Threat-Model Your MCP Server
0/4 steps0%

Step 1 of 4

Inventory assets and entry points

Threat modeling starts with what is worth protecting and how it is reached.

First time here? Paste the Context Pack first so the AI understands your project - open it from the header above.

Prompt Capsule
Document the server's assets and entry points. ASSETS: everything the server can read (files, databases, APIs, secrets), write/mutate (filesystem, records, external calls), and the server process/host itself. ENTRY POINTS: each exposed tool (with its capability), the transport (stdio/local vs networked - networked massively expands the surface), the initialization/discovery interface, and any configuration inputs. For each entry point note the authority it wields (what it can touch) and who can reach it. Explicitly record the trust reality: the calling agent may be acting on injected instructions from untrusted content, so the server cannot assume its caller is benign. Deliver the asset+entry-point inventory.
Paste into EmergentFull Build: complete implementation prompt with explicit requirements

Quick is short. Full Build is recommended for most steps. Strict forces real logic when the AI keeps faking output.

Actual change check

Expected after this step

An inventory of assets and entry points with authority and reach.

Should NOT happen

  • An existing feature broke
  • A button only logs to console
  • Data disappears after refresh
  • Errors fail silently with no visible state

This is what should exist before you continue. If reality does not match, do not move on.

Track what changed, failed, or needs follow-up. Notes export with the flow.

Made with Emergent