Which risk factors does MCP Risk Analyzer check?
The analyzer evaluates six factors on every tool in the manifest: destructive-action capability (delete, drop, exec, shell), over-broad-scope or missing least-privilege declarations, sensitive-egress (secrets or files plus network), weak or…
Which risk factors does MCP Risk Analyzer check?
Answer
The analyzer evaluates six factors on every tool in the manifest: destructive-action capability (delete, drop, exec, shell), over-broad-scope or missing least-privilege declarations, sensitive-egress (secrets or files plus network), weak or absent auth model at server level, prompt-injection-surface (free-text inputs that reach destructive actions), and permission-diff (new tools since a prior manifest that have not been reviewed).
Related workflows
Pair MCP risk scores with DestructGuard command blocking at runtime and ReviewQueue for human review of ambiguous tool additions. Export the scored findings JSON alongside your agent session JSONL so IncidentScribe timelines include the pre-install risk evidence. Re-score any server after manifest changes before promoting to production agents.
Next steps
POST the manifest to /api/agent-services/mcp-risk/score (x402) for hosted scoring or install the Operator Pack CLI and run mcp-risk score manifest.json locally. Apply the concrete fix recommendations, re-export the manifest, and re-score until risk is medium or low. Store requestId with your session audit for compliance.
FAQ
Which risk factors does MCP Risk Analyzer check?
The analyzer evaluates six factors on every tool in the manifest: destructive-action capability (delete, drop, exec, shell), over-broad-scope or missing least-privilege declarations, sensitive-egress (secrets or files plus network), weak or absent auth model at server level, prompt-injection-surface (free-text inputs that reach destructive actions), and permission-diff (new tools since a prior manifest that have not been reviewed).