agentsSource-backedReview first Safety ✓ Privacy ✓

MCP Remote Server Security Auditor Agent

Community reusable agent prompt for reviewing new MCP server adoption in Claude Code using official security documentation: trusted providers, permissions configuration, trust verification, and settings checked into source control.

by kiannidev·added 2026-06-16·

Claude Code

HarnessClaude Code

Install

Source

## Content

MCP Remote Server Security Auditor Agent is a community-authored reusable prompt for
reviewing MCP server adoption in Claude Code. It applies official Claude Code security
documentation—not a certified MCP security audit service.

## Scope Note

This prompt operationalizes the MCP security section of code.claude.com security docs.
OAuth integration reviews are covered by mcp-oauth-integration-reviewer-agent; authorization
spec boundary analysis by mcp-authorization-boundary-review-agent.

## Agent Prompt

You are an MCP server security reviewer for Claude Code deployments. Evaluate proposed MCP
servers using official Claude Code security documentation.

Workflow:

1. **Server inventory.** Record server name, provider, transport, and whether it is first-party or third-party.
2. **Trusted provider check.** Apply documented guidance to prefer own servers or providers the team trusts.
3. **Settings placement.** Confirm allowed MCP servers are configured in version-controlled Claude Code settings as documented.
4. **Permissions plan.** Map required Claude Code MCP permissions and deny rules before enablement.
5. **Trust verification.** Note that new MCP servers require trust verification in interactive sessions per official docs.
6. **Directory vs custom.** Distinguish Anthropic Directory listings from unaudited third-party servers per documentation.
7. **Decision.** Approve with permissions constraints, defer pending vendor review, or block with required fixes.

Output contract:

- Server summary with provider trust classification.
- Permissions and settings checklist mapped to official MCP security guidance.
- Trust verification and rollout notes for the team.
- Approve / defer / block recommendation.

## Features

- Applies Claude Code MCP security documentation to adoption reviews.
- Emphasizes trusted providers, permissions, and trust verification over generic MCP overviews.
- Supports version-controlled settings review workflows.
- Separates directory-listed connectors from custom third-party servers per official docs.

## Use Cases

- Review a proposed third-party MCP server before merging settings into a repo.
- Prepare enterprise rollout checklists for MCP allowlists and permissions.
- Onboard a new connector with documented trust verification expectations.
- Audit existing MCP settings files against official security guidance.

## Source Notes

Verified against Claude Code security documentation on **2026-06-16**:

- Official MCP security guidance states allowed MCP servers are configured in Claude Code
  settings checked into source code and encourages using own servers or trusted providers.
- Documentation notes teams can configure Claude Code permissions for MCP servers and that
  Anthropic reviews directory connectors but does not security-audit MCP servers.
- Security docs describe trust verification for first-time codebase runs and new MCP servers
  in interactive sessions, with related prompt-injection safeguards across the permission system.

## Duplicate Check

Checked content/agents for MCP security review coverage.
mcp-oauth-integration-reviewer-agent focuses on remote OAuth integration approval.
mcp-authorization-boundary-review-agent focuses on MCP authorization specification boundaries.
No agents entry applies Claude Code security documentation MCP guidance to pre-adoption
server review with permissions and trust verification checklists.

## Editorial Disclosure

Submitted as an independent community agent entry by kiannidev, based on public Claude
Code security documentation and the public anthropics/claude-code repository.
No paid placement, referral, or affiliate relationship.

## Sources

- Claude Code security - https://code.claude.com/docs/en/security
- Claude Code MCP - https://code.claude.com/docs/en/mcp
- Claude Code permissions - https://code.claude.com/docs/en/permissions

Readiness

TrustReview first
Sourcesource-backed
Safety notesPresent
ReviewedYes

Documentation Source repository Registry JSON · LLM text

Review first — review before installing

Open the source and read safety notes before installing.

Safety notes

Anthropic reviews directory connectors but does not security-audit third-party MCP servers per official docs.
This prompt applies documented Claude Code guidance; it is not a penetration test.
Prefer writing or vetting your own MCP servers when handling sensitive repositories.
Trust verification applies to new MCP servers—do not bypass in non-interactive modes without policy review.

Privacy notes

MCP settings checked into source control may expose internal server names and endpoints.
Audit summaries should not paste secrets from server configuration files.
Third-party MCP tools may send repository context externally—note data residency in reviews.

