๐ฅ๐ Awesome MCP (Model Context Protocol) Security ๐ฅ๏ธ
Everything you need to know about Model Context Protocol (MCP) security.
Official Security Considerations from the Official MCP Specification Rev: 2025-03-26
[!NOTE] 15.04.2025: The current MCP auth specification is in progress of being replaced by a more robust specification. Please join the conversation if you have concerns around the current auth specification.
Servers MUST:
Clients SHOULD:
[!WARNING]
For trust & safety and security, clients MUST consider tool annotations to be untrusted unless they come from trusted servers.
[!WARNING]
For trust & safety and security, there SHOULD always be a human in the loop* with the ability to deny tool invocations.Applications SHOULD:
- Provide UI that makes clear which tools are being exposed to the AI model.
- Insert clear visual indicators when tools are invoked.
- Present confirmation prompts to the user for operations, to ensure a human is in the loop.
[!NOTE]
*Human-in-the-Loop (HITL) means that user help monitor and guide automated tasks, like deciding whether to accept tool requests in Cursor.
๐๐ First off, thanks for taking the time to contribute! ๐๐
Please read and follow our contributing guide
Thanks! ๐ฆ
This project can only be used for educational purposes. Using this resource against target systems without prior permission is illegal, and any damages from misuse of this software will not be the responsibility of the author.
No configuration available
Related projects feature coming soon
Will recommend related projects based on sub-categories