AnySlate - Modern Markdown Editor
AnySlate - Modern Markdown Editor

MCP Security

Learn how AnySlate secures your MCP integration and best practices for protecting your workspace.

Security Features

Token Hashing

All tokens are hashed with SHA-256 before storage. The plain text token is never saved, only its cryptographic hash for verification.

Subscription Gating

MCP access requires a Professional subscription, ensuring only authorized users can connect AI agents to their workspace.

Audit Logging

Every MCP operation is logged with timestamp, IP address, and operation details. Review your audit logs anytime.

Token Expiration

Set expiration dates on tokens to automatically revoke access after a period. Reduces risk if tokens are ever compromised.

Permission Scopes

The scope system ensures AI agents only have access to what they need:

Read Scope

read - Lists files, searches, reads content, views history. Minimal access for AI agents that only analyze your workspace.

Write Scope

write - Creates, updates, edits sections, deletes files. Required for AI agents that need to modify your workspace.

Search Scope

search - Enhanced search with fuzzy matching. Useful for AI agents that need to find files quickly.

Audit Logs

Every operation performed through MCP is logged. You can view audit logs in the AnySlate desktop app:

  1. Open Account Settings → API Tokens
  2. Click on any token to view its details
  3. Click "View Audit Log" to see all operations

Audit Log Fields

Timestamp:2024-01-15T10:30:00Z
Action:read_resource
Resource:file_id
Status:success

Security Best Practices

Use minimum required scopes

Only grant write scope if your AI agent absolutely needs to modify files. Read-only tokens are safer for analysis tasks.

Set token expiration

Always set an expiration date. 30-90 days is a good balance between convenience and security.

Use descriptive token names

Name tokens after their use case (e.g., "Claude Desktop Work", "Cursor Project X") to easily identify and manage them.

Regularly review audit logs

Check your audit logs periodically for any unexpected access or operations.

Never commit tokens to git

Tokens provide full workspace access. Never add them to version control, even in private repositories.

Rotate compromised tokens immediately

If you suspect a token has been exposed, revoke it immediately and create a new one.

Rate Limiting

To prevent abuse and ensure fair usage, MCP requests are rate-limited:

100
Read operations / minute
20
Write operations / minute

Rate limits are per-user and reset every minute. If you exceed the limit, you'll receive a 429 Too Many Requests response.

Client SetupBack to MCP Overview