Intro
Hello! I'm a Ninja Web Developer. Hi-Yah!🥷
These days, I am trying several MCP.
🧠🥷How to use MCP in Cline and Cursor
🧠🥷How to use MCP in Cline and Cursor 2 (use under Proxy)
🧠🥷How to use MCP in Cline and Cursor 3 (use under Proxy 2)
🧠🥷How to make MCP (Cline and Cursor)
🧠🤖AI coding agent 1 (Cline + Cursor)
🧠🥷How to make cool Ninja (Blender MCP (Cline and Cursor))
🧠🥷How to make cool Ninja game (Unity MCP + Blender MCP (Cline and Cursor))
I read this article, and got scared of MCP security.😨
https://invariantlabs.ai/blog/mcp-security-notification-tool-poisoning-attacks
It said MCP has the critical vulnerability of Tool Poisoning Attacks.💀
So, I would like to write about MCP Security this time.🛡️
What is Tool Poisoning Attacks? 💀
A Tool Poisoning Attack happens when malicious instructions are hidden in MCP tool descriptions.
Users cannot see these instructions, but AI models can see them.
These hidden instructions can control AI models and send your secret data without knowing.
Well, how can we use MCP server safe?
Choose a safe MCP Server 🛡️
First of all, we need to choose a safe MCP Server.
Let's look at MCP official server repository.↓
https://github.com/modelcontextprotocol/servers
On the site there are 3 types of servers, Reference Servers, Official Integrations, and Community Servers.
I think official References Servers are reliable.
Also, I think Offical Integrations are also reliable, because it it maintained by companies that build the product.
But, when it comes to Community Servers, note in the repository says that
Note: Community servers are untested and should be used at your own risk.
They are not affiliated with or endorsed by Anthropic.
It looks like we need to be careful when using them.
Then, how can we check the safety of MCP server by ourselves?
Check MCP Server safety 🛡️
One way to check MCP server safety is to scan the codes by AI.
What AI can check
1️⃣ Find suspicious package and URL
AI can check import or pip install in the code, and detect suspicious names (typosquatting) and known malicious packages.
2️⃣ Find suspicious behavior such as:
- Send data outside.
- Run system commands. (
os.system(),subprocess, etc.) - Use functions that have security risks. (
eval(),exec())
3️⃣ Detect known attack patterns
What AI cannot check and waek points
1️⃣ New attack that AI doesn't know such as zero-days attack
2️⃣ behavior outside the code.
It is difficult to detect cases when the external API returns malicious data when running.
3️⃣ Codes are made difficult to read by the attacker
How to check safer 🛡️
It will be safe if we can check before downloading the code.
However, I couldn't find a good way to do it.
Most attacks are triggered when executing the code.
So, it will be safe to download the codes and check them before running.
But, there are attacks that automatically occur when installing to local.
One way to prevent these attacks is to check the code in a sandbox environment such as Docker.
Check it in Docker wish disconnecting from the network using --network none.
Sorry, but I run out of time today, I might write how to check the codes in Docker next time.
Please let me know, if there are better ways.
Outro
MCP is so convenient, and I think it will become popular even more.
Security is one of the most important priorities for all.
We need to find a way and system to use MCP safe.🛡️
I would be happy if you learn something from this post.
Thank you for reading.
Happy AI coding!🤖 Hi-Yah!🥷
Update (2025/04/12):Wrote about Vroid
🧠🥷How to make AI controled Avatar 1 (VRoid)
Update (2025/04/19):Wrote about Vroid MCP
🧠🥷How to make AI controled Avatar 2 (Vroid MCP + Cline and Cursor + Unity)
Top comments (1)
Would love to hear your opinion on services trying to enable better MCP security such as gatewayMCP.com
Some comments have been hidden by the post's author - find out more