Request: Review auto-generated MCP permission manifest for Task_Master #130

New issue

Closed

opened 2025-10-14 15:43:12 -06:00 by navan · 0 comments

navan commented

2025-10-14 15:43:12 -06:00

Owner

Originally created by @buehler on 9/1/2025

Dear Authors / Maintainers,

We are researchers from the University of St. Gallen studying how to make Model Context Protocol (MCP) servers safer to run via a sandboxed permission system. As part of our study, we auto generated a permission manifest for your MCP server and would love your feedback on whether it is correct and complete.

The MCP server in question is: Task_Master

Please review the manifest below and let us know:

Are the permissions and their scopes correct?
Are any permissions missing?
Do any permissions need to be runtime-scoped (e.g., a specific project directory) rather than global?

Proposed manifest (please review)

{
  "description": "Task Master MCP Server: An MCP (Microservice Control Plane) server that exposes Task Master project management tools over an MCP protocol. It registers many Task Master tools (task listing, creation, updates, dependency management, project initialization, AI-driven task generation, etc.) and can use local MCP sampling sessions or external AI providers. The server reads and writes project files (tasks.json and related project metadata), may initialize project scaffolding, spawn the task-master CLI or local scripts, and calls external AI provider SDKs (OpenAI, Anthropic, Google Vertex, Ollama, etc.) when configured. It supports reading environment variables for configuration and API keys, and integrates with MCP sessions for session-scoped operations.",
  "permissions": [
    "mcp.ac.filesystem.read",
    "mcp.ac.filesystem.write",
    "mcp.ac.system.env.read",
    "mcp.ac.system.exec",
    "mcp.ac.network.client"
  ],
}

Please let us know if you have any questions and/or remarks.

In case you want to see the (current) full permission system:

MCP Permission System

Permission	Description	Notes
`mcp.ac.filesystem.read`	Read files/directories
`mcp.ac.filesystem.write`	Write/create files
`mcp.ac.filesystem.delete`	Delete files or directories
`mcp.ac.system.env.read`	Read environment variables	e.g., `API_KEY`, `PATH`
`mcp.ac.system.env.write`	Set environment variables	setting the env variables
`mcp.ac.system.exec`	Execute OS commands	CLI runners, shells
`mcp.ac.system.process`	List or kill processes
`mcp.ac.network.client`	General Outgoing network access
`mcp.ac.network.server`	Accept incoming connections
`mcp.ac.network.bluetooth`	Use Bluetooth connections	macOS TCC-protected
`mcp.ac.peripheral.camera`	Capture images/video	macOS TCC-controlled
`mcp.ac.peripheral.microphone`	Record audio	TCC-protected
`mcp.ac.peripheral.speaker`	Play audio
`mcp.ac.peripheral.screen.capture`	Screen capture	Requires consent (macOS: Screen Recording)
`mcp.ac.location`	Access location data	From Wi-Fi, IP, GNSS
`mcp.ac.notifications.post`	Show system notifications	macOS/Windows
`mcp.ac.clipboard.read` / `.write`	Read/write clipboard	Copy-paste support

Thank you very much for your time and your efforts in making MCP more secure.

*Originally created by @buehler on 9/1/2025* Dear Authors / Maintainers, We are researchers from the University of St. Gallen studying how to make Model Context Protocol (MCP) servers safer to run via a sandboxed permission system. As part of our study, we auto generated a permission manifest for your MCP server and would love your feedback on whether it is correct and complete. The MCP server in question is: Task_Master Please review the manifest below and let us know: * Are the permissions and their scopes correct? * Are any permissions missing? * Do any permissions need to be runtime-scoped (e.g., a specific project directory) rather than global? **Proposed manifest (please review)** ```json { "description": "Task Master MCP Server: An MCP (Microservice Control Plane) server that exposes Task Master project management tools over an MCP protocol. It registers many Task Master tools (task listing, creation, updates, dependency management, project initialization, AI-driven task generation, etc.) and can use local MCP sampling sessions or external AI providers. The server reads and writes project files (tasks.json and related project metadata), may initialize project scaffolding, spawn the task-master CLI or local scripts, and calls external AI provider SDKs (OpenAI, Anthropic, Google Vertex, Ollama, etc.) when configured. It supports reading environment variables for configuration and API keys, and integrates with MCP sessions for session-scoped operations.", "permissions": [ "mcp.ac.filesystem.read", "mcp.ac.filesystem.write", "mcp.ac.system.env.read", "mcp.ac.system.exec", "mcp.ac.network.client" ], } ``` Please let us know if you have any questions and/or remarks. In case you want to see the (current) full permission system: <details><summary>MCP Permission System</summary> <p> | Permission | Description | Notes | | ---------------------------------- | ------------------------------- | ------------------------------------------ | | `mcp.ac.filesystem.read` | Read files/directories | | | `mcp.ac.filesystem.write` | Write/create files | | | `mcp.ac.filesystem.delete` | Delete files or directories | | | `mcp.ac.system.env.read` | Read environment variables | e.g., `API_KEY`, `PATH` | | `mcp.ac.system.env.write` | Set environment variables | setting the env variables | | `mcp.ac.system.exec` | Execute OS commands | CLI runners, shells | | `mcp.ac.system.process` | List or kill processes | | | `mcp.ac.network.client` | General Outgoing network access | | | `mcp.ac.network.server` | Accept incoming connections | | | `mcp.ac.network.bluetooth` | Use Bluetooth connections | macOS TCC-protected | | `mcp.ac.peripheral.camera` | Capture images/video | macOS TCC-controlled | | `mcp.ac.peripheral.microphone` | Record audio | TCC-protected | | `mcp.ac.peripheral.speaker` | Play audio | | | `mcp.ac.peripheral.screen.capture` | Screen capture | Requires consent (macOS: Screen Recording) | | `mcp.ac.location` | Access location data | From Wi-Fi, IP, GNSS | | `mcp.ac.notifications.post` | Show system notifications | macOS/Windows | | `mcp.ac.clipboard.read` / `.write` | Read/write clipboard | Copy-paste support | </p> </details> Thank you very much for your time and your efforts in making MCP more secure.