Skip to content

Sample Kotlin MCP server does not follow security best practices from modelcontextprotocol.io specification #232

New issue
New issue
Open
Open
Sample Kotlin MCP server does not follow security best practices from modelcontextprotocol.io specification#232
Labels
bugSomething isn't working
@kurt-r2c

Description

@kurt-r2c
kurt-r2c
opened on Aug 19, 2025

Describe the bug
Sample MCP server does not follow documented best practices of the most recent specification.

To Reproduce

https://github.com/modelcontextprotocol/kotlin-sdk/blob/main/samples/kotlin-mcp-server/src/commonMain/kotlin/server.kt#L100

https://modelcontextprotocol.io/specification/2025-06-18/basic/transports#security-warning

Expected behavior

Examples should follow opinionated best practices. People who are learning will copy-paste this behavior, and as long as it works they probably won't correct it (because they don't understand why it's a problem).

Also, this will cause models to get trained on "bad" behavior.

Logs
N/A

Additional context
N/A

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions