- Understand what risk each MCP server adds.
- Separate credentials, permissions, and sandbox environments.
- Design allowlists and usage rules for teams.
{
"mcpServers": {
"github-readonly": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-github"],
"env": {
"GITHUB_PERSONAL_ACCESS_TOKEN": "${GITHUB_READONLY_TOKEN}"
}
}
}
}Best practices
- Use read-only tokens when the workflow does not need to write.
- Separate development, preview, and production tokens.
- Do not put secrets in repositories, prompts, or screenshots.
- Review what tools each MCP exposes before approving it.
- Limit allowed servers for teams through managed settings if you have them.