Back to workflows
Agent.tips Workflowmcpsecurityops

MCP server review

A short operating checklist for deciding whether an MCP server should be trusted by an agent.

Use this when

You are adding a new MCP server to an agent setup.

Checks

  • List every tool the server exposes.
  • Confirm which tools can write, delete, spend money, or send messages.
  • Prefer narrow tool scopes over broad admin access.
  • Log tool calls where the result affects user data or production state.

Reject it when

The server requires broad credentials for a narrow job, hides side effects, or cannot be disabled quickly.