skillsSource-backedReview first Safety ✓ Privacy ✓
MCP OAuth Server Hardening Capability Pack Skill
Expert MCP OAuth server hardening capability pack applying documented Dynamic Client Registration, oauth.scopes pins, callback ports, keychain token storage, and least-privilege scope review from official MCP documentation.
HarnessClaude CodeCodexWindsurfGeminiCursorCLI
Level:expertType:capability-packVerified:validated
Review first — review before installing
Open the source and read safety notes before installing.
Safety notes
- Autonomous runs can execute tools without mid-run user input—scope paths and connectors first.
- Do not enable destructive automation without explicit approval gates.
- Review outputs as draft until a human validates evidence.
Privacy notes
- Run output may contain proprietary code and credentials.
- Summaries for external channels require redaction.
Prerequisites
- Claude Code version and plan eligibility per official documentation.
- Team policy for autonomous or shared automation workflows.
- Staging environment for safe validation.
- Human owner for production rollout approval.
Schema details
- Install type
- package
- Reading time
- 9 min
- Difficulty score
- 74
- Troubleshooting
- Yes
- Breaking changes
- No
Source repository stats
- Scope
- Source repo
Package metadata
Skill and platform metadata
- Skill type
- capability-pack
- Skill level
- expert
- Verification
- validated
- Verified at
- 2026-06-16
Retrieval sources
https://code.claude.com/docs/en/mcphttps://modelcontextprotocol.io/specification/2025-06-18/basic/authorizationhttps://code.claude.com/docs/en/securityhttps://code.claude.com/docs/en/skillshttps://github.com/anthropics/claude-codehttps://developers.google.com/search/docs/fundamentals/creating-helpful-content
Tested platforms
Claude CodeClaudeCursorGeneric AGENTS
| Platform | Support | Install path |
|---|---|---|
| claude-code | Native | .claude/skills/<skill-name>/SKILL.md |
| codex | Native | .agents/skills/<skill-name>/SKILL.md |
| windsurf | Native | .windsurf/skills/<skill-name>/SKILL.md |
| gemini | Native | .gemini/skills/<skill-name>/SKILL.md or .agents/skills/<skill-name>/SKILL.md |
| cursor | Adapter | .cursor/rules/<skill-name>.mdc |
| cli | Manual | AGENTS.md or tool-specific context file |
Full copyable content
# Trigger
"Apply the mcp oauth server hardening capability pack capability pack."
# Required output
1) Scope and configuration checklist
2) Risk and policy findings
3) Review matrix actions
4) Verification and rollback plan
5) Privacy-safe summaryAbout this resource
Knowledge Freshness
Grounded in official documentation verified on 2026-06-16. Behavior can change with releases; prefer live docs.
Retrieval Sources
- https://code.claude.com/docs/en/mcp
- https://modelcontextprotocol.io/specification/2025-06-18/basic/authorization
- https://code.claude.com/docs/en/security
- https://code.claude.com/docs/en/skills
- https://github.com/anthropics/claude-code
- https://developers.google.com/search/docs/fundamentals/creating-helpful-content
Source Verification Notes
Verified on 2026-06-16:
- Claude Code MCP docs describe OAuth flows via
/mcpwith dynamic or pre-configured clients. - oauth.scopes in .mcp.json pins requested scopes to least privilege.
- Callback ports must match registered redirect URIs exactly.
- Tokens store in OS keychain; clear via
/mcpauthentication reset. - Static Authorization headers bypass OAuth discovery and need separate verification.
Scope Note
Community reusable workflow skill applying documented steps—not an official Anthropic product. Applies documented MCP OAuth configuration steps—not a named Anthropic hardening product.
Core Workflow
- Classify server OAuth pattern (DCR vs pre-configured client).
- Pin oauth.scopes to minimum tools required.
- Register callback port matching localhost redirect URI.
- Authenticate via
/mcp; verify token scope with test tool call. - Document revocation and rotation runbook for team.
Capability Scope
- Configuration and eligibility checklist.
- Risk and policy review.
- Staging verification steps.
- Rollback planning.
- Privacy-safe stakeholder summary.
Compatibility
Native
- Claude Code: use as an Agent Skill during rollout planning.
Manual Adaptation
- Generic AGENTS: apply checklist against public documentation.
Required Inputs
- Target repository or organization context.
- Current settings and policy constraints.
- Stakeholders for security review when applicable.
Production Rules
- Require human approval before production-impacting automation.
- Redact secrets from skill outputs and public tickets.
- Prefer official documentation over forum assumptions.
- Document rollback before enabling scheduled or autonomous runs.
Review Matrix
| Signal | Action |
|---|---|
| Missing repro | Block autonomous run |
| Broad tool scope | Narrow allowlists |
| Draft findings | Label unverified until human review |
| Policy drift | Align to managed settings |
Output Contract
- Scope and configuration summary.
- Findings with severity.
- Review matrix actions.
- Verification and rollback plan.
- Privacy-safe summary.
