Docs/Controls/MCP_LEAST_PRIVILEGE

MCP_LEAST_PRIVILEGE

Verify MCP servers have scoped filesystem access, pinned versions, verified package names, and minimal server count.

Framework Mappings

OWASP Agentic ASI03 — Identity & Privilege Abuse

Agent Frameworks Scanned

Claude CodeMCP

Evaluation Facets

01

Filesystem Scoping

RequiredWeight: 0.35
Pass:MCP filesystem servers scoped to specific project directories
Fail:Access to system directories (/, /home, /etc)
02

Version Pinning

RequiredWeight: 0.3
Pass:Pinned package versions (e.g., @package/[email protected])
Fail:Auto-install with npx -y (vulnerable to rug-pull)
03

No Typosquatted Packages

RequiredWeight: 0.2
Pass:Package names match known legitimate packages
Fail:Suspiciously similar names detected (Levenshtein distance 1-2)
04

Minimal Server Count

Weight: 0.15
Pass:5 or fewer MCP servers configured
Fail:More than 5 MCP servers

Remediation Steps

  1. 1Scope MCP filesystem access to project directories only
  2. 2Pin MCP server versions explicitly — never use npx -y
  3. 3Verify package names against known registries
  4. 4Minimize the number of MCP servers to reduce attack surface

Evaluate this control automatically

Connect your repos and Brigs evaluates MCP_LEAST_PRIVILEGE across all your agent configurations.

Get Started — Free