Helixar Labs
FrameworkMITCommunity maintained

MCP Security Checklist

The practitioner’s security framework for production MCP deployments.

MCP adoption is outpacing the security guidance for it — teams ship servers with no auth, no validation, and no monitoring. The checklist gives engineering and security teams a structured, actionable framework: seven domains, a prioritised Top 10, and four formats.

Status
Active
Domains
7 security domains
Formats
Markdown · JSON · YAML · Web
License
MIT

What it covers

A shared vocabulary and control set so no MCP security review starts from scratch.

Top 10 critical controls

mTLS, least-privilege tool scoping, input-schema validation, behavioural anomaly detection.

7 security domains

Authentication through to executive risk framing — every domain maps to actionable controls, not guidelines.

CI/CD integration

JSON and YAML formats run checklist validation as a gate in your deployment pipeline.

Four formats

Markdown for engineers, JSON for automation, YAML for pipelines, an interactive web version for SOC teams.

The seven domains

Each contains actionable controls with implementation guidance.

Authentication & authorisation

mTLS enforcement, token scoping, least-privilege tool access.

Input validation & prompt injection

Schema enforcement, injection detection, sanitisation patterns.

Tool & resource exposure

Minimal surface area, permission boundaries, tool inventory.

API session security

Session lifecycle, token rotation, replay prevention.

Monitoring & observability

Behavioural anomaly detection, audit trails, alerting.

Network & infrastructure

Egress controls, network segmentation, TLS configuration.

Executive risk summary

Business risk framing, compliance mapping, escalation guidance.