Troubleshooting
Issue: Feature unavailable on your plan
Fix: Confirm /status and official doc eligibility requirements.
Issue: Run stalls on permissions Fix: Pre-approve read tools in staging; narrow path scope.
Duplicate Check
Complements oauth-patterns-for-mcp-server-authentication guide and remote MCP security agents.
Editorial Disclosure
Independent entry by kiannidev from public documentation. No paid placement or affiliate links.
Source citations
Add this badge to your README
Show that MCP OAuth Server Hardening Capability Pack Skill is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.
[](https://heyclau.de/entry/skills/mcp-oauth-server-hardening-capability-pack)How it compares
MCP OAuth Server Hardening Capability Pack Skill side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.
| Field | MCP OAuth Server Hardening Capability Pack Skill Expert MCP OAuth server hardening capability pack applying documented Dynamic Client Registration, oauth.scopes pins, callback ports, keychain token storage, and least-privilege scope review from official MCP documentation. Open dossier | MCP Streamable HTTP Migration Capability Pack Skill Expert MCP Streamable HTTP migration capability pack applying documented transport selection, SSE-to-HTTP migration checkpoints, timeout policies, and enterprise network review from official MCP and transport specification documentation. Open dossier | MCP Remote Server Trust Review Capability Pack Skill Expert MCP remote server trust review capability pack for auditing OAuth flows, transport security, tool permissions, data exfiltration risk, and vendor scope before connecting Claude Code to third-party MCP servers. Open dossier | Claude Agent SDK MCP Integration Capability Pack Skill Expert Claude Agent SDK MCP integration capability pack for designing, reviewing, and rolling out Agent SDK MCP integration with source-backed checklists, production rules, and privacy-safe output contracts. Open dossier |
|---|---|---|---|---|
| Trust | ||||
| Install risk | Review first | Review first | Review first | Review first |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Category | skills | skills | skills | skills |
| Source | source-backed | source-backed | source-backed | source-backed |
| Author | kiannidev | kiannidev | kiannidev | kiannidev |
| Added | 2026-06-16 | 2026-06-16 | 2026-06-14 | 2026-06-14 |
| Platforms | Claude CodeCodexWindsurfGeminiCursorCLI | Claude CodeCodexWindsurfGeminiCursorCLI | Claude CodeCodexWindsurfGeminiCursorCLI | Claude CodeCodexWindsurfGeminiCursorCLI |
| Source repo | — | — | — | — |
| Safety notes | ✓Autonomous runs can execute tools without mid-run user input—scope paths and connectors first. Do not enable destructive automation without explicit approval gates. Review outputs as draft until a human validates evidence. | ✓Autonomous runs can execute tools without mid-run user input—scope paths and connectors first. Do not enable destructive automation without explicit approval gates. Review outputs as draft until a human validates evidence. | ✓Remote MCP servers run outside Anthropic control; Claude Code MCP integration does not guarantee vendor security or data isolation. OAuth tokens issued to an MCP server may grant persistent access to third-party accounts until revoked in the vendor admin console. Tools that read, write, delete, or execute on external systems can cause irreversible production changes when invoked by the model. SSE and streamable HTTP transports must use TLS; do not approve cleartext remote endpoints on untrusted networks. This skill recommends scoping and approval steps; it must not add MCP servers or approve OAuth consent without explicit user authorization. | ✓This skill plans Agent SDK MCP integration; it must not execute destructive changes without explicit approval. Browser, computer-use, and remote surfaces can access sensitive UI state; scope tests carefully. MCP and SDK integrations may exfiltrate data if tool scopes are too broad. The public `anthropics/claude-code` repository ships documentation links to code.claude.com for settings, security, and integration surfaces. Scheduled or autonomous workflows compound risk; cap blast radius in staging first. |
| Privacy notes | ✓Run output may contain proprietary code and credentials. Summaries for external channels require redaction. | ✓Run output may contain proprietary code and credentials. Summaries for external channels require redaction. | ✓MCP tool results can contain customer names, ticket contents, database rows, repository secrets, and internal URLs that should not be pasted into public issues. OAuth consent screens and server logs may expose account emails, organization identifiers, and access tokens if shared without redaction. Remote server vendors may retain prompts, tool arguments, and responses under their own privacy policies outside Anthropic data handling. Public trust-review summaries should describe risk categories and mitigations, not full tool schemas or live OAuth tokens. | ✓Reviews may expose integration tokens, customer metadata, and internal URLs related to Agent SDK MCP integration. Telemetry and analytics configs can include account emails; redact before sharing externally. Keep troubleshooting logs in internal channels unless explicitly sanitized. Third-party vendors remain outside Anthropic retention policies; document separately. |
| Prerequisites |
|
|
|
|
| Install | — | — | — | — |
| Config | — | — | — | — |
| Citations | ||||
| Claim | Unclaimed | Unclaimed | Unclaimed | Unclaimed |
Signals
Loading live community signals…
More like this, weekly
A short, calm digest of reviewed Claude resources. Unsubscribe any time.