no-credential-forwarding
OfficialSecure MCP servers by preventing credential leakage during integrations.
AuthorRedHatProductSecurity
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill prevents MCP servers from forwarding user credentials or tokens, reducing security risks associated with token leaks and misuse.
Core Features & Use Cases
- Defense Against Credential Leakage: Ensures MCP servers do not pass user tokens to third-party tools or APIs, safeguarding user data.
- Secure Integration Practices: Guides developers to implement OAuth flows and service accounts for external access.
- Use Case: When building or auditing MCP integrations, verify that credentials are obtained via secure methods rather than forwarding user tokens, ensuring compliance with security standards.
Quick Start
Use the no-credential-forwarding skill to review MCP server code for proper credential handling practices.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: no-credential-forwarding Download link: https://github.com/RedHatProductSecurity/prodsec-skills/archive/main.zip#no-credential-forwarding Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.