Prerequisites

Draft MCP server entry for Claude Code settings or managed configuration.
Provider identity and whether the server is first-party, directory-listed, or third-party.
Team policy for MCP permissions and version-controlled settings files.
Inventory of tools exposed by the server if available from the provider.

Schema details

Install type: copy
Troubleshooting: No

Source repository stats

Scope: Source repo

Full copyable content

## Content

MCP Remote Server Security Auditor Agent is a community-authored reusable prompt for
reviewing MCP server adoption in Claude Code. It applies official Claude Code security
documentation—not a certified MCP security audit service.

## Scope Note

This prompt operationalizes the MCP security section of code.claude.com security docs.
OAuth integration reviews are covered by mcp-oauth-integration-reviewer-agent; authorization
spec boundary analysis by mcp-authorization-boundary-review-agent.

## Agent Prompt

You are an MCP server security reviewer for Claude Code deployments. Evaluate proposed MCP
servers using official Claude Code security documentation.

Workflow:

1. **Server inventory.** Record server name, provider, transport, and whether it is first-party or third-party.
2. **Trusted provider check.** Apply documented guidance to prefer own servers or providers the team trusts.
3. **Settings placement.** Confirm allowed MCP servers are configured in version-controlled Claude Code settings as documented.
4. **Permissions plan.** Map required Claude Code MCP permissions and deny rules before enablement.
5. **Trust verification.** Note that new MCP servers require trust verification in interactive sessions per official docs.
6. **Directory vs custom.** Distinguish Anthropic Directory listings from unaudited third-party servers per documentation.
7. **Decision.** Approve with permissions constraints, defer pending vendor review, or block with required fixes.

Output contract:

- Server summary with provider trust classification.
- Permissions and settings checklist mapped to official MCP security guidance.
- Trust verification and rollout notes for the team.
- Approve / defer / block recommendation.

## Features

- Applies Claude Code MCP security documentation to adoption reviews.
- Emphasizes trusted providers, permissions, and trust verification over generic MCP overviews.
- Supports version-controlled settings review workflows.
- Separates directory-listed connectors from custom third-party servers per official docs.

## Use Cases

- Review a proposed third-party MCP server before merging settings into a repo.
- Prepare enterprise rollout checklists for MCP allowlists and permissions.
- Onboard a new connector with documented trust verification expectations.
- Audit existing MCP settings files against official security guidance.

## Source Notes

Verified against Claude Code security documentation on **2026-06-16**:

- Official MCP security guidance states allowed MCP servers are configured in Claude Code
  settings checked into source code and encourages using own servers or trusted providers.
- Documentation notes teams can configure Claude Code permissions for MCP servers and that
  Anthropic reviews directory connectors but does not security-audit MCP servers.
- Security docs describe trust verification for first-time codebase runs and new MCP servers
  in interactive sessions, with related prompt-injection safeguards across the permission system.

## Duplicate Check

Checked content/agents for MCP security review coverage.
mcp-oauth-integration-reviewer-agent focuses on remote OAuth integration approval.
mcp-authorization-boundary-review-agent focuses on MCP authorization specification boundaries.
No agents entry applies Claude Code security documentation MCP guidance to pre-adoption
server review with permissions and trust verification checklists.

## Editorial Disclosure

Submitted as an independent community agent entry by kiannidev, based on public Claude
Code security documentation and the public anthropics/claude-code repository.
No paid placement, referral, or affiliate relationship.

## Sources

- Claude Code security - https://code.claude.com/docs/en/security
- Claude Code MCP - https://code.claude.com/docs/en/mcp
- Claude Code permissions - https://code.claude.com/docs/en/permissions

About this resource

Content

MCP Remote Server Security Auditor Agent is a community-authored reusable prompt for reviewing MCP server adoption in Claude Code. It applies official Claude Code security documentation—not a certified MCP security audit service.

Scope Note

This prompt operationalizes the MCP security section of code.claude.com security docs. OAuth integration reviews are covered by mcp-oauth-integration-reviewer-agent; authorization spec boundary analysis by mcp-authorization-boundary-review-agent.

Agent Prompt

You are an MCP server security reviewer for Claude Code deployments. Evaluate proposed MCP servers using official Claude Code security documentation.

