Early bird discounts live! Claim your offer
MemberPass Logo
Back to MemberPass

MCP Security

Token scoping, revocation, audit trail, and handling leaked MCP credentials.

Threat model

The MCP server accepts bearer tokens over HTTPS and runs the request inside the same tenancy boundary as the REST API. The most common risks are:

  1. Token leaking into LLM conversation logs — Claude Desktop, Cursor, and ChatGPT Desktop all log the session. A developer sharing a transcript can leak the Authorization header if the client logs it.
  2. Over-privileged tokens — minting with mcp:full + every ability makes a leak catastrophic.
  3. Accidental writes — an eager agent executing a tool that turns out to mutate state.

We design for the first two and accept the third as a prompt-engineering issue. Below are the controls.

Prefix scanning

All tokens start with mpt_. GitHub's secret scanning treats this as a MemberPass-specific credential and alerts on push. If a token lands in a public repo, we usually find out before the creator does.

Mandatory team scope

Every token carries scope:team:<uuid> frozen at mint time. A leaked token is constrained to exactly one team — it can never pivot. Project-level scope:project:<uuid> tuples tighten this further.

Minimum-privilege defaults

The token-minting UI pre-selects no abilities and makes you opt into each. This is deliberate friction — most tokens only need two or three abilities.

Expiry

Tokens do not expire automatically. Long-lived "production" tokens (Zapier, CI, ops dashboards) should be rotated manually on your own cadence — revoke the old token in the dashboard, mint a fresh one with the same abilities, and update the client config.

Revocation

Revoke a token from Settings → API Tokens → Revoke. Revocation is immediate; any client still holding the token gets AUTHENTICATION_REQUIRED on its next call.

Audit trail

Every MCP tool invocation is recorded in the activity log with the invoking user as the causer, the subject entity, and an actor_kind field that distinguishes MCP calls from dashboard and REST actions. Review what an agent did in Settings → Activity Log, or read the log over the API via the get_activity_log MCP tool or GET /v1/activity REST endpoint.

Leaked-credential playbook

  1. Revoke the token in Settings → API Tokens.
  2. Review the audit trail for the last 24 hours under that token's causer_id.
  3. If writes happened you didn't authorise, contact support with the token ID (not the secret).
  4. Mint a replacement token with the same abilities.
  5. Update the client config (Claude Desktop, Cursor, etc.) with the new token.

How is this guide?

Prompting Guide

Patterns that work well when asking an LLM to drive the MemberPass MCP server.

MCP Troubleshooting

Common MCP failure modes and how to resolve them.

On this page

Threat model
Prefix scanning
Mandatory team scope
Minimum-privilege defaults
Expiry
Revocation
Audit trail
Leaked-credential playbook
Related

MemberPass is a product designed by you — for you.

No boardroom full of executives deciding what we ships next. Our roadmap always shaped by you with your feedback.

Share feedback or a request