Skills
Harden your MCP server: OAuth 2.1 + mandatory PKCE, block SSRF egress, and never forward client tokens upstream
A 2026 audit found 40% of MCP servers require no auth, 43% carry command-injection holes, and 79% store credentials in plaintext — so the baseline checklist matters: OAuth 2.1 with mandatory PKCE, validate token audience, allow-list and validate every tool input, block egress to private IP ranges (SSRF), and require human confirmation for irreversible actions. The critical, often-missed rule is never passing the client's token through to upstream APIs.
Source
↳ Follow the thread