[Sane] Local MCP

TLDR;

1. Local MCP isn't safe, but it doesn't need to be this way
2. We introduce a preview CLI that helps fix it (Sane Local MCP)

🤔 SO what’s YOUR MCP Strategy

There's WAY too much hype about MCP on the internet—also, a healthy degree of skepticism.

MCP stands for Model Context Protocol, for those hiding under a rock. Anthropic created it to help scale the integrations used by Claude.

It's a big deal.

I was a passive follower until recently. We've been hard at work building the OpenInt V1 platform, working to make it the best API and self-serve experience possible.

But then I got this from one of our valued customers. 

And so my Sunday was ruined (JK!)

I realized that while I NEEDED a strong set of opinions on where MCP is going. It moves sooo quickly that I simply didn’t know. 

And to be clear, there’s still a lot that I don’t know and given the nature of it I CANT know. 

And maybe one day I will publish my internal mental model I used to help this customer think through his MCP integrations strategy. 

But for today, here’s what I think will be a good contribution to the community. 

🛑 The Problem with Local STDIO MCP Servers

Local MCP servers using STDIO are inherently risky. 

They operate with the same privileges as the host process, which means a malicious or misconfigured server can access sensitive files, execute arbitrary code, or exfiltrate data without proper isolation. 

This lack of sandboxing poses significant security concerns, especially when integrating third-party MCP servers.​

The Damn Vulnerable MCP project published yesterday does a great job of detailing some of the vulnerabilities with it. 

And NO, I don’t happen to think that the solution of moving everything to cloud remote servers fixes everything (as is convenient for SaaS vendors that sell you hosted MCP servers). 

✅ The Solution: Sane Local MCP (Alpha Preview)

To address these security challenges, we've developed Sane Local MCP, a CLI tool that wraps any MCP server—whether from NPM or a GitHub repository—into a Docker container. 

This approach ensures that each server runs in an isolated environment, mitigating the risks associated with direct STDIO execution.​

Usage Examples:

• Run an NPM-based MCP server

npx @openint/mcp-cli npx modelcontextprotocol/server-sequential-thinking

You can pass environment variables using the -e flag:​

npx @openint/mcp-cli -e API_KEY=your_api_key npx @modelcontextprotocol/server-example

In the GitHub repo, we provide examples on how to use this on Cursor, Claude and Windmill.

Easy to monitor and manage

This enables you to monitor each of your running MCP servers within the Docker Destop UI and get centralized logging and diagnostics on it.

How to improve this (Free startup ideas!):

➡️ Support more than just NodeJS, perhaps with a different container image per CLI

➡️ On Linux, explore unikernels or Firecracker VM

➡️ On Mac containerize using the native container APIs

➡️ Have this work for also remote servers, perhaps create a single remote server proxy that works passthrough for remote and same API for STDIO based servers

➡️ Same CLI to work for running in the dev machine and also in the cloud for kubernetes with remote config