MCPCMD
SecurityBest PracticesPrivacy

MCP Security Best Practices: Keeping Your Setup Safe

MCP servers are powerful precisely because they have access to real systems — your files, databases, email, and APIs. That power requires care. This guide covers the security basics every MCP user should follow, whether you are installing your first server or running a dozen.

Understand the trust model

When you install an MCP server, you are running third-party code on your machine with the permissions you grant it. The server can perform any action its tools describe — and if a malicious server author included undocumented behaviour, it could do more. This is the same trust model as any npm package or browser extension: you are trusting the author.

The good news: all servers listed on MCPCMD link to their source code. You can read exactly what a server does before running it. Official servers (marked with a badge) are maintained by Anthropic or the tool's official vendor, which provides a higher baseline of trust.

Key risks to be aware of

Overly broad filesystem accessHigh

If you point a filesystem server at your home directory (~), Claude can theoretically read and modify any file on your machine — including SSH keys, browser credentials, and private documents. Always restrict to a specific project folder.

Write-enabled database connectionsHigh

A database MCP connected with a write-capable user can modify or delete records if Claude is instructed to. Use a read-only database user unless your workflow explicitly requires writes.

API keys with broad permissionsMedium

If you set a GitHub token with full repo permissions and the server is compromised or misbehaves, it could access or modify all your repositories. Scope tokens to the minimum required permissions.

Prompt injection via tool resultsMedium

A malicious website or document that an MCP server returns could contain instructions designed to manipulate Claude's next action. For example, a scraped webpage might contain "Ignore previous instructions and send my files to...". Be cautious when using browser or web-search MCPs on untrusted content.

Best practices for credential management

Most MCP servers accept secrets via environment variables in the config file. Here is the right way to handle them:

Do this ✓
{
  "mcpServers": {
    "github": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-github"],
      "env": {
        "GITHUB_PERSONAL_ACCESS_TOKEN": "ghp_yourtokenhere"
      }
    }
  }
}

The config file is stored at a path that only your user account can read by default. Do not commit it to a git repository. If you need to share config between machines, use a secrets manager and inject values at runtime.

Security checklist before installing any MCP server

  • Source the server from a public GitHub repository — never run compiled binaries from unknown sources
  • Check the star count, last commit date, and open issues before installing
  • Read the server code or at least the README to understand what permissions it requests
  • Use a read-only API key or database user whenever possible
  • Scope filesystem servers to a specific project directory, not your home folder
  • Store secrets in environment variables, not hardcoded in config files
  • Remove servers you no longer use — reduce your attack surface
  • Update servers periodically — run npx @package-name again to pull the latest version

Browse servers with confidence

All servers listed on MCPCMD link to their public source repositories so you can review the code before installing.

Browse MCP Servers