skillsSource-backedReview first Safety ✓ Privacy ✓
MCP Remote Server Trust Review Capability Pack Skill
Expert MCP remote server trust review capability pack for auditing OAuth flows, transport security, tool permissions, data exfiltration risk, and vendor scope before connecting Claude Code to third-party MCP servers.
HarnessClaude CodeCodexWindsurfGeminiCursorCLI
Level:expertType:capability-packVerified:validated
Review first — review before installing
Open the source and read safety notes before installing.
Safety notes
- Remote MCP servers run outside Anthropic control; Claude Code MCP integration does not guarantee vendor security or data isolation.
- OAuth tokens issued to an MCP server may grant persistent access to third-party accounts until revoked in the vendor admin console.
- Tools that read, write, delete, or execute on external systems can cause irreversible production changes when invoked by the model.
- SSE and streamable HTTP transports must use TLS; do not approve cleartext remote endpoints on untrusted networks.
- This skill recommends scoping and approval steps; it must not add MCP servers or approve OAuth consent without explicit user authorization.
Privacy notes
- MCP tool results can contain customer names, ticket contents, database rows, repository secrets, and internal URLs that should not be pasted into public issues.
- OAuth consent screens and server logs may expose account emails, organization identifiers, and access tokens if shared without redaction.
- Remote server vendors may retain prompts, tool arguments, and responses under their own privacy policies outside Anthropic data handling.
- Public trust-review summaries should describe risk categories and mitigations, not full tool schemas or live OAuth tokens.
Prerequisites
- The remote MCP server URL, vendor documentation, and intended Claude Code or Desktop use case.
- Access to the MCP server manifest, tool list, OAuth client registration details, and transport configuration.
- Security or platform stakeholders available to review third-party data access before production rollout.
- A concrete integration goal such as issue tracking, CRM lookup, database queries, or deployment automation.
Schema details
- Install type
- package
- Reading time
- 9 min
- Difficulty score
- 81
- Troubleshooting
- Yes
- Breaking changes
- No
Source repository stats
- Scope
- Source repo
Package metadata
Skill and platform metadata
- Skill type
- capability-pack
- Skill level
- expert
- Verification
- validated
- Verified at
- 2026-06-14
Retrieval sources
https://code.claude.com/docs/en/mcphttps://code.claude.com/docs/en/skillshttps://code.claude.com/docs/en/features-overviewhttps://modelcontextprotocol.io/specification/2025-03-26https://github.com/anthropics/claude-codehttps://developers.google.com/search/docs/fundamentals/creating-helpful-content
Tested platforms
ClaudeClaude CodeCodexCursorWindsurfGeneric AGENTS
| Platform | Support | Install path |
|---|---|---|
| claude-code | Native | .claude/skills/<skill-name>/SKILL.md |
| codex | Native | .agents/skills/<skill-name>/SKILL.md |
| windsurf | Native | .windsurf/skills/<skill-name>/SKILL.md |
| gemini | Native | .gemini/skills/<skill-name>/SKILL.md or .agents/skills/<skill-name>/SKILL.md |
| cursor | Adapter | .cursor/rules/<skill-name>.mdc |
| cli | Manual | AGENTS.md or tool-specific context file |
Full copyable content
# Trigger
"Apply the MCP remote server trust review capability pack for this server."
# Required output
1) Server identity, transport, and authentication summary
2) OAuth scope and consent-flow assessment
3) Tool permission and data-exfiltration risk matrix
4) Claude Code integration and MCP scoping recommendations
5) Privacy-safe rollout notes for security reviewAbout this resource
Knowledge Freshness
This capability pack is grounded in Claude Code MCP, skills, features overview, and Model Context Protocol specification documentation verified on 2026-06-14. Remote MCP vendor behavior, OAuth scopes, and transport options can change; prefer live official docs and vendor security pages over cached assumptions.
Retrieval Sources
- https://code.claude.com/docs/en/mcp
- https://code.claude.com/docs/en/skills
- https://code.claude.com/docs/en/features-overview
- https://modelcontextprotocol.io/specification/2025-03-26
- https://github.com/anthropics/claude-code
- https://developers.google.com/search/docs/fundamentals/creating-helpful-content
Source Verification Notes
Verified against official Claude Code MCP documentation and the public
Anthropic claude-code repository on 2026-06-14:
- Claude Code supports MCP servers through project, user, and enterprise configuration; remote servers commonly use SSE or streamable HTTP transport.
- MCP tool names and schemas load into Claude Code context at session start, increasing token cost and expanding the model action surface.
- OAuth-based remote MCP servers require user consent; tokens persist until revoked and are managed outside Anthropic retention policies.
