You run the MCP server outside of the agent sandbox so it doesn't have access to the credentials.
yes and also you can firewall the container so that it can only contact the mcp/proxy.
this way it doesn't download a trojan or leak your data to someone
yes and also you can firewall the container so that it can only contact the mcp/proxy.
this way it doesn't download a trojan or leak your data to someone