Developer · agents & MCP · safe by default

Connect agents to your tools —without opening a hole.

An MCP server makes an agent dramatically more capable — or opens a security hole. Over-broad scopes, secrets in tool descriptions, unvalidated inputs, injection-prone designs.

This kit ships the build workflow, the security spine, and a Pass/Fix/Block tool linter — so the useful kind of server ships without the holes.

Get the Kit — $99one-time · instant download · yours to keep
What’s in the kit
MCP Build Playbook
Templates
MCP Builder Workbook
mcpcheck.py (runnable)
mcp-config.json
Scope, stated plainly
security guidance — not a security audit
01.The Problem

Everyone’s connecting agents via MCP. Far fewer are doing it safely.

The failure modes are mechanical and common: a token scoped to admin “to be safe,” an API key pasted into a tool description the model and client can see, inputs accepted without validation, and descriptions or returned data an attacker can turn into instructions.

Safe by default isn’t a feature you add at the end — it’s a discipline that runs through every phase of the build.

MCP makes agents capable

An MCP server lets an agent discover and invoke your tools and data — a step-change in capability, over stdio (local) or streamable HTTP (remote).

Or opens a hole

Over-broad scopes, secrets in tool descriptions, unvalidated inputs, injection-prone designs — the failure modes are mechanical and common.

Safe by default is a discipline

Least privilege, no secrets in descriptions, validated inputs, gated destructive actions, untrusted external data — built into the workflow, not bolted on.

The MCP spec and SDKs evolve — re-verify transport guidance, annotation names, and SDK APIs against the current spec at modelcontextprotocol.io at use.

02.Tool Linter

Would this tool definition ship?

Describe a tool and set its scope, validation, and auth — see the verdict the kit returns, the same Pass / Fix / Block logic as the included mcpcheck.py.

Try it · lint a tool definition
Scope
Validates inputs
Scoped auth

Pass

  • Least-privilege scope, validated inputs, scoped auth, honest description.

Build MCP servers that are safe by default.

A grounded four-phase build workflow, tool-design and security patterns, a Tool Inventory + Security Checklist workbook, and this linter.

Get the MCP Server & Connector Builder Kit — $99

A clean lint is necessary, not sufficient — sensitive systems still need a real threat model. Guidance, not a security audit.

03.The Build Workflow

Research & plan, implement, review & test, evaluate.

A grounded four-phase loop with the security spine running through all of it — the backbone of the playbook, patterns, and linter.

1
Research & plan

Map the tool surface before you write code: what an agent actually needs, the data and actions to expose, and the narrowest scope that does the job.

2
Implement

Build with typed input/output schemas (TypeScript SDK + Zod, or Python FastMCP + Pydantic) and the standard annotations — readOnly, destructive, idempotent, openWorld.

3
Review & test

Inspect with the MCP Inspector, run the security checklist, and lint each tool Pass / Fix / Block before anything ships.

4
Evaluate

Test the server against realistic agent tasks — does the tool surface actually let an agent succeed, without footguns or surprises.

04.What's Inside

A playbook, patterns, a workbook, and a tool linter.

MCP Build Playbook (.docx)

MCP in a minute, the four-phase workflow, designing tools agents can use, the security spine, and prompt-injection-aware design.

Templates (.docx)

Tool-design and security patterns — schema shapes, annotation usage, scope and auth patterns, and injection-aware description rules.

MCP Builder Workbook (.xlsx)

A tool inventory with a Pass / Fix / Block verdict per tool, a security checklist that rolls up to Secure / Gaps, and a dashboard.

mcpcheck.py (runnable)

Lint a tool definition Pass / Fix / Block — a leaked secret, over-broad scope, or dangerous capability is a hard Block. Zero dependencies; runs keyless.

mcp-config.json

The editable term lists behind the linter — secret patterns, injection signals, and over-promise phrases. Tune them to your stack.

05.Straight Talk

Security guidance — honest about what it isn’t.

  • Not a security audit

    The linter catches the mistakes that ship most often. A clean result is necessary, not sufficient — sensitive systems still need a real threat model and review.

  • Least privilege, always

    The default that prevents most damage: scope to the narrowest token that works, gate destructive actions, and never put a secret in a description.

  • Treat external data as untrusted

    Returned data and tool descriptions can carry injected instructions. The patterns are built to assume that, not hope otherwise.

  • Re-verify the spec

    MCP and its SDKs move fast. Check transport guidance, annotation names, and SDK APIs against the current spec and READMEs before you ship.

07.Common Questions

The questions engineers actually ask before they ship a connector.

A kit for building Model Context Protocol (MCP) servers that are useful to agents and safe by default. It includes a grounded four-phase build workflow (Research & plan, Implement, Review & test, Evaluate), tool-design and security patterns, a Tool Inventory + Security Checklist workbook, and mcpcheck.py — a linter that returns Pass / Fix / Block on a tool definition, where a leaked secret, an over-broad scope, or a dangerous capability is a hard Block.

build workflow · patterns · workbook · tool linter · $99

Useful — and safe.

Build MCP servers an agent can actually use, without the leaked secrets and over-broad scopes that ship most often. A grounded workflow, the security spine, and a Pass/Fix/Block linter. One-time $99, yours to keep.

Sold by RedHub AI LLC · Secured by Stripe · Security guidance, not a security audit · redhub.ai