MCP Preflight Local-first MCP trust review Run free scan
Guide

Filesystem server setup

Filesystem access is one of the fastest ways to expand blast radius. Keep the allowed surface narrow and obvious.

Back to guidesRun free scan
Section 1

Scope first

Review which directories the server can read or write and whether that scope is still justified after the first demo. �Works� is not the same as �safe enough for routine use.�

Section 2

Safer review posture

  • limit the path set to what the task actually needs
  • avoid broad environment forwarding when local files can already reveal enough
  • revisit scope after the initial setup so demo permissions do not become permanent
Section 3

Where the scanner helps

MCP Preflight can surface broad local scope and nearby setup risk, but you still need a human decision about what the fileserver should be allowed to touch at all.