Hermes Agents can connect MCPs, but teams should not randomly share one set of MCP configurations and keys. The risk of MCP isn't about "how many tools there are," but about the tools being connected to GitHub, databases, cloud accounts, ticketing systems, or local files. Different projects, different members, and different permission levels should be configured separately.
When can they be shared?
Read-only, low-risk, non-sensitive data tools can be shared, such as public document retrieval, format conversion, and internal permissionless status pages. As long as tools can write, delete, publish, pay, and change permissions, it is not suitable to use a single public key for all agents.
How to dismantle without making a mess
Dismantling by project is easier to maintain than dismantling by personal name. Each project retains its own MCP server, environment variables, and credential sources; when an agent enters the project, it only loads the corresponding tools. When team members leave the project, rotate project keys instead of guessing which machine they have run the Agent on.
Three questions before configuring
Can this tool alter real data? Where can I check the call records? Can a key be quickly revoked after a leak? If you can't answer all three questions, don't add them to your frequently used profile.
Many people initially see MCP as a "the more capability, the better" expansion market, but for agents, the tool is permission. A more stable strategy is to connect with read-only tools first, then add write permissions after they are fully established; First for testing projects, then for production projects; Let a single Agent try first, then consider team sharing. This setup is a bit slower, but if problems arise, it can be located, undone, and reviewed.
A simple judgment is: if the same set of MCP credentials can access the test library, production library, and customer data simultaneously, it is no longer suitable for sharing. First, separate the three categories of read, write, and publish permissions, then let the agent use them. Subsequent auditing and revocation will be much easier.
