Om MCP Security Risks and Recommendations

The main risks of connecting an authenticated Om MCP server to an LLM client and how to reduce them.

Connecting any authenticated MCP server to an LLM client changes the risk model. Om MCP is no exception. It is powerful because it keeps Om tools in the same session as your reasoning loop. That also means you should treat it like authenticated account access, not like a static docs page.

Main risks

Prompt injection

Untrusted content in your session can try to persuade the client to call tools you did not intend to run.

  • Keep manual approvals on
  • Review tool calls before approving them
  • Be cautious with untrusted pasted content or web results

API key leakage

Your Om API key is the credential that gives the client access to the hosted Om MCP.

  • Keep it out of tracked files
  • Use environment variables or client-local secret storage
  • Rotate it if you think it was exposed

Unintended launches

Some tools start work, retrieve exports, or launch Hub jobs rather than just reading data.

  • Review Diligence and Hub launches carefully
  • Read the client tool call before approving it
  • Start with read-oriented prompts

Unintended uploads

Artifact tools can create upload flows and upload bytes into Om workflows.

  • Approve upload tools carefully
  • Use separate keys for experimentation when possible
  • Keep artifact workflows intentional

Recommendations

  • Keep manual MCP tool approval on in Codex, Claude Code, and other clients.
  • Use a dedicated Om API key per machine or environment.
  • Do not store the key in tracked config, screenshots, or shared snippets.
  • Start with read-oriented prompts such as om_status, pricing_get, or dataset discovery.
  • Review Diligence, Data Access, Hub, and artifact operations before approving them.
  • Rotate the key if you suspect the config or machine was exposed.

A practical safe starting point

Safer first session

1

Add the hosted Om MCP

Use `https://agents.omtx.ai/mcp` with your Om API key header.

2

Verify health

Run `om_status` and `pricing_get`.

3

Inspect available data

Ask which proteins and datasets are available before asking for launches or uploads.

4

Move into launches intentionally

Only then ask for Diligence, Data Access retrieval, Hub launches, or artifact workflows.

What Om MCP is for

Om MCP is meant for authenticated use by the person or team controlling the Om account and the API key. It is not a public customer-facing demo interface and should not be treated like a no-risk unauthenticated tool surface.

Auth & SafetyTool CapabilitiesTroubleshooting