// Use before connecting a new MCP server to your agent — produces a structured security review covering source, permissions, tools, network, and approvals.
Use when capturing an architecture decision so it survives turnover — produces an ADR-NNNN.md from context, options considered, and the chosen path.
Use when reviewing a proposed REST or GraphQL API change before merge — checks contract clarity, backwards compatibility, errors, pagination, auth, and naming.
Use when first encountering a new dataset — produces a structured profile (schema, missingness, distributions, outliers, gotchas) before any analysis.
Use after an incident is resolved — drafts a blameless postmortem from timeline notes, alerts, and chat threads.
Use when opening a PR — produces a clean PR description (what / why / how to verify / risks) from a branch diff against base.
Use when planning the next sprint — turns ticket intake + team capacity into a planned sprint with explicit non-goals.
| name | mcp-security-reviewer |
| description | Use before connecting a new MCP server to your agent — produces a structured security review covering source, permissions, tools, network, and approvals. |
| version | 0.1.0 |
| Name | Type | Required | Notes |
|---|---|---|---|
repo_url | string | yes | the MCP server's source |
version | string | yes | tag or commit SHA being adopted |
intended_use | string | yes | one paragraph: what we'll let it do |
references/mcp-risk-matrix.md)MCP_SERVER.md in mcp/<server>.mdlatest / floating refs)