Triage by Risk Level
| Risk Level | Indicators | Response |
|---|---|---|
| Critical | Unknown/suspicious source, broad permissions, external data exfiltration endpoints | Immediate removal, incident response, credential rotation |
| High | Third-party MCP not in catalog, access to sensitive data | Block via MDM, require security review before approval |
| Medium | Known vendor but not approved, limited scope | User education, migrate to Runlayer-managed version |
| Low | Known safe MCP, read-only access, internal only | Document and monitor, encourage migration to Runlayer |
Investigation Checklist
Gather Context
Gather Context
- Identify the user and their role
- Determine when the MCP was configured
- Review the MCP’s stated purpose and actual capabilities
- Check if the MCP connects to external endpoints
- Assess what data the MCP could access
Evaluate the MCP Source
Evaluate the MCP Source
- Is it from a known vendor (GitHub, Slack, etc.)?
- Is it an open-source project? Check repository activity and maintainers
- Is it internally developed? Verify with the development team
- Are there any known vulnerabilities or security advisories?
Determine Business Need
Determine Business Need
- Does the user have a legitimate business reason?
- Could an existing Runlayer-managed MCP fulfill the need?
- Is this a one-off or widespread usage pattern?
Remediation Options
Remediation Options
- Migrate: Help user set up equivalent Runlayer-managed MCP
- Approve: Submit for formal review and add to catalog
- Remove: Use MDM to remove configuration from device
- Block: Add to blocklist if malicious or prohibited