Skip to main content
Craft MCP tools are protected by multiple security layers to ensure your content stays safe while remaining accessible to the tools you authorize.

Security Layers

1. Space-Based MCP Server Management

MCP servers are tied to spaces, so only logged-in Craft users with access to a given space can manage its MCP settings. On an individual plan, you’re the only one who can manage your MCP servers. Every MCP link contains a cryptographically secure random, non-guessable string. This works automatically without any configuration. Even without password protection (i.e. ‘public’ access), your MCP connections can only be used by people you explicitly share the URL with or those who can access the given space.

3. Optional Password Protection (OAuth 2.0)

If you’re concerned that you might accidentally leak the URL, you can add password protection. Set a password on the Imagine page, and you’ll need to enter it when first connecting your MCP client (e.g., ChatGPT, Claude).
Some MCP clients ask for an “OAuth Client ID” and “OAuth Client Secret.” You can leave these fields empty for Craft MCPs. Our password protection uses OAuth 2.0 with dynamic client registration, so no pre-configured credentials are needed other than the URL and the password.
We chose password-based authentication because other OAuth methods (like pre-shared client secrets) felt less convenient from a UX perspective, while the password-based authentication still offers two secrets (the secret link and the password).

4. Read/Write Permissions

You can restrict agents to read-only or write-only operations, limiting what actions they can perform.

5. Scope Limitations

You can limit an agent’s access to:
  • A predefined set of documents
  • Daily notes and tasks within a space
  • Specific folders (v3.3.5+)
  • Documents matching search criteria (v3.3.5+)

Protection for Embedded Content

These security layers also protect content within your documents, including links to files and images. While files and images don’t have separate authentication (due to limited MCP client support), their unguessable links can only be retrieved after authenticating to your MCP server. File and image links are rotated whenever you change your MCP server’s password, ensuring that any previously shared links become invalid.

Best Practices

  • Use password protection for MCP connections that access sensitive content
  • Regularly review and rotate MCP passwords
  • Limit connection scope to only the documents needed
  • Use read-only permissions when write access isn’t required
  • Monitor MCP connection usage in your space settings