roots-support
OfficialEnforce filesystem boundaries in MCP servers for secure operations.
AuthorRedHatProductSecurity
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps developers and security teams ensure MCP servers strictly adhere to declared filesystem roots, preventing unauthorized access and path traversal vulnerabilities.
Core Features & Use Cases
- Root Declaration Enforcement: Validates that MCP servers accept and respect client-declared root boundaries.
- Path Validation: Performs path canonicalization, resolving symlinks and relative paths to enforce security constraints.
- Use Case: During server review, verify that a MCP server properly restricts access to
/home/user/projectand blocks attempts to traverse outside this directory.
Quick Start
Use the roots-support skill to verify that your MCP server enforces root boundaries correctly.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: roots-support Download link: https://github.com/RedHatProductSecurity/prodsec-skills/archive/main.zip#roots-support Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.