Claude and Cursor MCP setup: a security-first guide
Adding MCP servers to Claude Desktop, Claude Code, or Cursor takes a few lines of JSON. Doing it safely takes a few more habits. Here is how to wire up servers without leaking secrets, over-exposing your filesystem, or quietly burning your context budget.
Where the config lives
- Claude Desktop:
claude_desktop_config.json - Cursor:
.cursor/mcp.json - VS Code:
.vscode/mcp.jsonor themcp.serverssetting - Project-level: a plain
.mcp.json
Keep secrets out of the file
Do not paste an API token directly into the config. It leaks through the file and through git history. Use an environment variable and reference it.
{
"mcpServers": {
"github": {
"type": "http",
"url": "https://mcp.example.com",
"headers": { "Authorization": "Bearer ${GITHUB_MCP_TOKEN}" }
}
}
}
Pin versions, do not auto-update
Running a server with npx -y package means you execute whatever was published most
recently. Pin an exact version like package@1.4.2 and review updates before adopting them.
Scope filesystem access
A filesystem server pointed at /Users or $HOME lets the model read and
write across your whole machine. Point it at the specific project directory instead.
Watch the server count
Every connected server loads its tool schemas into every request. If you have seven servers but use two, disable the other five. You will save context tokens and the model will pick tools more accurately.
Audit it in one command
Instead of checking all of this by hand, run a scanner over your config.
Free, local, zero-dependency
pipx install git+https://github.com/alih552/mcp-audit mcp-audit
It auto-detects Claude, Cursor, VS Code, and Windsurf configs and flags every issue above, plus a token-cost estimate.
mcp-audit on GitHubRelated: Authentication · Cut token usage · Security checklist