What can external hosts see?
2 min
Only what you opt in to. Off-by-default for every item; loopback-only; bearer-gated.
The outbound MCP server never sends data to Avery's central service. Traffic flows directly between the external host and your local Avery. Three layers of protection: (1) loopback-only — the listener binds 127.0.0.1, so a remote attacker needs an explicit tunnel you set up. (2) Bearer-gated — every request validates the token; missing or wrong token returns 401. (3) Per-item allow-list — Avery serves only the capabilities, agents, and resource families you opted in to via Settings; everything else is invisible (not even advertised in tools/list) and refused at runtime. The audit log on the Settings page shows every call (verb / tool / peer IP / outcome) so you can spot anomalies.
Live recipes need the desktop
This article is a static preview. The in-app Help sidecar inside Avery NXR can fire each step against your live project — install the desktop to use it interactively.