From prodsec-skills
Enforces authentication for agents connecting to MCP servers via MCP clients using SPIFFE/SPIRE+mTLS or OAuth fallback.
How this skill is triggered — by the user, by Claude, or both
Slash command
/prodsec-skills:agent-to-mcp-server-authThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
When an agent connects through an MCP client to an MCP server, authentication SHOULD use SPIFFE/SPIRE+mTLS (the service-to-service recommendation).
When an agent connects through an MCP client to an MCP server, authentication SHOULD use SPIFFE/SPIRE+mTLS (the service-to-service recommendation).
The agent (running as a workload) obtains a SVID from SPIRE and establishes an mTLS connection to the MCP server. Both parties authenticate each other via their SPIFFE IDs.
Agent (workload)
→ Obtains SVID from SPIRE Agent
→ MCP Client establishes mTLS to MCP Server
→ MCP Server validates agent's SPIFFE ID
→ MCP Server authorizes based on SPIFFE ID
If SPIFFE/SPIRE is not feasible, the agent and MCP client MAY act as an OAuth client and obtain permission from the user to access the MCP server (the resource server).
| Aspect | Impact |
|---|---|
| Audit trail | Actions are logged as performed by the user, not the agent |
| Permissions | Agent operates with the user's permission scope |
| Acceptability | Similar to regular applications running with user permissions |
| Recommendation | Acceptable but not ideal; prefer SPIFFE/SPIRE when possible |
1. Agent needs to access MCP server resource
2. MCP client initiates OAuth flow on behalf of the user
3. User grants permission (consent) for the agent to access the MCP server
4. MCP client obtains access token scoped to the MCP server
5. Agent uses the token through MCP client to access MCP server
6. All actions are logged under the user's identity
npx claudepluginhub redhatproductsecurity/prodsec-skills --plugin prodsec-skillsEnforces SPIFFE/SPIRE plus mTLS for authenticating agent-to-agent communication. Use when designing or reviewing multi-agent system security.
Implements MCP server authentication with OAuth Dynamic Client Registration (RFC 7591), PKCE, and per-agent credential support for bearer tokens and API keys.
Implements MCP server authentication using OAuth dynamic client registration (RFC 7591/8414), PKCE, bearer tokens, and API keys for admin UIs. Supports per-agent credentials, metadata discovery, token exchange, and tool sync for providers like Linear, Sentry.