mcp-security

jpoutrin/mcp-security

Security

1 installs

About

SKILL.md

MCP Security Skill

This skill enforces security best practices for MCP servers and multi-agent pipelines.

5-Layer Defense Architecture

Input Validation - Sanitize all user inputs
Prompt Injection Prevention - Detect and block injection attempts
SQL/NoSQL Validation - Prevent query injection
User Context Propagation - Maintain identity through pipeline
Authorization (RBAC/ABAC) - Enforce access controls

Prompt Injection Prevention

# Always validate and sanitize inputs
def sanitize_input(user_input: str) -> str:
    # Remove potential injection patterns
    # Escape special characters
    # Limit length
    pass

# Never directly concatenate user input into prompts
# ❌ Bad
prompt = f"Process this: {user_input}"

# ✅ Good
prompt = sanitize_input(user_input)
validated_prompt = validate_against_schema(prompt)

User Context Propagation

@dataclass
class UserContext:
    user_id: str
    roles: list[str]
    permissions: list[str]
    tenant_id: str

# Pass context through all pipeline stages
async def process_request(context: UserContext, request: Request):
    # Validate permissions at each step
    if not has_permission(context, "read:data"):
        raise AuthorizationError()

Authorization Patterns

RBAC (Role-Based Access Control)

ROLE_PERMISSIONS = {
    "admin": ["read", "write", "delete", "admin"],
    "editor": ["read", "write"],
    "viewer": ["read"],
}

ABAC (Attribute-Based Access Control)

def can_access(user: User, resource: Resource) -> bool:
    return (
        user.department == resource.department
        and user.clearance >= resource.sensitivity
    )

Security Checklist

All user inputs validated and sanitized
Prompt injection patterns detected
SQL queries parameterized
User context propagated through pipeline
Authorization checked at each step
Sensitive data encrypted
Audit logging enabled

MCP Security Skill

This skill enforces security best practices for MCP servers and multi-agent pipelines.

5-Layer Defense Architecture

Input Validation - Sanitize all user inputs
Prompt Injection Prevention - Detect and block injection attempts
SQL/NoSQL Validation - Prevent query injection
User Context Propagation - Maintain identity through pipeline
Authorization (RBAC/ABAC) - Enforce access controls

Prompt Injection Prevention

# Always validate and sanitize inputs
def sanitize_input(user_input: str) -> str:
    # Remove potential injection patterns
    # Escape special characters
    # Limit length
    pass

# Never directly concatenate user input into prompts
# ❌ Bad
prompt = f"Process this: {user_input}"

# ✅ Good
prompt = sanitize_input(user_input)
validated_prompt = validate_against_schema(prompt)

User Context Propagation

@dataclass
class UserContext:
    user_id: str
    roles: list[str]
    permissions: list[str]
    tenant_id: str

# Pass context through all pipeline stages
async def process_request(context: UserContext, request: Request):
    # Validate permissions at each step
    if not has_permission(context, "read:data"):
        raise AuthorizationError()

Authorization Patterns

RBAC (Role-Based Access Control)

ROLE_PERMISSIONS = {
    "admin": ["read", "write", "delete", "admin"],
    "editor": ["read", "write"],
    "viewer": ["read"],
}

ABAC (Attribute-Based Access Control)

def can_access(user: User, resource: Resource) -> bool:
    return (
        user.department == resource.department
        and user.clearance >= resource.sensitivity
    )

Security Checklist

All user inputs validated and sanitized
Prompt injection patterns detected
SQL queries parameterized
User context propagated through pipeline
Authorization checked at each step
Sensitive data encrypted
Audit logging enabled