Security

What MCPOrbit does, and doesn't do, with your data.

Short story: it's a desktop app. Your prompts, your responses, and your API keys never leave your machine. Here is the long version.

Code-signed and notarized.

  • Universal binary for Apple Silicon and Intel.
  • Signed with an Anthropic-issued Apple developer certificate.
  • Notarized with Apple's notary service — no Gatekeeper warnings.
  • No right-click-to-open, no xattr -d com.apple.quarantine.

No telemetry by default.

  • MCPOrbit ships with telemetry off.
  • An opt-in pipeline is on the roadmap for the Popular MCP Servers report.
  • When it ships, the public schema lives at /privacy/telemetry. Every field is documented there.
  • Opt-in is opt-in: equal-weight UI, one-click delete, no payloads ever (no prompts, no args, no responses, no env values).

Updates over a signed channel.

  • Auto-updates via electron-updater against DigitalOcean Spaces.
  • Update artefacts are signed with the same certificate as the app.
  • MCPOrbit refuses to apply an unsigned update.

Where your data goes

What stays on your machine. What leaves.

Stays local

  • API keys (in macOS Keychain)
  • Saved connections
  • Comparison configs
  • Drift baselines
  • JSON-RPC logs
  • Environment variable values
  • Recent prompts

Leaves your machine

  • Tool calls hit your MCP servers (your traffic, your contracts)
  • Tool calls hit your model providers (your API keys, your bill)
  • Auto-update polls the update server for a manifest
  • Eventually: opt-in telemetry — metadata only, never payloads

Open source

MCPOrbit is MIT-licensed.

The full source is on GitHub. Read it, fork it, embed it, ship a derivative. Audit the telemetry path yourself when it lands.

Vulnerability disclosure

Found a security issue?

Email [email protected]. We acknowledge within 48 hours and target 7-day fixes for high-severity issues. Coordinated disclosure preferred. We don't have a bounty programme today; we do say thank you publicly for any verified report unless you ask us not to.

Security FAQ

Is MCPOrbit SOC2 / ISO 27001 / HIPAA compliant?

Not today. MCPOrbit is a desktop client; it doesn't process your data on a server we control. The compliance frameworks designed for SaaS don't map cleanly. If you have a specific compliance question, email [email protected] and we'll answer honestly.

Where are my API keys stored?

macOS Keychain, scoped to the MCPOrbit application. Never written to disk in plaintext, never sent over the network.

Does MCPOrbit run with elevated privileges?

No. Standard user-level installation, no sudo, no kernel extension.

What about supply chain?

We pin npm dependencies, ship a lockfile, run npm auditon every release. We're a small team — be skeptical, look at the repo.

MCPOrbit

Test an MCP server in 60 seconds.

Download MCPOrbit for free. No signup, no telemetry. Hear about a server and test it before the curiosity wears off.

macOS 14+ · Apple Silicon & Intel · No account needed