Threat-Model Your MCP Server
Agent QA & Security
90-120 minutes0/4 steps0%
Step 1 of 4
Inventory assets and entry points
Threat modeling starts with what is worth protecting and how it is reached.
First time here? Paste the Context Pack first so the AI understands your project - open it from the header above.
Prompt Capsule
Document the server's assets and entry points. ASSETS: everything the server can read (files, databases, APIs, secrets), write/mutate (filesystem, records, external calls), and the server process/host itself. ENTRY POINTS: each exposed tool (with its capability), the transport (stdio/local vs networked - networked massively expands the surface), the initialization/discovery interface, and any configuration inputs. For each entry point note the authority it wields (what it can touch) and who can reach it. Explicitly record the trust reality: the calling agent may be acting on injected instructions from untrusted content, so the server cannot assume its caller is benign. Deliver the asset+entry-point inventory.
Paste into EmergentFull Build: complete implementation prompt with explicit requirements
Quick is short. Full Build is recommended for most steps. Strict forces real logic when the AI keeps faking output.
Actual change check
Expected after this step
An inventory of assets and entry points with authority and reach.
Should NOT happen
- An existing feature broke
- A button only logs to console
- Data disappears after refresh
- Errors fail silently with no visible state
This is what should exist before you continue. If reality does not match, do not move on.
Track what changed, failed, or needs follow-up. Notes export with the flow.
Pass the Verify Gate to complete this step