|
|
|
|
|
|
by mlenhard
436 days ago
|
|
|
This is pretty cool. You should also attempt to scan resources if possible. Similar to the tool injection attack Invariant Labs discovered, I achieved the same result via resource injection [1]. The three things I want solved to improve local MCP server security are file system access, version pinning, and restricted outbound network access. I've been running my MCP servers in a Docker container and mounting only the necessary files for the server itself, but this isn't foolproof. I know some others have been experimenting with WASI and Firecracker VMs. I've also been experimenting with setting up a squid proxy in my docker container to restrict outbound access for the MCP servers. All of this being said, it would be nice if there was a standard that was set up to make these things easier. [1] https://www.bernardiq.com/blog/resource-poisoning/ |
|
|