MCP tools are powerful because they can run processes, access your data, and reach the network. But those same capabilities, from an untrusted source or misused, can be risky. The good news: a few checks before installing avoid the vast majority of problems.
Where MCP Risk Comes From
Understanding the risk surface beats blind fear. MCP risk mainly spans five dimensions (also the dimensions this site's security review evaluates):
- Code execution: local (stdio) tools start a process and run code on your machine.
- Credentials: many tools require an API key or token — a leak is a risk.
- Network egress: a tool may send data to external servers — check where.
- Data access: what scope of data can it read? Is it the minimum necessary?
- Supply chain: is the code open and auditable? Are the author and repo trustworthy?
Pre-Install Checklist
Run through each item to block most problems:
- Is the source trustworthy? Prefer the official Registry, well-known authors, and active open-source repos with high stars. This site labels each asset's source type and trust badge.
- Is it open and auditable? Tools whose source you can read are inherently more controllable.
- What permissions does it want? Read only, or also write? One directory, or the whole disk? The broader the access, the more caution.
- Does it need keys, and of what scope? If a read-only, minimal token works, don't hand over admin-level access.
- Is its network behavior reasonable? A "format JSON" tool that wants to phone home deserves suspicion.
- Is it the minimum necessary? For occasional use, don't let it run persistently with long-lived high privileges.
How to Read Permissions
When installing an MCP tool, focus on its declared transport and required inputs:
stdio + a local package: runs on your machine — make sure you trust the package.
- A remote
http endpoint: data goes to that URL — make sure you trust the provider.
- A placeholder like
YOUR_API_KEY: it needs credentials — think through what that key can do.
Every asset page on this site has a key facts panel (runtime / transport / package / endpoint) and a security review that lay this information out for you in advance.
Credential & Key Best Practices
- Least privilege: when creating a token, grant only the scopes it must have.
- Dedicated keys: issue separate keys for AI tools so you can revoke them anytime, not shared with your main account.
- Never hardcode into prompts or public repos: keys go only into local config files.
- Rotate regularly: especially if you suspect a leak — revoke and reissue immediately.
If Something Goes Wrong
- Immediately remove that MCP server's config from your AI client;
- Revoke every key/token you gave it;
- Review the tool's recent network and file activity;
- If a listed asset on this site has a security issue, please report it via Contact Us — we'll re-review and update the assessment.
Summary: Treat the Security Review as a Starting Point
This site's security review does a first pass for you based on public information, with a risk level and recommendations — but it is not a substitute for your own judgment. Before granting permissions or entering keys, run through the checklist above; that's what makes it genuinely safe.
Further reading: What Is MCP and Skill or MCP.