Mcp Server Security Review

Clone or read the MCP server repository and evaluate:

Credential Handling:

• How are API keys and secrets provided? (env vars, config files, args)
• Are secrets logged or exposed in error messages?
• Is there a .env.example or documentation for required credentials?
• Are credentials validated before use?

Data Exposure:

• What data flows through the server? (user prompts, file contents, API responses)
• Is sensitive data filtered or redacted before returning to the agent?
• Are there data retention or caching mechanisms?
• Is data sent to external services beyond the declared integration?

Permission Scope:

• What tools does the server expose? Are they read-only or read-write?
• Is the permission scope minimal (principle of least privilege)?
• Can the server modify files, make network requests, or execute commands?
• Are there guardrails to prevent destructive operations?

Transport Security:

• For SSE/HTTP: Is TLS required? Are connections authenticated?
• For stdio: Is the binary from a trusted source?
• Are inputs validated and sanitized?
• Is there protection against injection attacks in tool arguments?

Step 3: Score the Security Posture

Rate each dimension from 1 (critical risk) to 5 (excellent):

Overall Risk Level:

• 25-30: Low Risk — Safe to use with standard precautions
• 18-24: Medium Risk — Use with additional monitoring and restrictions
• 12-17: High Risk — Requires remediation before production use
• 6-11: Critical Risk — Do not use until issues are resolved

Step 4: Check for Common Vulnerabilities

Specifically look for:

• Hardcoded secrets or API keys in source
• eval() or dynamic code execution with user input
• Unrestricted file system access (path traversal)
• Missing input validation on tool arguments
• HTTP requests without TLS
• Excessive permissions (write access when read-only would suffice)
• No error handling (stack traces exposed to agent)
• Dependencies with known vulnerabilities (run npm audit or equivalent)
• Missing or permissive CORS configuration
• No rate limiting on resource-intensive operations

Step 5: Generate Review Report

Create a structured report with:

1. Executive Summary — Overall risk level, recommendation (approve/conditional/reject)
2. Findings Table — Each finding with severity, description, and remediation
3. Architecture Diagram — Data flow showing what data goes where
4. Recommendations — Specific changes needed before approval
5. Monitoring Plan — What to watch after deployment

Output

Deliver:

• Security review report (markdown or Google Doc)
• Risk scorecard with dimension breakdowns
• Remediation checklist with prioritized fixes
• Recommended MCP server configuration with minimal permissions