Your MCP Server Is Probably Overprivileged - Here's a Scanner For It

MCP servers expose tools to LLMs, but most configs grant tools broader permissions than they need,...

venerdì 22 maggio 2026 New tab

302 words~1 min read

MCP servers expose tools to LLMs, but most configs grant tools broader permissions than they need, ship without auth, and leak prompt-injection surface in tool descriptions. This scanner finds it before your model does.

Most MCP servers I've audited in the last few months had the same three issues:

A shell or fs tool was scoped to the entire filesystem when the use case needed exactly one directory.

The transport ran without auth because the local-dev SSE config got promoted to prod.

Tool descriptions echoed verbatim into prompts with no sanitization — a perfect injection surface.

Your MCP Server Is Probably Overprivileged - Here's a Scanner For It

Your MCP Server Is Probably Overprivileged - Here's a Scanner For It

Related reading

I Run MCP Servers. Here's What the Recent Vulnerabilities Actually Mean for Me

GitHub MCP Security Scanning: How AI Coding Agents Get an Immune System

MCP command execution flaw: what security teams need to know

Manifold Security Just Scored 7,700 MCP Servers. Here's Why That Number Should…

The security problem nobody is talking about: MCP servers

Rediscovering Domain-Driven Design, one MCP server at a time

Related reading

I Run MCP Servers. Here's What the Recent Vulnerabilities Actually Mean for Me

GitHub MCP Security Scanning: How AI Coding Agents Get an Immune System

MCP command execution flaw: what security teams need to know

Manifold Security Just Scored 7,700 MCP Servers. Here's Why That Number Should…

The security problem nobody is talking about: MCP servers

Rediscovering Domain-Driven Design, one MCP server at a time