Is MCPX - MCP Gateway MCP safe?
MCPX - MCP Gateway is a security MCP server. This is its security and risk review — what it can access, what that means for your team, and how to audit every MCP server your engineers run.
MCPX - MCP Gateway MCP can run code on the machine it's installed on.
This is the highest-risk capability class. A compromised or malicious version can run arbitrary commands with your developer's privileges. Sandbox it, and never run it on a machine that holds production credentials.
What MCPX - MCP Gateway MCP can access
Reads local files
Can read files on the developer's machine.
Writes local files
Can create, modify, or delete files on disk.
Executes shell commands
Can run commands or spawn processes on the host machine.
Fetches web content
Makes outbound HTTP requests to external URLs.
Writes databases
Can modify or delete database records.
Reads databases
Queries connected databases.
Classification is based on the server's category, published install command (stdio transport), and documented behavior. Source is public — verify the version you install matches the reviewed source.
Frequently asked
Is MCPX - MCP Gateway MCP safe to use?
MCPX - MCP Gateway is classified as Executes commands — it can run code on the machine it's installed on. This is the highest-risk capability class. A compromised or malicious version can run arbitrary commands with your developer's privileges. Sandbox it, and never run it on a machine that holds production credentials.
What can the MCPX - MCP Gateway MCP server access?
It has the following capabilities: reads local files, writes local files, executes shell commands, fetches web content, writes databases, reads databases.
How do I know which MCP servers my team has installed?
Most teams don't — MCP servers are configured per-machine with no central record. The free CuratedMCP Auditor CLI scans a developer machine in about 60 seconds and lists every MCP server across Claude Code, Cursor, Windsurf, and Copilot, flagging credential leaks and filesystem access. Run: npx @curatedmcp/auditor
Security reviews for similar servers
Risk classifications are maintained by CuratedMCP's catalog review.