MCP-Checklists

MCP-Checklists

We're a team of security and AI enthusiasts building MCP Manager, a comprehensive MCP security solution for businesses of all sizes.

In this repository we will publish a range of checklists, indexes, lessons learned and helpful utilities to help you adopt and use AI agents and MCP servers securely - without losing pace in the AI race.

⭐Star this repo to stay up to date and avoid missing that guide you know you'll need in the future!

We welcome contributions and suggestions - here's the instructions for contributing.

📚 Table of Contents

• Using Docker to Secure Local MCP servers
• Authentication and Authorization
  • Troubleshooting OAuth in MCP Checklist
  • MCP Identity Management Checklist
• Logging, Auditing, and Observability
  • MCP Logging, Auditing, and Observability Checklist
• Security Threats and Mitigation
  • Detecting & Prevening Shadow MCP Use
  • MCP Server Cybersecurity Threat-List (With Mitigations)
  • MCP Server Reported Vulnerabilities Index
  • Evaluating MCP Servers For Threats and Risks
• AI Agent Building, Optimization, & Security
  • How to Improve MCP Tool Selection
  • AI Agents Build Checklist

🐳 Using Docker to Run Local MCP Servers Securely

TLDR: How to Run MCP Servers Securely

Installing and running MCP servers locally is equivalent to installing and running any other software on your computer. Locally running MCP servers have unlimited access to all your files, creating risks of data exfiltration, token theft, virus infection and propagation, or data encryption attacks (Ransomware).

Docker is a containerization solution that is free, open source, and widely supported across all major operating systems.

Why You Should Use Docker to Containerize Local MCP Servers

Running MCP servers inside Docker containers allows you to run them in a sandboxed environment that you have complete control over. You decide which files and folders to expose to the container, can define rules for HTTP and WebSocket traffic, and selectively expose environment variables instead of unintentionally leaking secrets.

Using Docker to containerize your MCP servers reduces security risks and gives you more control over what data and capabilities the server has access to. It's not a complete bulletproof solution, however, because if you're not careful, you can still give Docker containers running locally unfettered access to your VPN / private networks.

Guide and Docker Files

We understand that learning complex technologies like Docker can be intimidating, but we've made our best effort to provide you with examples, documentation, and helpful scripts to get you started running MCPs securely.

Use How to Run MCP Servers Securely to learn about our helpful scripts and Dockerfiles that will get you started running local MCP Servers securely in no time.

🔐 Authentication and Authorization

Checklists

• Troubleshooting OAuth in MCP Checklist
• MCP Identity Management Checklist

📝 Logging, Auditing, and Observability

Checklists

• MCP Logging, Auditing, and Observability Checklist
• Detecting & Prevening Shadow MCP Use

🛡️ Threats and Mitigation

Checklists

• Evaluating MCP Servers For Threats and Risks

Index Lists

• MCP Server Cybersecurity Threat-List (With Mitigations)
• MCP Server Reported Vulnerabilities Index

🤖 AI Agent Building and Security

Checklists/Guides

• Building AI Agents
• How to Improve MCP Tool Selection