- Third-party MCP servers are explicitly outside Anthropic Zero Data Retention scope and follow vendor data-handling terms.
- Claude Code allows MCP tool scoping and approval controls that should be applied before enabling high-risk write or execute tools in production repos.
Scope Note
This is not a vendor certification. Use it as a reusable trust-review workflow for platform and security teams evaluating remote MCP servers before connecting them to Claude Code, Claude Desktop, or other MCP clients.
Core Workflow
- Identify the server: vendor name, endpoint URL, transport type, auth method, and whether the server is first-party, community-maintained, or internal.
- Review transport security: require HTTPS/TLS, validate certificate pinning expectations, and reject mixed-content or localhost tunneling without review.
- Review authentication: distinguish API keys, OAuth 2.0, and no-auth servers; confirm token storage location and rotation procedures.
- Map OAuth scopes to least privilege: read-only first, defer write/delete scopes until a concrete workflow requires them.
- Inventory tools and resources: classify each as read, write, execute, or admin; flag tools that accept free-form SQL, shell commands, or arbitrary URLs.
- Assess data exfiltration paths: tools that post to external webhooks, send email, or upload files deserve higher scrutiny than read-only lookups.
- Review Claude Code integration settings: project versus user scope, allowed tool subsets, approval requirements, and whether the server is needed in every repository.
- Run a sandbox session: invoke one read-only tool, capture sample output size, and confirm sensitive fields are redacted before broader rollout.
- Document residual risk, revocation steps, and monitoring expectations for security and platform owners.
Capability Scope
- Remote MCP server identity and transport review.
- OAuth consent and scope least-privilege assessment.
- Tool permission and exfiltration risk matrix.
- Claude Code MCP scoping and approval recommendations.
- Vendor retention and ZDR boundary notes.
- Privacy-safe trust-review reporting.
Compatibility
Native
- Claude Code / Claude: use as an Agent Skill when onboarding a remote MCP vendor, reviewing OAuth scopes, or preparing a security sign-off checklist.
Manual Adaptation
- Codex, Cursor, Windsurf, and Generic AGENTS workflows: use the workflow as a deterministic checklist for MCP vendor reviews in platform runbooks.
Required Inputs
- Remote MCP server URL, transport type, and authentication method.
- Tool and resource manifest or live
/mcplisting from a test session. - OAuth client ID, requested scopes, and token storage location if applicable.
- Intended repositories, users, and workflows that will invoke the server.
Production Rules
- Default to read-only tools until a reviewed workflow requires writes.
- Require explicit user approval for destructive or production-impacting tools.
- Scope MCP servers to the smallest project or user surface that needs them.
- Revoke OAuth tokens and remove config entries when a vendor is decommissioned.
- Do not paste live tokens, webhook secrets, or customer records into public PRs.
- Treat community MCP servers as untrusted until source and maintainer are verified.
- Document vendor retention separately from Anthropic data-handling policies.
Review Matrix
| Signal | Lower risk | Higher risk | First action |
|---|---|---|---|
| Transport | HTTPS SSE or streamable HTTP | Cleartext or unknown proxy | Block until TLS verified |
| Auth | Scoped OAuth read | Broad write/delete scopes | Reduce scopes or defer |
| Tools | Read-only lookup | Execute shell/SQL/deploy | Require approval gates |
| Data | Metadata summaries | Full ticket/DB dumps | Redact and scope outputs |
| Scope | Single project | Global user install | Move to project config |
| Vendor | First-party docs | Anonymous package | Source audit required |
Output Contract
- Server identity, transport, and authentication summary.
- OAuth scope and consent-flow assessment.
- Tool permission and exfiltration risk matrix.
- Claude Code integration and scoping recommendations.
- Residual risk, revocation, and monitoring notes.
- Privacy-safe summary suitable for security review or rollout comms.
Duplicate Check
Checked content/skills, content/guides, generated catalog text, and open
pull requests for MCP remote server trust review, OAuth MCP audit, and Claude
Code MCP security workflows. Official docs describe MCP setup, but no skills
entry provides a reusable remote-server trust review capability pack with OAuth
matrix and output contract.
Editorial Disclosure
Submitted as an independent source-backed HeyClaude content entry by
kiannidev. It is based on public Claude Code documentation, the public
Anthropic claude-code repository, MCP specification references, and Google
Search Central helpful-content guidance. No paid placement, referral link,
affiliate link, or vendor sponsorship is used.
Source citations
Add this badge to your README
Show that MCP Remote Server Trust Review Capability Pack Skill is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.
[](https://heyclau.de/entry/skills/mcp-remote-server-trust-review-capability-pack)Signals
Loading live community signals…
More like this, weekly
A short, calm digest of reviewed Claude resources. Unsubscribe any time.