Request: Review auto-generated MCP permission manifest for Clerk

[buehler]

Dear Authors / Maintainers,

We are researchers from the University of St. Gallen studying how to make Model Context Protocol (MCP) servers safer to run via a sandboxed permission system. As part of our study, we auto generated a permission manifest for your MCP server and would love your feedback on whether it is correct and complete.

The MCP server in question is: Clerk

Please review the manifest below and let us know:

• Are the permissions and their scopes correct?
• Are any permissions missing?
• Do any permissions need to be runtime-scoped (e.g., a specific project directory) rather than global?

Proposed manifest (please review)

{
  "description": "Clerk Agent Toolkit MCP server: exposes Clerk backend functionality (users, organizations, invitations) as MCP tools over stdio. Authenticates via environment variables and performs outgoing HTTPS requests to Clerk APIs.",
  "permissions": [
    "mcp.ac.system.env.read",
    "mcp.ac.network.client"
  ]
}

Please let us know if you have any questions and/or remarks.

In case you want to see the (current) full permission system:

MCP Permission System

Permission	Description	Notes
mcp.ac.filesystem.read	Read files/directories
mcp.ac.filesystem.write	Write/create files
mcp.ac.filesystem.delete	Delete files or directories
mcp.ac.system.env.read	Read environment variables	e.g., API_KEY, PATH
mcp.ac.system.env.write	Set environment variables	setting the env variables
mcp.ac.system.exec	Execute OS commands	CLI runners, shells
mcp.ac.system.process	List or kill processes
mcp.ac.network.client	General Outgoing network access
mcp.ac.network.server	Accept incoming connections
mcp.ac.network.bluetooth	Use Bluetooth connections	macOS TCC-protected
mcp.ac.peripheral.camera	Capture images/video	macOS TCC-controlled
mcp.ac.peripheral.microphone	Record audio	TCC-protected
mcp.ac.peripheral.speaker	Play audio
mcp.ac.peripheral.screen.capture	Screen capture	Requires consent (macOS: Screen Recording)
mcp.ac.location	Access location data	From Wi-Fi, IP, GNSS
mcp.ac.notifications.post	Show system notifications	macOS/Windows
mcp.ac.clipboard.read / .write	Read/write clipboard	Copy-paste support

Thank you very much for your time and your efforts in making MCP more secure.

[wobsoriano]

Thank you for reaching out!

The two permissions listed are accurate:

• mcp.ac.system.env.read - Required for reading Clerk environment variables (CLERK_SECRET_KEY, CLERK_PUBLISHABLE_KEY, etc.)
• mcp.ac.network.client - Required for making HTTPS requests to Clerk's Backend APIs

I don't think there's any additional permissions needed as the server only reads environment variables and makes outgoing network requests to Clerk APIs.

I'll also share this with our team to get additional input 👍🏼

[buehler]

Cool! Thank you so much for your feedback!