PackMCP is a local-first planning tool. It does not currently proxy or execute MCP tools at runtime, but it does process tool manifests that may describe sensitive operations.
If you find a security issue, please open a private GitHub security advisory or contact the maintainer privately before opening a public issue.
- Treat uploaded manifests as sensitive when they expose internal tool names or schemas.
- Review generated allowlists before using them in production.
- Do not assume PackMCP's current risk heuristics are a substitute for a formal security review.