TKOResearch
Menu

Resource

Map every MCP tool before the agent can use it.

A worksheet for listing MCP servers, tools, OAuth scopes, tokens, actions, approval gates, and logs so teams can see blast radius clearly.

What you receive

Concrete outputs for a specific decision.

  • MCP server inventory
  • Tool permission matrix
  • OAuth scope and token notes
  • Read/write/delete/send/execute action table
  • Approval gate and logging checklist

Work product

Worksheet preview

The worksheet is designed to be filled out directly by platform, security, and engineering owners before a tool-use review.

Tool row

Server: github-mcp. Tool: create_pull_request. Action: write. Credential: user-scoped OAuth. Approval: required before open PR.

  • Owner
  • Environment
  • Data touched
  • Rollback path

High-impact action gate

Any send, delete, deploy, merge, payment, permission, or customer-visible action must have server-side policy and an audit record.

Log review

Record prompt, tool name, parameters, result, approver, denied action, and emergency disablement path.

01

Worksheet columns

  • MCP server, client, owner, environment, and data touched
  • Tool name, parameters, destructive potential, and default authorization
  • Credential source, OAuth scope, token lifetime, and user binding
  • Approval gate, log location, rate limit, rollback path, and emergency disablement

Next step

Start with the decision and the system boundary.

Request editable worksheet