Security certification for MCP servers
CrewAI crews increasingly use MCP servers as tools. These servers execute arbitrary code on the user machine. How do we verify they are safe?
We built Sentinel — a 3-layer security audit that has certified 11,115+ MCP servers with signed SHA-256 certificates.
What Sentinel does
- L1.5: Metadata checks (AUTH, prompt injection, CORS, OAuth)
- L1.6: Static analysis (18 Semgrep rules + 18 secret patterns + OSV dependency check)
- L2: Docker sandbox with active MCP probing (adversarial inputs: path traversal, SSRF, SQL injection)
Results
Proposal for CrewAI
Could CrewAI add a verify_security option when connecting MCP tools to crews?
from crewai import Agent, Crew
agent = Agent(role="Researcher", ...)
agent.connect_mcp(url="...", verify_security=True)
Links
Would the CrewAI community be interested in agent tool security?
Security certification for MCP servers
CrewAI crews increasingly use MCP servers as tools. These servers execute arbitrary code on the user machine. How do we verify they are safe?
We built Sentinel — a 3-layer security audit that has certified 11,115+ MCP servers with signed SHA-256 certificates.
What Sentinel does
Results
Proposal for CrewAI
Could CrewAI add a
verify_securityoption when connecting MCP tools to crews?Links
Would the CrewAI community be interested in agent tool security?