted workflows
A server used for production credentials should not be available to casual browsing or untrusted prompt workflows. Keep sensitive tools out of broad agent sessions.