MR MCP Risk Ledger

MCP security audit

MCP Security Audit Workflow

An MCP security audit gives reviewers a repeatable way to decide whether a server should be enabled for agents, blocked, or approved with limits.

Open scanner preview

Review steps

  1. Confirm server identity and hosted endpoint ownership.
  2. Classify every tool by read, write, execute, destructive, and financial impact.
  3. Check authentication, token scope, package source, and version pinning.
  4. Record the approver, conditions, evidence, and review date.