Workflow:

Server inventory. Record server name, provider, transport, and whether it is first-party or third-party.
Trusted provider check. Apply documented guidance to prefer own servers or providers the team trusts.
Settings placement. Confirm allowed MCP servers are configured in version-controlled Claude Code settings as documented.
Permissions plan. Map required Claude Code MCP permissions and deny rules before enablement.
Trust verification. Note that new MCP servers require trust verification in interactive sessions per official docs.
Directory vs custom. Distinguish Anthropic Directory listings from unaudited third-party servers per documentation.
Decision. Approve with permissions constraints, defer pending vendor review, or block with required fixes.

Output contract:

Server summary with provider trust classification.
Permissions and settings checklist mapped to official MCP security guidance.
Trust verification and rollout notes for the team.
Approve / defer / block recommendation.

Features

Applies Claude Code MCP security documentation to adoption reviews.
Emphasizes trusted providers, permissions, and trust verification over generic MCP overviews.
Supports version-controlled settings review workflows.
Separates directory-listed connectors from custom third-party servers per official docs.

Use Cases

Review a proposed third-party MCP server before merging settings into a repo.
Prepare enterprise rollout checklists for MCP allowlists and permissions.
Onboard a new connector with documented trust verification expectations.
Audit existing MCP settings files against official security guidance.

Source Notes

Verified against Claude Code security documentation on 2026-06-16:

Official MCP security guidance states allowed MCP servers are configured in Claude Code settings checked into source code and encourages using own servers or trusted providers.
Documentation notes teams can configure Claude Code permissions for MCP servers and that Anthropic reviews directory connectors but does not security-audit MCP servers.
Security docs describe trust verification for first-time codebase runs and new MCP servers in interactive sessions, with related prompt-injection safeguards across the permission system.

Duplicate Check

Checked content/agents for MCP security review coverage. mcp-oauth-integration-reviewer-agent focuses on remote OAuth integration approval. mcp-authorization-boundary-review-agent focuses on MCP authorization specification boundaries. No agents entry applies Claude Code security documentation MCP guidance to pre-adoption server review with permissions and trust verification checklists.

Editorial Disclosure

Submitted as an independent community agent entry by kiannidev, based on public Claude Code security documentation and the public anthropics/claude-code repository. No paid placement, referral, or affiliate relationship.

Sources

Claude Code security - https://code.claude.com/docs/en/security
Claude Code MCP - https://code.claude.com/docs/en/mcp
Claude Code permissions - https://code.claude.com/docs/en/permissions

#mcp #security #claude-code #permissions #audit

Source citations

Add this badge to your README

Show that MCP Remote Server Security Auditor Agent is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

[![Listed on HeyClaude](https://heyclau.de/badge/agents/mcp-remote-server-security-auditor-agent.svg)](https://heyclau.de/entry/agents/mcp-remote-server-security-auditor-agent)

How it compares

MCP Remote Server Security Auditor Agent side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

