Your MCP Server Is Probably Overprivileged - Here's a Scanner For It - 惯性聚合

推荐订阅源

Cybersecurity and Infrastructure Security Agency CISA

cs.CL updates on arXiv.org

Darknet – Hacking Tools, Hacker News & Cyber Security

Know Your Adversary

Kaspersky official blog

The Register - Security

News and Events Feed by Topic

Hacker News: Front Page

The Exploit Database - CXSecurity.com

Tor Project blog

Secure Thoughts

Stack Overflow Blog

Stack Overflow Blog

Recent Announcements

Threat Intelligence Blog | Flashpoint

LINUX DO - 热门话题

Apple Machine Learning Research

Application and Cybersecurity Blog

Security Archives - TechRepublic

Recent Commits to openclaw:main

Fortinet All Blogs

Y Combinator Blog

Last Week in AI

Proofpoint News Feed

Cyber Attacks, Cyber Crime and Cyber Security

Tailwind CSS Blog

cs.CV updates on arXiv.org

罗磊的独立博客

Privacy & Cybersecurity Law Blog

LINUX DO - 最新话题

MIT News - Artificial intelligence

OSCHINA 社区最新新闻

Vulnerabilities – Threatpost

Fox-IT International blog

Google Online Security Blog

博客园 - 司徒正美

CXSECURITY Database RSS Feed - CXSecurity.com

Engineering at Meta

Check Point Blog

李成银的技术随笔

DEV Community

Maatru: An agentic Telugu literacy app for kids, built with Gemma 4 Gemma 4 Is Not Just Another Open Model — It Changes What Developers Can Build Locally OpenVibe: An Open-Source AI Coding IDE That Works With Any Model I Inspected the System Program and It Looked Just Like My Wallet Hermes vs OpenClaw: The Two Most-Starred AI Agent Frameworks of 2026 Stop retraining YOLO: a developer’s guide to zero-shot object detection with generative VLMs AI, the New UI, Not the New API Sensors and Guides: Two Ways Your Harness Talks to Your Agent Fixing Google BigQuery Auth Proxying We didn't ship a feature, we shipped an agentic opt-in beta Wake-Up Call: Why AI Safety Guardrails Break Under Pressure 🧩 Handling 1,000+ Inputs with Angular Reactive Forms: An Enterprise Architecture Breakdown How to Collect Telegram Media Groups in Node.js I Ran Gemma 4 on an 8GB Laptop — Here’s What the Experience Was Actually Like Lean 4 101 for Python Programmers: A Gentle Introduction to Theorem Proving From Assistants to Agents: My Take on Google I/O 2026 Learning Progress Pt.16 From Unfinished Idea to Real Product: My BuildGenAI Comeback The Quiet Strategy I Revived a 9-Year-Old App with OpenAI Codex with a Product Engineer Mindset What Enterprise RAG Is Ready For Today and What Production Deployment Actually Requires Cursor AI Pricing 2026: Is It Worth $20/Month? The Brilliant Person in Your Pocket Why your Claude API bill is 3x what it should be (and how to fix it) Sloppification Is The New Obfuscation Why I Built My Own AI Project Management Assistant – and What I Learned 🚀How I Built an AI Data Chat Tool in My Portfolio App Using Gemma 4 Open Weight Model What should happen when a repo does not run? I built LET — a local-first habit and life-events tracker in React Native The "AI Native Builder" Role is Here (But Companies Don't Know How to Hire You) Selling Online Courses Without Platform Lockout: The Crypto Fix That Ultimately Fails Forward Settlement: how a trading agent locks tomorrow's price without a clearinghouse Stop Building Space Shuttles When All You Need Is a Bicycle My first collaboration post on DEV! Was so much fun! Check it out to see verdicts on Gemma 4 from multiple writers here! [Boost] AI made senior devs 19% slower. They swore it made them faster. I Turned My npm Package Into a Full DevOps Security Toolkit (v2.0.0) n8n for Manufacturing & Industrial: 5 Automations That Cut Downtime and Boost Production (Free Workflow JSON) Stop Using Data Loader for Backfills: A Guide to Parameterized Batch Apex Why sameSite: "lax" doesn't save your Next.js admin routes from CSRF The Edge AI Revolution: Why Gemma 4 E4B is a Game-Changer for Offline Multimodality Beyond Text Rewrites: The Shift to AST-Aware Code Refactoring for AI Agents When Networks Fail, SARA Stands Up: Offline Flood Rescue with Gemma 4 E4B Avoiding the Great Treasure Hunt Stall of 2025: What I Learned from Building a Scalable Hytale Server How we moderate a live video-chat app in real time (without going broke on AI calls) I Built a Multi-Tenant SaaS for 50+ Tenants — Here's the Complete Architecture From Hermes outputs to a UI for Garage 👋 Hello Dev Community — I’m Excited to Join! AWS Backup: Resiliencia ante Desastres y Ransomware (en español sencillo) ASP.NET Core Request & Exception Logging with a Built-In Dashboard Building Agentra, An Enterprise AI Engineering Control Plane for Secure Coding Agents Google Antigravity 1.0 to 2.0/IDE Quick Migration Guide Запуск Flux Schnell (12B) + LLM на устаревшей AMD RX 580 (8 ГБ) через Vulkan — Полное архитектурное руководство [2026] I turned my gesture calculator hobby project into a pip package — so you can detect and use hand gestures in your project in just 3 lines of Python code ISP Didn't Know What CGNAT Is Don't Make the Agent Re-Run the Test Suite to Find the Failure Assembly Code to Machine Code (ARM) Faire tourner Flux Schnell (12B) + LLMs sur une ancienne AMD RX 580 (8 Go) via Vulkan — Guide d'architecture complet [2026] Spring boot Interview Questions LambdaTest vs BrowserStack : Detail Comparison in 2026 Como eu acelerei o desenvolvimento frontend utilizando ferramentas de IA e o MCP do Figma Track YC Demo Day Companies in Real Time (with code) I Got Tired of Passing --profile on Every OCI CLI Command Running Flux Schnell (12B) + LLMs on a Legacy AMD RX 580 (8GB) via Native Vulkan — Full Architecture Guide [2026] Investigation Reports: When Monitors Get Smarter Semantic Layer Best Practices: 7 Mistakes to Avoid I Run MCP Servers. Here's What the Recent Vulnerabilities Actually Mean for Me Phive v1.1.1 — automatic port conflict handling for local VS Code environments Building a SQL-like Relational Database Engine in C++ From Scratch How a Self-Documenting Semantic Layer Reduces Data Team Toil The Adopter: Advocating for OSS You Use (But Don't Own) Optimizing Vite Build Output: A Practical Guide to Tree-Shaking I built a free audit tool that runs 12 checks in parallel against any domain. Here is the architecture. I made a free 7-video series to prep for the new GH-600 (GitHub Agentic AI Developer) cert Why One Model Is Never Enough: Routing Incident Analysis With cascadeflow Forecast Cone: A Grand Theorem for Computable Software Evolution Choosing the Right Treasure Map to Avoid Data Decay in Veltrix Migrating to Apache Iceberg: Strategies for Every Source System Stop Reviewing Every Line of AI Code - Build the Trust Stack Instead Implementation of AI in mobile applications: Comparative analysis of On-Device and On-Server approaches on Native Android and Flutter Should you use Gemma 4 for your Development? A Multiversal Analysis to Determine if Gemma 4 is Right for You! The Rising Trend of Creative Interview Questions in Tech I Spent Hours Fighting a Silent Subnet Conflict to Build an Isolated ICS Security Lab (And What It Taught Me About the Linux Kernel) It Worked When I Closed the Laptop. I Swear. We Built an Agent That Flags Fake Internships #kryx Your Personal AI Stack Is the New Dotfiles Your LLM Bill Is Exploding Because of Architecture, Not Pricing -- Here's the Fix How We Prevent Attendance Fraud Using GPS Verification AI Code Review in 2026: How the Tools Actually Differ (A Builder's Field Guide) From Problems to Patterns: Generative AI in .Net (C#) GemmaOps Edge: From 373 Alarms to 1 Root Cause Using Local AI (Gemma 4) Building an Amazon EKS Security Baseline Hands-On with Apache Iceberg Using Dremio Cloud 🤫 Firebase Is Quietly Preparing for an Offline-First AI Future Should Angular Apps Still Rely on RxJS in 2025? Gaslighting Gemma 4: Can Open-Weight Reasoning Models Withstand a Confident Liar? AI Workflow Automation Needs More Than Another Script Reviving Cineverse: From Local Storage to Firebase 🚀 Approaches to Streaming Data into Apache Iceberg Tables How to Add Rounded Corners to an Image Online

