Registry Threats Methodology Docs Pricing Scan Sign in

Home
Checklist

Pre-deployment

MCP Server Security Checklist

Twenty checks across five categories — every item is something a real MCP server has gotten wrong in production. Tick what passes; anything left is debt that ships with your deploy.

0 / 20 complete · 0%

Authentication & Authorization

1.1Uses OAuth 2.1 with PKCE, not static API keys
1.2Implements least-privilege tool scopes (no admin:* or files:* grants)
1.3Tokens expire and rotate; no long-lived static secrets
1.4Multi-tenant isolation: one user cannot access another's data via tool calls

Input Validation & Injection Prevention

2.1All tool-handler parameters validated before use (type, length, charset)
2.2Shell commands use subprocess list args, never string interpolation
2.3File paths validated with realpath/normpath before I/O
2.4SQL queries use parameterized statements, never string concatenation

Secrets & Credential Management

3.1No hardcoded credentials in source code
3.2API keys loaded from environment variables or a secrets manager
3.3Error messages do not expose API keys or token values
3.4Secret rotation policy documented and tested

Tool Description Integrity

4.1Tool descriptions accurately reflect actual behavior (no hidden instructions)
4.2Tool names do not shadow or collide with other registered tools
4.3Destructive operations require explicit user confirmation annotation
4.4Tool schema (params, returns) matches actual implementation

Transport & Runtime Security

5.1Remote MCP servers use HTTPS only (no plain-HTTP transport)
5.2CORS configured to specific origins, never wildcard *
5.3Rate limiting on tool invocations to prevent DoS
5.4Audit logging of all tool calls with user identity and timestamp

Run an automated version of this checklist

Most of these 20 checks can be detected statically. MCPSafe runs the equivalent of 12 of them on every scan plus 70+ MCP-specific rules you won’t find in a generic SAST.

Scan your MCP server →

MCPSafe.io

Security checks for MCP servers — public packages and private repos, fast or deep.

Legal

Privacy Policy Cookie Policy Terms of ServiceSecurity disclosure

Resources

State of MCP Security Support System statusMade in Germany 🇩🇪

© 2026 MCPSafe. All rights reserved.

GDPR — Privacy Policy