Triage by Risk Level
Shadow MCP Servers
| Risk Level | Indicators | Response |
|---|---|---|
| Critical | Unknown/suspicious source, broad permissions, external data exfiltration endpoints | Immediate removal, incident response, credential rotation |
| High | Third-party MCP not in catalog, access to sensitive data | Block via MDM, require security review before approval |
| Medium | Known vendor but not approved, limited scope | User education, migrate to Runlayer-managed version |
| Low | Known safe MCP, read-only access, internal only | Document and monitor, encourage migration to Runlayer |
Shadow Skills
| Risk Level | Indicators | Response |
|---|---|---|
| High | Risky instructions detected — prompt injection, data exfiltration patterns, unsafe automation | Immediate removal, investigate source repository |
| Medium | Potentially risky characteristics that warrant review | Security review, verify skill source and intent |
| Low | Minor concerns, unlikely to pose a threat | Monitor, encourage migration to managed skill |
| Minimal | No concerning patterns detected | Document and track |
Investigation Checklist
Gather Context
Gather Context
- Identify the user and their role
- Determine when the MCP or skill was configured/installed
- Review the stated purpose and actual capabilities
- Check if the MCP connects to external endpoints
- Assess what data the MCP or skill could access
Evaluate MCP Server Source
Evaluate MCP Server Source
- Is it from a known vendor (GitHub, Slack, etc.)?
- Is it an open-source project? Check repository activity and maintainers
- Is it internally developed? Verify with the development team
- Are there any known vulnerabilities or security advisories?
Evaluate Skill Source
Evaluate Skill Source
- Is the skill from a trusted, known repository?
- Does the skill contain instructions that could manipulate AI behavior (prompt injection)?
- Does the skill instruct the AI to send data to external endpoints?
- Is the skill a community skill or internally developed?
- Does the skill’s scope match the user’s legitimate needs?
Determine Business Need
Determine Business Need
- Does the user have a legitimate business reason?
- Could an existing Runlayer-managed MCP or skill fulfill the need?
- Is this a one-off or widespread usage pattern?
Remediation Options
Remediation Options
- Migrate: Help user set up equivalent Runlayer-managed MCP or skill
- Approve: Submit for formal review and add to catalog
- Remove: Use MDM to remove configuration from device
- Block: Add to blocklist if risky or prohibited
Response Workflow
Related Resources
Security Dashboard
Monitor security events and shadow alerts
Security Best Practices
Comprehensive MCP security guidelines and threat prevention
Audit Logs
View detailed activity logs for investigations
Admin Handbook
Complete administrator guide including approval workflows