discord

clawhub:discord

View source

76/100

First Seen

Feb 18, 2026

Last Scanned

Feb 22, 2026

Findings

Score

76/100

MEDIUM 3

Findings (3)

MEDIUM

Resource URI manipulation MCP_003

mcp-attack L70

Detects dangerous URI schemes or path traversal in resource fields

Url": "file:///

FIX

Implement strict input validation on the MCP tool's parameters. Block tool calls that attempt to modify the agent's system prompt, configuration, or tool definitions.

FP?

Likely FP if the match is a tool that legitimately updates configuration (e.g., a settings manager) and mentions prompt editing only for user-facing customization.

MEDIUM

Resource URI manipulation MCP_003

mcp-attack L87

Detects dangerous URI schemes or path traversal in resource fields

Url": "file:///

FIX

Implement strict input validation on the MCP tool's parameters. Block tool calls that attempt to modify the agent's system prompt, configuration, or tool definitions.

FP?

Likely FP if the match is a tool that legitimately updates configuration (e.g., a settings manager) and mentions prompt editing only for user-facing customization.

MEDIUM

Resource URI manipulation MCP_003

mcp-attack L164

Detects dangerous URI schemes or path traversal in resource fields

Url": "file:///

FIX

Implement strict input validation on the MCP tool's parameters. Block tool calls that attempt to modify the agent's system prompt, configuration, or tool definitions.

FP?

Likely FP if the match is a tool that legitimately updates configuration (e.g., a settings manager) and mentions prompt editing only for user-facing customization.