From b5e9b95196053648e9c7d6b0912779fdabd9febc Mon Sep 17 00:00:00 2001
From: David Dworken <dworken@anthropic.com>
Date: Tue, 13 May 2025 11:48:00 -0700
Subject: [PATCH] Add warning about security risks of 2 MCP servers

---
 src/fetch/README.md     | 3 +++
 src/puppeteer/README.md | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/src/fetch/README.md b/src/fetch/README.md
index 0b02fcf9b6..16ef7f4272 100644
--- a/src/fetch/README.md
+++ b/src/fetch/README.md
@@ -2,6 +2,9 @@
 
 A Model Context Protocol server that provides web content fetching capabilities. This server enables LLMs to retrieve and process content from web pages, converting HTML to markdown for easier consumption.
 
+> [!CAUTION]
+> This server can access local/internal IP addresses and may represent a security risk. Exercise caution when using this MCP server to ensure this does not expose any sensitive data.
+
 The fetch tool will truncate the response, but by using the `start_index` argument, you can specify where to start the content extraction. This lets models read a webpage in chunks, until they find the information they need.
 
 ### Available Tools
diff --git a/src/puppeteer/README.md b/src/puppeteer/README.md
index 0364643786..0ed3c0fa30 100644
--- a/src/puppeteer/README.md
+++ b/src/puppeteer/README.md
@@ -2,6 +2,9 @@
 
 A Model Context Protocol server that provides browser automation capabilities using Puppeteer. This server enables LLMs to interact with web pages, take screenshots, and execute JavaScript in a real browser environment.
 
+> [!CAUTION]
+> This server can access local files and local/internal IP addresses since it runs a browser on your machine. Exercise caution when using this MCP server to ensure this does not expose any sensitive data.
+
 ## Components
 
 ### Tools