MCP, Security Analysis·· by Michael Wybraniec

MCP Servers: Risks of Using in Claude Desktop

Understand the core security, privacy, and operational risks of enabling custom MCP integrations in Claude Desktop on macOS or Windows.

The Model Context Protocol (MCP) opens up powerful integrations for Claude Desktop — but with great extensibility comes potential risk. In this article, we explore the most critical threats you should consider before enabling MCP servers locally.

🛡️ Security Risks

  • Arbitrary Code Execution: MCP servers can run scripts and binaries. A malicious or compromised server could access, modify, or delete files.
  • Insecure Sources: Installing MCPs from unknown GitHub repositories increases the attack surface for supply chain attacks.
  • Token & API Leakage: MCPs may relay sensitive tokens or secrets in HTTP headers or logs if not securely configured.
{
  "mcpServers": {
    "fetch": {
      "command": "uvx",
      "args": ["mcp-server-fetch"]
    }
  }
}
// Source can be hijacked or replaced if integrity is not validated

💥 System Stability Risks

  • Dependency Conflicts: Using tools like uvx, npx, or pipx may break local environments.
  • Broken Paths: Incorrect binary paths cause failures like uvx ENOENT, making diagnosis difficult for non-technical users.
  • Resource Drain: Poorly implemented servers can lock memory, max out CPU, or spawn runaway processes.
# uvx ENOENT — uv not found in $PATH
which uv

🕵️ Privacy & Data Handling Risks

  • Filesystem Access: MCPs like filesystem can read entire folders without sandboxing or user restriction.
  • Lack of Granular Permissions: Claude allows "Allow once" or "Allow for chat", but cannot restrict command-level permissions or path scopes.
{
  "mcpServers": {
    "filesystem": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-filesystem",
        "/Users/michael/Desktop"
      ]
    }
  }
}
// No restrictions beyond directory path — risky for shared or sensitive systems

⚙️ Operational Risks

  • Manual Config Errors: JSON file edits (claude_desktop_config.json) are error-prone and lack validation.
  • No Logging or Auditing: Claude Desktop doesn't provide robust logs for MCP activity, making debugging and post-incident analysis challenging.
  • MCP Updates May Break: Updated MCPs might silently fail due to version mismatches or undocumented changes.
// Example: Missing comma breaks everything
{
  "mcpServers": {
    "fetch": {
      "command": "uvx",
      "args": ["mcp-server-fetch"]
    } // ← missing comma here
    "filesystem": {
      "command": "npx",
      "args": [...]
    }
  }
}

✅ Mitigation Checklist

  • Only install MCPs from trusted, reviewed repositories
  • Audit your claude_desktop_config.json file regularly
  • Run MCP servers in sandboxed containers (e.g., Docker)
  • Never store secrets directly in config files
  • Watch system resource usage after enabling MCPs

Michael Wybraniec

Michael Wybraniec

Freelance, MCP Servers, Full-Stack Dev, Architecture

Contact

MCP Servers: Connecting AI to Real-Time Data

Learn how to create a Model Context Protocol (MCP) server using Python and the Open-Meteo API to provide weather data to language models like GPT-4 and Claude.

MCP Servers: Integrating LLM in E-Commerce Systems

A practical guide to evolving from static AI chat to dynamic, tool-augmented large language model integration across e-commerce architectures.

MCP Servers: Connecting AI to Real-Time Data

Learn how to create a Model Context Protocol (MCP) server using Python and the Open-Meteo API to provide weather data to language models like GPT-4 and Claude.

MCP Servers: Integrating LLM in E-Commerce Systems

A practical guide to evolving from static AI chat to dynamic, tool-augmented large language model integration across e-commerce architectures.