Request: Review auto-generated MCP permission manifest for Gemini_CLI #34
Description
Dear Authors / Maintainers,
We are researchers from the University of St. Gallen studying how to make Model Context Protocol (MCP) servers safer to run via a sandboxed permission system. As part of our study, we auto generated a permission manifest for your MCP server and would love your feedback on whether it is correct and complete.
The MCP server in question is: Gemini_CLI
Please review the manifest below and let us know:
- Are the permissions and their scopes correct?
- Are any permissions missing?
- Do any permissions need to be runtime-scoped (e.g., a specific project directory) rather than global?
Proposed manifest (please review)
{
"description": "Gemini CLI MCP server: a Node.js MCP server that bridges MCP clients to the local Google Gemini CLI. It spawns the 'gemini' CLI to run prompts (including change-mode and sandbox features), streams progress over stdio, and caches parsed edit chunks in the OS temporary directory for continuation.",
"permissions": [
"mcp.ac.system.exec",
"mcp.ac.system.env.read",
"mcp.ac.network.client",
"mcp.ac.filesystem.read",
"mcp.ac.filesystem.write",
"mcp.ac.filesystem.delete"
]
}Please let us know if you have any questions and/or remarks.
In case you want to see the (current) full permission system:
MCP Permission System
| Permission | Description | Notes |
|---|---|---|
mcp.ac.filesystem.read |
Read files/directories | |
mcp.ac.filesystem.write |
Write/create files | |
mcp.ac.filesystem.delete |
Delete files or directories | |
mcp.ac.system.env.read |
Read environment variables | e.g., API_KEY, PATH |
mcp.ac.system.env.write |
Set environment variables | setting the env variables |
mcp.ac.system.exec |
Execute OS commands | CLI runners, shells |
mcp.ac.system.process |
List or kill processes | |
mcp.ac.network.client |
General Outgoing network access | |
mcp.ac.network.server |
Accept incoming connections | |
mcp.ac.network.bluetooth |
Use Bluetooth connections | macOS TCC-protected |
mcp.ac.peripheral.camera |
Capture images/video | macOS TCC-controlled |
mcp.ac.peripheral.microphone |
Record audio | TCC-protected |
mcp.ac.peripheral.speaker |
Play audio | |
mcp.ac.peripheral.screen.capture |
Screen capture | Requires consent (macOS: Screen Recording) |
mcp.ac.location |
Access location data | From Wi-Fi, IP, GNSS |
mcp.ac.notifications.post |
Show system notifications | macOS/Windows |
mcp.ac.clipboard.read / .write |
Read/write clipboard | Copy-paste support |
Thank you very much for your time and your efforts in making MCP more secure.