Sharing MCP Servers in Plugged.in
This document explains how MCP server sharing works in Plugged.in, focusing on security practices and how sensitive information is handled.Security Overview
When you share an MCP server in Plugged.in, we prioritize security by ensuring that sensitive information like credentials, API keys, and private URLs are never exposed to other users.What Information is Shared?
When you share a server, the following information is shared:Shared Information
- Server title and description
- Server type (STDIO, SSE, or Streamable HTTP)
- Basic command and arguments structure
- URL structure (with credentials removed)
Protected Information
- Passwords and API keys in database URLs
- Environment variables containing secrets
- Authentication tokens
- Private API keys
- Any other credentials
How Sanitization Works
When you share an MCP server, Plugged.in automatically performs these security measures:1
Template Creation
We create a sanitized template of your server configuration
2
Credential Removal
Any passwords in connection strings are replaced with placeholders
3
Environment Variable Protection
Sensitive environment variables are replaced with descriptive placeholders
4
API Key Protection
API keys in URLs or parameters are removed
Example of Sanitization
When Importing Shared Servers
When someone imports a server you’ve shared:- They receive the sanitized template with placeholders
- They must provide their own credentials to make the server work
- The template serves as a guide for proper configuration
- A note indicates that the server was imported from a shared template
Imported servers are marked with a special indicator showing they came from a shared template, helping users understand they need to configure their own credentials.
Best Practices
Even with these protections in place, it’s good practice to:Review Before Sharing
Review Before Sharing
Always review what you’re sharing before making it public. Check the server configuration preview to ensure no sensitive data is visible.
Use Descriptive Information
Use Descriptive Information
Provide clear titles and descriptions to help others understand the purpose of the server and any specific requirements.
Add Setup Instructions
Add Setup Instructions
Consider adding setup instructions in the description if there are specific requirements or configuration steps needed.
Test the Template
Test the Template
If possible, test importing your own shared server to verify the sanitization worked correctly.
Sharing Process
Making a Server Public
- Navigate to your MCP Servers page
- Click on the server you want to share
- Toggle the “Share” option
- Review the sanitized configuration
- Add a description for other users
- Confirm sharing
Discovering Shared Servers
Users can discover shared servers through:- Search Page: Browse all publicly shared servers at
/search - Search: Find servers by name or description
- Trending: View popular servers based on usage
- User Profiles: See servers shared by specific users
Privacy Considerations
Your privacy is protected:
- Original configuration data never leaves your account
- Sanitization happens server-side before sharing
- You can unshare a server at any time
- Usage statistics are anonymous
Troubleshooting
Common Issues
If an imported server isn’t working:
- Verify you’ve replaced all placeholder values
- Check environment variable names match
- Ensure API keys are correctly formatted
- Test connection strings separately