TrustSkills
BlogCompareGlossaryDetections

Definition

MCP server

A server implementing the Model Context Protocol that wraps a service, API, or data source and exposes it to an AI agent as a set of callable tools. MCP servers can be local (running on the user's machine) or remote (hosted by a service provider). Local MCP servers run with the user's file system and environment variable access, making them a high-value target for credential exfiltration. Remote MCP servers introduce network trust boundaries and SSRF risks.

Related terms

Tool poisoning

An attack where a malicious MCP server or skill defines tool names that shadow or intercept calls in

Deep dive

Basic knowledge

What is MCP server security?

MCP servers extend what AI agents can do. That is also what makes them a security boundary. Understanding the threat surface is essential before you connect one to a model with real capabilities.

Scan a skill before you install it

TrustSkills detects the threats described in this glossary before you install a ClawHub skill. Free. No account required.

Run a free scan