Claude Desktop extension submission follow-ups

[joan-anthropic]

Hello from Anthropic! Thanks for submitting this to our desktop extension registry; we're excited about your submission. We have a few follow-up requests.

Welcome feedback to understand which of these is feasible / acceptable within the desired functionality of this extension.

Must Fix

• Add destructive operation annotations to all modifying tools
• Provide clear privacy policy explaining data collection
  • Because you collect usage data that you transmit to GA, we ought to provide some a privacy policy (at minimum) and opt-out (ideally) - we've updated the spec to include a privacy_policies field

Nice-to-haves:

• command allowlisting (vs. blocklisting)
• Add mandatory sandboxing for file system access (file operations must happen within a defined workspace directory)
• explicitly block access to:
  • system directories (e.g. /etc, /sys, /proc, /dev)
  • user sensitive files (~/.ssh, ~/.aws, ~/.config)
  • block reading binary executables
• read-only mode - option to start server with no write permissions
• Remove or heavily restrict process killing capabilities
  • consider: only allow killing processes started by the MCP server itself

[wonderwhy-er]

Hi @joan-anthropic, thanks for reaching out!
We will review and take required actions for this to proceed.

Few questions in meantime.

1. After changes are made we continue with process in this issue or should we submit DXT again in the form?
2. Some of these changes potentially change how MCP works for existing users that do use it in different ways(devops work, interacting with processes that were not started etc). In that sense, can DXT version be shipped with defaults you propose while keeping not DXT version defaults as they are not for existing users?

[joan-anthropic]

Hi @wonderwhy-er:

1. re-submitting via the original form should work well, if you could just follow-up in this issue to let me know when that happens that'd be great.
2. that should be fine; ideally the MCPB (fka DXT) reflects the contents of the public repository but you could consider: a) forking this repo for the MCPB-specific use-case or b) modifying the contents of that locally MCPB only to improve its security posture and bundling as a MCPB

[joan-anthropic]

@wonderwhy-er, a good first step here would be to address the "must fix" items which will unblock inclusion in our directory. We can follow-up with "nice-to-haves" in a subsequent version. Thanks!

[wonderwhy-er]

@wonderwhy-er, a good first step here would be to address the "must fix" items which will unblock inclusion in our directory. We can follow-up with "nice-to-haves" in a subsequent version. Thanks!

I have a PR here where I added annotations + manifest templates and mcpb bundling script
#246

One of manifests contains privacy policy link(is that what you meant?) but its not supported by Claude today as far as I can say.
Here is screenshot of what Claude says if there is privacy policy in the manifest

Here I also added mcpb with such manifest inside https://drive.google.com/file/d/1lILbTiGv7r0uoaU_Q7nmLp0J-s76fI88/view?usp=sharing

[wonderwhy-er]

@joan-anthropic
And here is one build without privacy policy being part of manifest
https://drive.google.com/file/d/1hOjBOWpKPFV8MGhxSvqpo_AWN3qyV-h5/view?usp=sharing

For it I do have a question. It works fine if external node is used. But fails if build in node is used.
I am still investigating but it looks like it fails to start

Though, now its weird, I run it with external node, then switched to internal, and now it seems to work with internal node.
Logs before it started working with internal looked like this:

2025-09-21T13:29:08.073Z [Desktop Commander] [info] Initializing server... { metadata: undefined }
2025-09-21T13:29:08.090Z [Desktop Commander] [info] Using built-in Node.js for MCP server: Desktop Commander { metadata: undefined }
2025-09-21T13:29:08.114Z [Desktop Commander] [info] Server started and connected successfully { metadata: undefined }
2025-09-21T13:29:08.115Z [Desktop Commander] [info] Message from client: {"method":"initialize","params":{"protocolVersion":"2025-06-18","capabilities":{},"clientInfo":{"name":"claude-ai","version":"0.1.0"}},"jsonrpc":"2.0","id":0} { metadata: undefined }
2025-09-21T13:29:08.337Z [Desktop Commander] [info] Client transport closed { metadata: undefined }
2025-09-21T13:29:08.337Z [Desktop Commander] [info] Server transport closed unexpectedly, this is likely due to the process exiting early. If you are developing this MCP server you can add output to stderr (i.e. `console.error('...')` in JavaScript, `print('...', file=sys.stderr)` in python) and it will appear in this log. { metadata: undefined }

[joan-anthropic]

its not supported by Claude today as far as I can say.

This issue should have been resolved with our most recent desktop app update!

[wonderwhy-er]

its not supported by Claude today as far as I can say.

This issue should have been resolved with our most recent desktop app update!

great, will take a look today

[wonderwhy-er]

Yes, works today, here is how it looks now + works

Do not encounter error with internal node anymore too.
Merging changes in to main branch soon + submitting mcpb trough the form

[wonderwhy-er]

hmm, actually submitting results in

Is there anything I can do about it?
I can share mcpb here for now
https://drive.google.com/file/d/1KWJfn3N9Tkr_AkKpjI9qrHa8QWocJnA1/view?usp=sharing

[wonderwhy-er]

Looks like we were published with not latest version and its not working -_-
What can we do to get this new version in?

[wonderwhy-er]

@joan-anthropic
We just released version 0.2.16
Improved texts and manifest bit more with it
https://drive.google.com/file/d/1AFTLfcvs2iqRLfgNycYUkg5tCz0vNoRC/view?usp=sharing

Submission trough https://docs.google.com/forms/d/14_Dmcig4z8NeRMB_e7TOyrKzuZ88-BLYdLvS6LPhiZU/edit
from https://www.anthropic.com/engineering/desktop-extensions
Still results in error I shared above.