Om MCP Security Risks and Recommendations

The main risks of connecting an authenticated Om MCP server to an LLM client and how to reduce them.

Connecting any authenticated MCP server to an LLM client changes the risk model. Om MCP is no exception. It is powerful because it keeps Om tools in the same session as your reasoning loop. That also means you should treat it like authenticated account access, not like a static docs page.

Main risks

Prompt injection

Untrusted content in your session can try to persuade the client to call tools you did not intend to run.

  • Keep manual approvals on
  • Review tool calls before approving them
  • Be cautious with untrusted pasted content or web results

Credential exposure

OAuth connections and direct API keys both represent authenticated Om account access.

  • Keep direct API keys separate from hosted MCP usage
  • Avoid sharing client config screenshots
  • Clear OAuth connections or rotate keys if exposed

Unintended launches

Some tools start work, retrieve exports, or launch Hub jobs rather than just reading data.

  • Review Diligence and Hub launches carefully
  • Read the client tool call before approving it
  • Start with read-oriented prompts

Unintended uploads

Artifact tools can create upload flows and upload bytes into Om workflows.

  • Approve upload tools carefully
  • Use a separate account or workspace for experimentation when possible
  • Keep artifact workflows intentional

Recommendations

  • Keep manual MCP tool approval on in Codex, Claude Code, and other clients.
  • Use hosted OAuth for the remote MCP and keep direct API keys separate.
  • Do not store direct API keys in tracked config, screenshots, or shared snippets.
  • Start with read-oriented prompts such as om_status, pricing_get, or dataset discovery.
  • Review Diligence, Data Access, Hub, and artifact operations before approving them.
  • Clear the OAuth connection or rotate direct API keys if you suspect the config or machine was exposed.

A practical safe starting point

Safer first session

1

Add the hosted Om MCP

Use `https://agents.omtx.ai/mcp` and complete the client’s OAuth login flow.

2

Verify health

Run `om_status` and `pricing_get`.

3

Inspect available data

Ask which proteins and datasets are available before asking for launches or uploads.

4

Move into launches intentionally

Only then ask for Diligence, Data Access retrieval, Hub launches, or artifact workflows.

What Om MCP is for

Om MCP is meant for authenticated use by the person or team controlling the Om account. It is not a public customer-facing demo interface and should not be treated like a no-risk unauthenticated tool surface.

Auth & SafetyTool CapabilitiesTroubleshooting