name: secure-mcp-config
description: Generates hardened MCP server configurations with version pinning, directory scoping, secret isolation, and least-privilege defaults. Outputs copy-paste ready JSON for any client. Use when user asks to "set up MCP securely", "harden my MCP config", "create a secure server config", "lock down my MCP servers", or "what's the safe way to configure this MCP server".
metadata:
author: oktsec
version: 1.0.0
license: Apache-2.0

Secure MCP Config Generator

Generate production-ready MCP server configurations with security defaults. Every config follows least-privilege principles.

Instructions

Step 1: Understand the request

Ask the user:
1. Which MCP server are they configuring? (name, npm package, or binary)
2. What client will use it? (Claude Desktop, Claude Code, Cursor, etc.)
3. What is the scope? (read-only, specific directory, full access)

Step 2: Generate hardened config

Apply these security rules to every config:

Argument hardening:
- Always scope filesystem access: --allowed-dir ./project instead of no restriction
- Pin versions for npx/uvx: npx @company/[email protected] not npx @company/server
- Add --read-only when the server only needs to read
- Remove --allow-all or wildcard permissions

Environment variables:
- Never put API keys directly in the config file
- Use env var references: "API_KEY": "${OPENAI_API_KEY}" or instruct the user to set env vars in their shell profile
- Separate secrets from config

Transport security:
- Prefer stdio transport over HTTP (no network exposure)
- If HTTP is needed, bind to 127.0.0.1 only
- Never expose MCP servers on 0.0.0.0

Permission scoping:
- Filesystem servers: scope to project directory
- Database servers: use read-only credentials
- API servers: use minimum-privilege API tokens
- Shell servers: restrict to specific allowed commands

Step 3: Output the config

Generate the JSON config block for the target client:

{
  "mcpServers": {
    "server-name": {
      "command": "npx",
      "args": ["@company/[email protected]", "--allowed-dir", "./project", "--read-only"],
      "env": {}
    }
  }
}

Include comments explaining each security decision:

// Pinned to v1.2.3 - prevents supply chain attacks via auto-update
// Scoped to ./project - prevents reading files outside project
// Read-only - this server only needs to read, not write

Step 4: Security checklist

After generating, verify:
- [ ] Version pinned (no unpinned npx/uvx)
- [ ] Directory scoped (not root or home)
- [ ] No plaintext secrets in config
- [ ] Minimum permissions for the use case
- [ ] Localhost-only if using HTTP transport
- [ ] No auto-approve patterns

Examples

Example 1: Filesystem server

User: "Set up the filesystem MCP server securely for my project at ~/projects/webapp"

Output:

{
  "mcpServers": {
    "filesystem": {
      "command": "npx",
      "args": [
        "-y", "@modelcontextprotocol/[email protected]",
        "/Users/name/projects/webapp"
      ]
    }
  }
}

Security notes:
- Version pinned to 2025.1.14
- Scoped to project directory only
- Cannot access parent directories or home folder

Example 2: Database server

User: "Add a Postgres MCP server"

Output:

{
  "mcpServers": {
    "postgres": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/[email protected]", "--read-only"],
      "env": {
        "DATABASE_URL": "Set this in your shell: export DATABASE_URL=postgres://readonly_user:***@localhost/mydb"
      }
    }
  }
}

Security notes:
- Read-only mode prevents accidental writes
- Use a dedicated read-only database user
- Connection string via env var, not in config