Skip to content

Security: royforlinux/openocd-mcu-mcp

Security

SECURITY.md

Security

OpenOCD MCU MCP can halt, resume, reset, read, and write real target hardware through OpenOCD.

Report security-sensitive issues privately if they involve unsafe command execution, unintended host file access, or a way for an MCP client to perform hardware-changing operations outside the documented tool surface.

Operational safety notes:

  • Run the MCP server only for clients you trust.
  • Use a dedicated workbench target when testing write, reset, flash, or raw OpenOCD commands.
  • The CLI keeps explicit confirmation flags for dangerous operations; the MCP server exposes direct tools for agent workflows and relies on client/user intent.
  • Do not expose the OpenOCD telnet port to untrusted networks.

There aren't any published security advisories