Problem
When a Flowise agent calls an MCP tool, there's no framework-level hook to verify the server's trustworthiness before execution. Flowise has had documented MCP-related security vulnerabilities in the past, and currently there's no middleware layer to validate MCP servers before tool dispatch.
This is especially relevant for Flowise deployments where users configure MCP servers from untrusted sources.
Proposal
Add a configurable middleware/hook point that runs before any MCP tool execution:
// Example: pluggable trust verification
const flow = new Flowise({
mcpTrustVerifier: {
async verify(serverUri, toolName, params) {
// User brings their own verification logic
const result = await myTrustCheck(serverUri);
return { allowed: result.score > 0.5, reason: result.details };
}
}
});The hook should:
- Run before any MCP tool call is dispatched
- Receive the server URI, tool name, and parameters
- Return allow/deny/warn with optional metadata
- Be opt-in with zero overhead when not configured
Benefits
- Framework-agnostic: Users choose their own verification backend (local policy, external API, OWASP-aligned checks)
- Opt-in: Doesn't break existing workflows
- Extensible: Works with any trust scoring service or local policy engine
- Security: Addresses OWASP MCP Top 10 risks around unverified server trust (MCP08)
References
Problem
When a Flowise agent calls an MCP tool, there's no framework-level hook to verify the server's trustworthiness before execution. Flowise has had documented MCP-related security vulnerabilities in the past, and currently there's no middleware layer to validate MCP servers before tool dispatch.
This is especially relevant for Flowise deployments where users configure MCP servers from untrusted sources.
Proposal
Add a configurable middleware/hook point that runs before any MCP tool execution:
The hook should:
Benefits
References