Field	MCP Remote Server Security Auditor Agent Community reusable agent prompt for reviewing new MCP server adoption in Claude Code using official security documentation: trusted providers, permissions configuration, trust verification, and settings checked into source control. Open dossier	Claude Agent SDK MCP Integration Capability Pack Skill Expert Claude Agent SDK MCP integration capability pack for designing, reviewing, and rolling out Agent SDK MCP integration with source-backed checklists, production rules, and privacy-safe output contracts. Open dossier	Claude Agent SDK Session Storage Capability Pack Skill Expert Claude Agent SDK session storage capability pack for designing, reviewing, and rolling out Agent SDK session storage with source-backed checklists, production rules, and privacy-safe output contracts. Open dossier	Claude Code GitLab CI agent Capability Pack Skill Expert Claude Code GitLab CI agent capability pack for designing, reviewing, and rolling out GitLab CI agent with source-backed checklists, production rules, and privacy-safe output contracts. Open dossier
Trust
Install risk	Review first	Review first	Review first	Review first
Notes	Safety ✓ Privacy ✓	Safety ✓ Privacy ✓	Safety ✓ Privacy ✓	Safety ✓ Privacy ✓
Category	agents	skills	skills	skills
Source	source-backed	source-backed	source-backed	source-backed
Author	kiannidev	kiannidev	kiannidev	kiannidev
Added	2026-06-16	2026-06-14	2026-06-14	2026-06-14
Platforms	Claude Code	Claude CodeCodexWindsurfGeminiCursorCLI	Claude CodeCodexWindsurfGeminiCursorCLI	Claude CodeCodexWindsurfGeminiCursorCLI
Source repo	—	—	—	—
Safety notes	✓Anthropic reviews directory connectors but does not security-audit third-party MCP servers per official docs. This prompt applies documented Claude Code guidance; it is not a penetration test. Prefer writing or vetting your own MCP servers when handling sensitive repositories. Trust verification applies to new MCP servers—do not bypass in non-interactive modes without policy review.	✓This skill plans Agent SDK MCP integration; it must not execute destructive changes without explicit approval. Browser, computer-use, and remote surfaces can access sensitive UI state; scope tests carefully. MCP and SDK integrations may exfiltrate data if tool scopes are too broad. The public `anthropics/claude-code` repository ships documentation links to code.claude.com for settings, security, and integration surfaces. Scheduled or autonomous workflows compound risk; cap blast radius in staging first.	✓This skill plans Agent SDK session storage; it must not execute destructive changes without explicit approval. Browser, computer-use, and remote surfaces can access sensitive UI state; scope tests carefully. MCP and SDK integrations may exfiltrate data if tool scopes are too broad. The public `anthropics/claude-code` repository ships documentation links to code.claude.com for settings, security, and integration surfaces. Scheduled or autonomous workflows compound risk; cap blast radius in staging first.	✓This skill plans GitLab CI agent; it must not execute destructive changes without explicit approval. Browser, computer-use, and remote surfaces can access sensitive UI state; scope tests carefully. MCP and SDK integrations may exfiltrate data if tool scopes are too broad. The public `anthropics/claude-code` repository ships documentation links to code.claude.com for settings, security, and integration surfaces. Scheduled or autonomous workflows compound risk; cap blast radius in staging first.
Privacy notes	✓MCP settings checked into source control may expose internal server names and endpoints. Audit summaries should not paste secrets from server configuration files. Third-party MCP tools may send repository context externally—note data residency in reviews.	✓Reviews may expose integration tokens, customer metadata, and internal URLs related to Agent SDK MCP integration. Telemetry and analytics configs can include account emails; redact before sharing externally. Keep troubleshooting logs in internal channels unless explicitly sanitized. Third-party vendors remain outside Anthropic retention policies; document separately.	✓Reviews may expose integration tokens, customer metadata, and internal URLs related to Agent SDK session storage. Telemetry and analytics configs can include account emails; redact before sharing externally. Keep troubleshooting logs in internal channels unless explicitly sanitized. Third-party vendors remain outside Anthropic retention policies; document separately.	✓Reviews may expose integration tokens, customer metadata, and internal URLs related to GitLab CI agent. Telemetry and analytics configs can include account emails; redact before sharing externally. Keep troubleshooting logs in internal channels unless explicitly sanitized. Third-party vendors remain outside Anthropic retention policies; document separately.
Prerequisites	Draft MCP server entry for Claude Code settings or managed configuration. Provider identity and whether the server is first-party, directory-listed, or third-party. Team policy for MCP permissions and version-controlled settings files. Inventory of tools exposed by the server if available from the provider.	Access to Claude Code or Agent SDK environment where Agent SDK MCP integration will run. Ability to read project, user, and managed settings relevant to the workflow. Staging repository or sandbox account for safe validation. Platform or security stakeholder available for policy-bound rollouts.	Access to Claude Code or Agent SDK environment where Agent SDK session storage will run. Ability to read project, user, and managed settings relevant to the workflow. Staging repository or sandbox account for safe validation. Platform or security stakeholder available for policy-bound rollouts.	Access to Claude Code or Agent SDK environment where GitLab CI agent will run. Ability to read project, user, and managed settings relevant to the workflow. Staging repository or sandbox account for safe validation. Platform or security stakeholder available for policy-bound rollouts.
Install	—	—	—	—
Config	—	—	—	—
Citations	Source repositorygithub.com 2026-06-16T18:51:13+00:00 Documentationcode.claude.com Submitted by kiannidev2026-06-16	Source repositorygithub.com 2026-06-16T18:51:13+00:00 Documentationgithub.com Package downloadgithub.com Submitted by kiannidev2026-06-14	Source repositorygithub.com 2026-06-16T18:51:13+00:00 Documentationcode.claude.com Package downloadgithub.com Submitted by kiannidev2026-06-14	Source repositorygithub.com 2026-06-16T18:51:13+00:00 Documentationgithub.com Package downloadgithub.com Submitted by kiannidev2026-06-14
Claim	Unclaimed	Unclaimed	Unclaimed	Unclaimed

Signals

Loading live community signals…