|
|
|
|
|
|
by rvz
434 days ago
|
|
|
Another bad standard designed by those who don't consider security as important. Which is why we have this excellent article. Essentially it's somehow fashionable to have remote-code-execution as a service by dumb agents executing anything they see when they use the MCP. Once one of those exploits are executed, your keys, secrets and personal configs are as good as donated to someone else's server and also sent back to the LLM provider. This shows that we can also see how dangerous widely used commands like curl | bash can be, despite the warnings and security risks. The specification might as well have been vibe-coded. |
|
|