This page outlines recommended security and configuration practices for using mcp-remote with the 101domain MCP endpoint. It focuses on safe version pinning, secure auth token handling, and conservative runtime flags so your setups remain stable, auditable, and resistant to accidental or malicious misuse.
Be sure to review our article, Essential Security Practices for API, MCP & AI Clients, for a more comprehensive overview of security best practices.
1. Consider Pinning the mcp-remote Version
Always pin to an explicit version. Using latest or no version means npx fetches whatever is current on every run — a supply chain or breaking change risk.
"mcp-remote@0.1.38" ✅ pinned to current stable
"mcp-remote" ❌ resolves to latest on every run
"mcp-remote@latest" ❌ same risk
Always add -y as the first npx argument to suppress the installation confirmation prompt:
"args": ["-y", "mcp-remote@0.1.38", ...]
2. Consider Auth Token Storage
|
Method |
Process listing safe |
Key off disk |
Recommended for |
|---|---|---|---|
|
System Keychain + wrapper script |
✅ Yes |
✅ Yes |
Production, long-lived keys |
|
|
✅ Yes |
❌ No |
Most users — significantly better than args |
|
Shell profile ( |
✅ Yes |
❌ No (in profile) |
Acceptable for dev/personal use |
|
|
❌ Exposed in |
❌ No |
Avoid — testing only |
Best practice: macOS Keychain wrapper
Store the key once:
security add-generic-password -s "101domain-mcp-key" -a "$USER" -w "your-api-key-here"
Create /usr/local/bin/101domain-mcp.sh:
#!/bin/bash
export AUTH_TOKEN=$(security find-generic-password -s "101domain-mcp-key" -w)
exec npx -y mcp-remote@0.1.38 https://mcp.101domain.com --silent
chmod +x /usr/local/bin/101domain-mcp.sh
Point your config to the script:
{
"mcpServers": {
"101domain": {
"command": "/usr/local/bin/101domain-mcp.sh"
}
}
}
Your config is now entirely secret-free and safe to share or commit.
3. Consider using the --silent Flag
By default, mcp-remote logs connection details to stdout, which can expose headers and token fragments in log files or terminal output. You may choose to always include --silent to suppress this.
4. Consider using the --ignore-tool for Read-Only Workflows
If your workflow only needs to read domain data, use --ignore-tool to block write/delete operations entirely at the mcp-remote layer:
"args": [
"-y", "mcp-remote@0.1.38",
"https://mcp.101domain.com",
"--silent",
"--ignore-tool", "delete*",
"--ignore-tool", "update*",
"--ignore-tool", "create*"
]
This supports wildcards and filters tools from both list responses and call requests.
5. Additional Practices
-
Scope your API key: Generate a key with only the permissions your client needs (read-only if you're not automating writes).
-
Rotate regularly: Treat MCP keys like passwords; rotate on a schedule and immediately on any suspected exposure.
-
Don't commit configs with keys: Add config files containing credentials to
.gitignore -
Review tool calls: Enable confirmation prompts in your client where available before actions execute against your domain portfolio
-
Troubleshooting: Clear cached tokens and restart your client; Read current MCP Client docs linked below.