MCP Server Safety Checklist is a skill that performs automated security auditing of Model Context Protocol server implementations. It runs entirely offline, meaning source code and configuration files are never transmitted outside the local environment, which makes it suitable for proprietary or enterprise projects.
The skill covers four areas of risk assessment. First, it audits tool permissions, flagging any tools that carry write, delete, or execute capabilities that could be misused by an agent. Second, it performs exposure detection, identifying code paths that access .env files, private keys, or other configuration secrets. Third, it conducts network analysis, mapping external API dependencies and characterizing network exposure patterns within the server. Fourth, it validates mcp.json configuration files against security best practices and structural requirements.
The skill is designed specifically around the MCP security model rather than being a general-purpose code review. This distinction matters because general AI code-review prompts typically lack awareness of the protocol’s specific permission architecture and trust boundaries. Developers building or reviewing MCP servers before connecting them to an LLM can use this skill to surface risks before deployment. There are no tools exposed to a connected agent — the skill operates as a structured checklist-driven audit process. No environment variables are required for its operation.