Checklist
Before connecting an agent, check the boring things.
Most MCP risk is not mysterious. It is overbroad tools, unclear auth, stale code, exposed secrets, and weak operating boundaries.
- IdentityKnow who publishes the server and where the source or package comes from.
- TransportPrefer explicit auth boundaries and avoid exposing local-only assumptions to the public web.
- ToolsTreat file, shell, browser, network, wallet, credential, and database tools as high risk.
- SecretsConfirm tokens are scoped, stored outside prompts, and never echoed in tool output.
- Change controlCheck release age, dependency posture, and whether behavior changed since last review.