claude-code-mcp

This file is a documentation/configuration README for MCP servers and contains no direct malicious code. The primary security concern is operational: instructing users to execute third-party packages at runtime via npx/python without showing pinned versions, integrity checks, sandboxing, or egress restrictions introduces supply-chain and exfiltration risk. Wildcard permission allowlists in examples further increase attack surface. Recommended actions: pin package versions and verify integrity, avoid wildcard allowlists (use minimal scopes), run servers in isolated environments (containers, unprivileged users), restrict network egress, enable audit logging and timeouts, and use a vetted registry or internal mirror for production deployments.