The MCP Security
Playbook
for AI Agencies
I'm Ken. I build AI agents that don't get hacked. Download the 47-point checklist I use on every client deployment — the same audit that catches the vulnerabilities most agencies ship straight to production.
Get the Checklist
Drop your email. I'll send the PDF plus occasional build notes from agencies I'm helping. Unsubscribe anytime.
47 checks. Zero theory.
Every item on the list is something I've seen go wrong on a real deployment. Each check tells you what to verify, why it matters, and how to fix it if it fails. Here's a taste:
Authentication & API key management — the mistakes 80% of builders make
Prompt injection defenses that actually hold up in production
Rate limiting strategies beyond the obvious token bucket
VPS hardening checklist — SSH, firewall, dependency isolation
Secret management without exposing keys in logs or error traces
Input validation patterns specific to MCP tool calls
Logging and audit trails that help during incident response
Dependency vulnerability scanning as a continuous process
...plus 39 more, including the three that have caught critical issues on every agency engagement I've run.
Three ways to work with me.
If you'd rather skip the DIY and have me install it properly, here's what I currently build on Fiverr. All installations include a 30-day support window.
Custom GoHighLevel MCP Server
Connect Claude AI to your entire GHL agency. Custom MCP server build with secure sub-account integration and full agency deployment.
Security Audit + OpenClaw Hardening
MCP hardening and VPS lockdown. Protect your AI agent against prompt injection, credential exposure, and ClawHavoc-class threats.
Custom OpenClaw Agent Personality
SOUL.md configuration bundle. Give your OpenClaw AI agent a distinctive voice, personality, and behavioral framework built for your brand.
Need something custom? Larger builds, retainers, white-label agency work, or enterprise engagements go through direct contract. Download the checklist first — the same email thread is the fastest way to start that conversation.
Builder. Not a guru.
I'm Ken Carpenter. I run H9K Systems, a one-person shop building security-first AI agents and MCP servers for marketing agencies.
Most people building in this space optimize for demos. I optimize for the 3am incident that doesn't happen because the authentication was done right. That's a boring selling point — until the day you need it.
I also build in public. You'll see me on LinkedIn and YouTube shipping the same tools I install for clients, narrating the bugs I hit along the way. If you're evaluating whether to hire me, watching me work is the most honest sales demo I can give you.