Show security warning only when --no-auth is used

- Only display "Anyone with the URL can access your server" when authentication is disabled
- When auth is enabled, show API key and authentication instructions instead
- Apply this logic to both 'mcpm share' and 'mcpm profile share' commands
- Improve user awareness of security implications based on auth settings

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>

Author: niechen

src/mcpm/commands/profile/share.py

@@ -105,6 +105,8 @@ async def share_profile_fastmcp(profile_servers, profile_name, port, address, ht
             if not no_auth and api_key:
                 console.print(f"[bold green]API Key:[/] [cyan]{api_key}[/]")
                 console.print(f"[dim]Provide this key in the 'Authorization' header as a Bearer token.[/]")
+            else:
+                console.print("[bold red]Warning:[/] Anyone with the URL can access your servers.")
             console.print()
             console.print("[bold]Connection URLs:[/]")
             console.print(f"  • Streamable HTTP: [cyan]{public_url}/mcp/[/]")

src/mcpm/commands/share.py

@@ -219,7 +219,8 @@ async def _share_async(server_config, server_name, port, remote_host, remote_por
         if not no_auth and api_key:
             console.print(f"[bold green]API Key:[/] [cyan]{api_key}[/]")
             console.print(f"[dim]Provide this key in the 'Authorization' header as a Bearer token.[/]")
-        console.print("[bold red]Warning:[/] Anyone with the URL can access your server.")
+        else:
+            console.print("[bold red]Warning:[/] Anyone with the URL can access your server.")
         console.print("[yellow]Press Ctrl+C to stop sharing and terminate the server[/]")
 
         # Keep running until interrupted