First Seen
Feb 18, 2026
Last Scanned
Feb 20, 2026
Findings
4
Score
85/100
Findings (4)
Detects automatic registration of MCP servers into agent configuration
claude mcp
add
Pin the curl/wget download to a specific URL with version and verify the downloaded file's SHA-256 checksum before using it. Prefer package manager installs over raw downloads.
Likely FP if the download is from a well-known canonical source (e.g., official GitHub release) and the documentation includes checksum verification steps.
Detects MCP server configs using npx to run packages without version pinning
claude mcp
add
exa -- npx
Pin the npx package in the MCP config to an exact version (e.g., @scope/server@1.2.3). Unpinned npx commands can silently fetch a compromised package version.
Likely FP if the MCP config is a local development setup example, though unpinned npx in production configs is a real supply chain risk.
Detects npx with -y flag that bypasses user confirmation for package installation
npx
-y
Replace npx -y with an explicit npm install step that pins the package to a specific version, then run it. Remove the -y flag to require user confirmation.
Likely FP if the npx command runs a well-known, trusted tool (e.g., create-react-app) in documentation context with no version pinning concern.
Detects MCP server configurations connecting to non-localhost remote URLs
"url"
:
"https://mcp.exa.ai/mcp"Change the MCP server URL to localhost or a trusted internal endpoint. If a remote server is required, verify the domain ownership and use HTTPS with certificate validation.
Likely FP if the URL points to example.com, a documentation domain, or a well-known SaaS API endpoint (e.g., api.openai.com).