๐Ÿ“ฆ

awesome-mcp-security

by Puliczek/awesome-mcp-security

3 views

๐Ÿ”ฅ๐Ÿ”’ Awesome MCP (Model Context Protocol) Security ๐Ÿ–ฅ๏ธ

githubanalysisSecurity & Privacy
๐Ÿค Show your support - give a โญ๏ธ if you liked the content

Awesome MCP Security Awesome

Everything you need to know about Model Context Protocol (MCP) security.

Table of Contents

๐Ÿ“” Security Considerations

Official Security Considerations from the Official MCP Specification Rev: 2025-03-26

[!NOTE] 15.04.2025: The current MCP auth specification is in progress of being replaced by a more robust specification. Please join the conversation if you have concerns around the current auth specification.

  • Servers MUST:

    • Validate all tool inputs
    • Implement proper access controls
    • Rate limit tool invocations
    • Sanitize tool outputs
  • Clients SHOULD:

    • Prompt for user confirmation on sensitive operations
    • Show tool inputs to the user before calling the server, to avoid malicious or accidental data exfiltration
    • Validate tool results before passing to LLM
    • Implement timeouts for tool calls
    • Log tool usage for audit purposes

[!WARNING]
For trust & safety and security, clients MUST consider tool annotations to be untrusted unless they come from trusted servers.

[!WARNING]
For trust & safety and security, there SHOULD always be a human in the loop* with the ability to deny tool invocations.

Applications SHOULD:

  • Provide UI that makes clear which tools are being exposed to the AI model.
  • Insert clear visual indicators when tools are invoked.
  • Present confirmation prompts to the user for operations, to ensure a human is in the loop.

[!NOTE]
*Human-in-the-Loop (HITL) means that user help monitor and guide automated tasks, like deciding whether to accept tool requests in Cursor.

๐Ÿ“ƒ Papers

๐Ÿ“บ Videos

๐Ÿ“• Articles, X threads and Blog Posts

๐Ÿง‘โ€๐Ÿš€ Tools and code

๐Ÿ’พ MCP Security Servers

๐Ÿ’ป Other Useful Resources

๐Ÿ˜Ž Contributing

๐Ÿ‘๐ŸŽ‰ First off, thanks for taking the time to contribute! ๐ŸŽ‰๐Ÿ‘

Please read and follow our contributing guide

Thanks! ๐Ÿฆ„

๐Ÿค Show your support

๐Ÿค Show your support - give a โญ๏ธ if you liked the content

โœ”๏ธ Disclaimer

This project can only be used for educational purposes. Using this resource against target systems without prior permission is illegal, and any damages from misuse of this software will not be the responsibility of the author.

Install

No configuration available
For more configuration details, refer to the content on the left

Related

Related projects feature coming soon

Will recommend related projects based on sub-categories