Vantage engineer who worked on this feature here. The security posture of MCP servers is still in its early stages (see “The ‘S’ in MCP Stands for Security” from three weeks ago [https://elenacross7.medium.com/%EF%B8%8F-the-s-in-mcp-stands...]). The recommendations above to use something like the 1Password CLI wrapper when invoking an MCP server seem sound.That being said, an easier-to-distribute user experience would be to leverage short-lived OAuth tokens that LLM clients such as Claude or Goose ultimately manage for the user. We’re exploring these avenues as we develop the server.
No comments yet.