๐ Contributing
@Puliczek
About ๐ Contributing
๐ฅ๐ Awesome MCP (Model Context Protocol) Security ๐ฅ๏ธ
Basic information
Config
No standard config provided
This server doesn't expose a parseable MCP config block in its README. See the repository for install instructions.
RepositoryTools
No tools detected
We auto-extract tools from the README. The maintainer can list them under a ## Tools heading to populate this section.
Overview
What is Awesome MCP Security?
Awesome MCP Security is a curated list of everything related to Model Context Protocol (MCP) security โ including official security considerations, academic papers, videos, articles, tools, security servers, and other resources.
How to use Awesome MCP Security?
Browse the categorized sections (Security Considerations, Papers, Videos, Articles, Tools, Security Servers, Other Resources) to find relevant security information, research, and tools. Each entry links directly to the original source.
Key features of Awesome MCP Security
- Aggregates official MCP security best practices and specifications
- Lists academic papers on MCP security threats and mitigations
- Curates videos covering MCP auth, enterprise security, and attacks
- Collects articles, X threads, and blog posts on realโworld vulnerabilities
- Highlights security tools and MCP security servers
- Includes a changelog and contribution guidelines (via badge)
- Tracks the evolving authorization specification (OAuth replacement)
Use cases of Awesome MCP Security
- Discover known attack vectors and exploit demonstrations for MCP
- Find research papers on systematic MCP security analysis
- Learn about tool poisoning, prompt injection, and data exfiltration risks
- Explore security tools and guardrails for MCP deployments
- Stay updated on best practices and specification changes
FAQ from Awesome MCP Security
What are the official security considerations for MCP?
Servers MUST validate tool inputs, implement access controls, rateโlimit invocations, and sanitize outputs. Clients SHOULD prompt for user confirmation, validate tool results, implement timeouts, and log usage.
Is the MCP authorization specification finalized?
No. The current auth specification (as of 2025-03-26) is being replaced by a more robust specification; the community is discussing the new version in a GitHub pull request.
What types of resources are included?
The list covers academic papers, videos, articles, blog posts, X threads, tools, and MCP security servers โ all focused on MCP security.
Are there known realโworld attacks documented?
Yes. The curated articles include real incidents such as MCP server malware that steals secrets, tool poisoning, ANSI terminal code deception, and exploitation of popular MCP servers (e.g., Slack, GitHub, Asana, Neon).
Where can I find MCP security tools and servers?
The list includes a dedicated section "Tools and code" and "MCP Security Servers" with links to openโsource projects and security layers built for MCP.
More Developer Tools MCP servers
TalkToFigma
sonnylazuardiTalkToFigma: MCP integration between AI Agent (Cursor, Claude Code, Codex) and Figma, allowing Agentic AI to communicate with Figma for reading designs and modifying them programmatically.

Sentry
modelcontextprotocolModel Context Protocol Servers
Deepwiki MCP Server
regenrek๐ MCP server for fetch deepwiki.com and get latest knowledge in Cursor and other Code Editors
OpenSumi
opensumiA framework helps you quickly build AI Native IDE products. MCP Client, supports Model Context Protocol (MCP) tools via MCP server.
Golf
golf-mcpProduction-Ready MCP Server Framework โข Build, deploy & scale secure AI agent infrastructure โข Includes Auth, Observability, Debugger, Telemetry & Runtime โข Run real-world MCPs powering AI Agents
Comments