Your MCP Server Is Probably Overprivileged - Here's a Scanner For It

David McHale · 2026-05-23 · via DEV Community

MCP servers expose tools to LLMs, but most configs grant tools broader permissions than they need, ship without auth, and leak prompt-injection surface in tool descriptions. This scanner finds it before your model does.

Most MCP servers I've audited in the last few months had the same three issues:

A shell or fs tool was scoped to the entire filesystem when the use case needed exactly one directory.
The transport ran without auth because the local-dev SSE config got promoted to prod.
Tool descriptions echoed verbatim into prompts with no sanitization — a perfect injection surface.

@hailbytes/mcp-security-scanner is what I wish I'd had on day one of building MCP servers. It's a static + dynamic scanner for MCP configs and live endpoints that flags these patterns.

CLI

# Scan a local config
npx @hailbytes/mcp-security-scanner ./mcp-config.json

# Scan a live endpoint
npx @hailbytes/mcp-security-scanner https://my-mcp-server.example.com

# SARIF output + fail the build
npx @hailbytes/mcp-security-scanner ./config.json --output=sarif --exit-code

Programmatic

import { scan } from "@hailbytes/mcp-security-scanner";

const report = await scan({ configPath: "./mcp-config.json" });

if (!report.passed) {
  console.error(report.findings);
  process.exit(1);
}

What it checks

Overprivileged tools — broader permissions than the declared function needs (filesystem scope, shell access, network egress)
Missing or weak authentication — unauthenticated transports, missing token validation, plaintext secrets in config
Prompt injection surface — tool descriptions and output paths that pass through to model context without sanitization
Unsafe defaults — insecure transport defaults, verbose error exposure, CORS wildcards

The SARIF output drops straight into GitHub Code Scanning, so findings show up as alerts on PRs — same place your SAST results live.

npm install -g @hailbytes/mcp-security-scanner

Source: github.com/hailbytes/mcp-security-scanner — MIT licensed. Pairs nicely with @hailbytes/mcp-server-template if you want a scaffold that comes up secure by default.

此内容由惯性聚合(RSS阅读器)自动聚合整理，仅供阅读参考。原文来自 — 版权归原作者所有。