Show HN: MCP Security Suite
I found this file full of regular expressions: https://github.com/NineSunsInc/mighty-security/blob/28666b36...
And this with prompts: https://github.com/NineSunsInc/mighty-security/blob/89e4b319...
Are you running any other tests that I missed?
I work in this space and I was not able to understand how this project works in a couple minutes. The README feels LLM-generated. I think you're supposed to point this at your MCP server's code and not the server itself, is that right?
Helped to build this out a little bit. Was really cool to get to play with Cerberus for the first time as well.
I'm really interested in learning more about how devs integrate MCP security into their routine code evals.
I think there's a big opportunity as a space to get tools like this into CI/CD pipelines and workflows.
Happy to answer any questions and happy to hear any feedback!
Thanks for checking it out :)
this is super interesting! MCP is really exciting in terms of what it can unlock for agent use cases, but still the wild west in terms of security. I was on a panel discussion yesterday where this topic came up, basically how do you trust the use of AI tools when so much is still unknown. I think the the idea of using something open source and tool agnostic is appealing, the landscape is evolving so fast that horizontal solutions like this feel valuable. Although I wish clients, anthropic, cursor, etc would build more protections in too so that we didn't have to spend so much time thinking about this. but they've barely implemented remote mcp support so I think we have a ways to go.
Looks like Ramparts which solves these issues and is written in fast RUST instead of python. https://github.com/getjavelin/ramparts
Hey, I've submitted you to two PRs, one to use a supported Python version, another to correct the links in your README and QUICKSTART docs.
This is definitely valuable. I started paying attention to MCP security vulnerabilities largely because of Defcon. I believe that they largely focused on Agentic Security as a theme this time around.
It's a bit mind blowing how we've simply accepted non-technical people within orgs in particular executing code to "automate their tasks" without the same level of rigor that normal code reviews go through. Definitely think that this is a cultural issue that we must fix.
And these MCP vulnerabilities in particular seem much scarier because almost all MCP tools require an insane amount of permissions.
I think MCP security scanning tools sometimes slightly miss the point when they're marking content that MCP tools could return containing things like 'curl, rm, sh' etc... with blanket high risk ratings.
If we swap "agent" out for "developer" here and think about it:
If a developer saves (or runs) content with a curl / POST / rm command - is that a signal they're doing something dangerous? No.
Likely what actually matters starts along the lines of:
- Did they intend / realise they were running the command?
Was it really them that ran it?
Was it hidden in a larger script they ran without inspecting / scanning first?
Was it made visually clear that they were running it? (e.g. not in the background)
- What is in the arguments of the "dangerous" command?
Does the POST contain known files that contain secrets?
Does it contain high entropy strings?
.... base64 encoded data?
- What is the destination?
Localhost? Internal network? Russia?
- etc
> Would love feedback - what MCP security issues have you seen?
For me the number one problem with MCP security is the lethal trifecta - the fact that it's so easy to combine MCPs from different vendors (or even from the same vectors) that provide exposure to potentially untrusted/malicious instructions in a way that can then trigger exfiltration of private data.
https://simonwillison.net/2025/Jun/16/the-lethal-trifecta/
https://simonwillison.net/2025/Aug/9/bay-area-ai/
I don't know how we can solve this with more technology - it seems to me to be baked into the very concept of how MCP works.