Service
MCP Security Review
I review MCP tool usage, dangerous tool permissions, scoped access, policy enforcement, approval gates, and auditability for AI-agent workflows.
Who it's for
Who this is for
- Teams running MCP servers that expose tools to agents.
- Platform engineers designing tool permission models.
- Security teams assessing an agent's MCP attack surface.
Problems
Problems solved
- Flat MCP tool surfaces with no per-tool scoping.
- Tools that accept arguments outside the agent's intended scope.
- No approval gate on consequential MCP tools.
- Missing or non-tamper-evident audit of tool calls.
- Secrets and sensitive context flowing through tool arguments.
Scope
What I review / build
- Inventory every MCP tool and its argument schema.
- Classify tools by consequence and reversibility.
- Review the policy layer (or design one if absent).
- Assess approval modes and audit completeness.
- Recommend a guardrail-proxy architecture where appropriate.
Deliverables
Deliverables
- MCP tool inventory with consequence classification.
- Permission and scoping review.
- Policy and approval-mode recommendations.
- Audit-completeness assessment.
- Reference guardrail-proxy architecture.
Process
Sample workflow
01
Tool inventory
Enumerate MCP tools, arguments, and the identities that can call them.
02
Classification
Rank tools by blast radius — read-only, state-changing, irreversible.
03
Policy review
Assess existing enforcement and design the missing controls.
04
Report
Deliver the inventory, findings, and a recommended boundary-layer architecture.
Controls
Security controls included
Typical effort
1 weekfocused effort
Scoped around availability. Async-friendly.
How to start
Get in touchno sales call
This is work I do and write about in the open — reach out to compare notes or ask a question.
FAQ
Frequently asked questions.
Is MCP itself insecure?
No. MCP is a protocol; security is a property of how it is deployed. The review focuses on policy, scoping, approval, and audit around your MCP servers.
Can you design the guardrail layer too?
Yes. The review can extend into a build where I design or implement a guardrail proxy in front of your MCP servers.
Do you test against production MCP servers?
Only against non-production instances, and never without written approval.
Related Topics
Related Projects
Let's talk
Want to talk it through?
Building or securing something similar? Tell me about your agent, stack, or SOC workflow — I'm happy to compare notes.