Who it's for

Who this is for

  • Teams running MCP servers that expose tools to agents.
  • Platform engineers designing tool permission models.
  • Security teams assessing an agent's MCP attack surface.
Problems

Problems solved

  • Flat MCP tool surfaces with no per-tool scoping.
  • Tools that accept arguments outside the agent's intended scope.
  • No approval gate on consequential MCP tools.
  • Missing or non-tamper-evident audit of tool calls.
  • Secrets and sensitive context flowing through tool arguments.
Scope

What I review / build

  • Inventory every MCP tool and its argument schema.
  • Classify tools by consequence and reversibility.
  • Review the policy layer (or design one if absent).
  • Assess approval modes and audit completeness.
  • Recommend a guardrail-proxy architecture where appropriate.
Deliverables

Deliverables

  • MCP tool inventory with consequence classification.
  • Permission and scoping review.
  • Policy and approval-mode recommendations.
  • Audit-completeness assessment.
  • Reference guardrail-proxy architecture.
Process

Sample workflow

01

Tool inventory

Enumerate MCP tools, arguments, and the identities that can call them.

02

Classification

Rank tools by blast radius — read-only, state-changing, irreversible.

03

Policy review

Assess existing enforcement and design the missing controls.

04

Report

Deliver the inventory, findings, and a recommended boundary-layer architecture.

Controls

Security controls included

Per-tool allow-listingArgument schema validationApproval modes (auto / review / blocked)Redaction at the proxyAppend-only, hash-chained audit
Typical effort
1 weekfocused effort
Scoped around availability. Async-friendly.
How to start
Get in touchno sales call
This is work I do and write about in the open — reach out to compare notes or ask a question.
FAQ

Frequently asked questions.

Is MCP itself insecure?
No. MCP is a protocol; security is a property of how it is deployed. The review focuses on policy, scoping, approval, and audit around your MCP servers.
Can you design the guardrail layer too?
Yes. The review can extend into a build where I design or implement a guardrail proxy in front of your MCP servers.
Do you test against production MCP servers?
Only against non-production instances, and never without written approval.
Let's talk

Want to talk it through?

Building or securing something similar? Tell me about your agent, stack, or SOC workflow — I'm happy to compare notes.