Home Explore Blog CI



docker
1st chunk of `content/manuals/ai/mcp-catalog-and-toolkit/toolkit.md`
9fe33f4a88f14d62c147d4e58964ed57e1a3010c2bfbdb020000000100000a69
---
title: MCP Toolkit
description: Use the MCP Toolkit to set up MCP servers and MCP clients.
keywords: Docker MCP Toolkit, MCP server, MCP client, AI agents
aliases:
  - /desktop/features/gordon/mcp/gordon-mcp-server/
  - /ai/gordon/mcp/gordon-mcp-server/
---

The Docker MCP Toolkit enables seamless setup, management, and execution of containerized MCP servers and their connections to AI agents. It removes the friction from tool usage by offering secure defaults, one-click setup, and support for a growing ecosystem of LLM-based clients. It is the fastest path from MCP tool discovery to local execution.

## Key features

- Cross-LLM compatibility: Instantly works with Claude Desktop, Cursor, Continue.dev, and [Gordon](/manuals/ai/gordon/_index.md).
- Integrated tool discovery: Browse and launch MCP servers from the Docker MCP Catalog directly in Docker Desktop.
- Zero manual setup: No dependency management, runtime configuration, or server setup required.
- Functions as both an MCP server aggregator and a gateway for clients to access installed MCP servers.

![Visualisation of the MCP toolkit](/Users/baehyunsol/Documents/Rust/ragit/sample/docker/./assets/images/mcp_servers.png)

## Security

The Docker MCP Toolkit combines passive and active measures to reduce attack
surfaces and ensure safe runtime behavior.

### Passive security

- Image signing and attestation: All MCP server images under `mcp/` in the [catalog](catalog.md) 
  are built by Docker and digitally
  signed to verify their source and integrity. Each image includes a Software
  Bill of Materials (SBOM) for full transparency.

### Active security

Security at runtime is enforced through resource and access limitations:

- CPU allocation: MCP tools are run in their own container. They are
  restricted to 1 CPU, limiting the impact of potential misuse of computing
  resources.

- Memory allocation: Containers for MCP tools are limited to 2 GB.

- Filesystem access: By default, MCP Servers have no access to the host filesystem.
  The user explicitly selects the servers that will be granted file mounts.

- Interception of tool requests: Requests to and from tools that contain sensitive
  information such as secrets are blocked.

## Enable Docker MCP Toolkit

1. Open the Docker Desktop settings and select **Beta features**.
2. Select **Enable Docker MCP Toolkit**.
3. Select **Apply & restart**.

>[!NOTE]
>If you have the MCP Toolkit _extension_ installed, you can uninstall it.

## Install an MCP server

To install an MCP server:

1. In Docker Desktop, select **MCP Toolkit** and select the **Catalog** tab.
   When you select a server you can see the following
Title: Docker MCP Toolkit: Setup and Security
Summary
The Docker MCP Toolkit simplifies the setup and management of containerized MCP servers and their connections to AI agents. It offers features like cross-LLM compatibility, integrated tool discovery, and zero manual setup. Security is ensured through passive measures like image signing and active measures like resource and access limitations, including CPU and memory allocation, filesystem access control, and interception of sensitive tool requests. The toolkit can be enabled in Docker Desktop settings and MCP servers can be installed from the catalog.