I noticed the growing security concerns around MCP (https://news.ycombinator.com/item?id=43600192) and built an open source tool that can detect several patterns of tool poisoning attacks, exfiltration channels and cross-origin manipulations.
MCP-Shield scans your installed servers (Cursor, Claude Desktop, etc.) and shows what each tool is trying to do at the instruction level, beyond just the API surface. It catches hidden instructions that try to read sensitive files, shadow other tools' behavior, or exfiltrate data.
Example of what it detects:
- Hidden instructions attempting to access ~/.ssh/id_rsa
- Cross-origin manipulations between server that can redirect WhatsApp messages
- Tool shadowing that overrides behavior of other MCP tools
- Potential exfiltration channels through optional parameters
I've included clear examples of detection outputs in the README and multiple example vulnerabilities in the repo so you can see the kinds of things it catches.
This is an early version, but I'd appreciate feedback from the community, especially around detection patterns and false positives.
Comments URL: https://news.ycombinator.com/item?id=43689178
Points: 49
# Comments: 12
Jelentkezéshez jelentkezzen be
EGYÉB POSTS Ebben a csoportban
Article URL: https://martypc.blogspot.com/2025/05/emulator-debugging-area-5150s-lake.html
Comments
Article URL: https://naeemnur.com/side-projects/
Comments URL: https://news.ycombin
I built a CLI tool called `sshsync` to run shell commands and transfer files across multiple servers over SSH concurrently.
It was inspired by tools like `pssh`, but I wanted something more mode
goboscript is a text-based programming language which compiles to Scratch. It allows you to write Scratch projects in text, and compile it into a .sb3 file - which can be opened in the Scratch edi
