[miguelspizza]

I see your point. The MCP-B zero config nature from a user perspective is simultaneous it's biggest strength and weakness. You can think of it kind of like putting your Social Security number into a website. You are putting a bunch of trust that they are going to protect it properly.

With MCP-B you are putting trust in both the model and the website owner. It opens up the user to risk for sure, but it's up to them to determine if the upside is worth it.

[tehryanx]

I appreciate your responses here. The thing that still really stands out to me as a completely novel risk in this framework is that the extension is automatically seeking out and attaching to these servers as soon as a page gets loaded.

This seems really bad to me. There are so many ways for a website to end up in one of my browser tabs without me wanting it there, or even knowing it's there.

If that happens, and that tab just so happens to be a malicious MCP-B enabled page, it could steal all kinds of data from all kinds of different web apps I'm interacting with. I think it should be seen as the responsibility of the framework to enforce some level of data isolation, or at the least opt-in consent mechanisms.

[miguelspizza]

Yea this is a really good idea, Maybe like a popup that say "hey x website has an MCP, do you trust it to connect?"

I guess there would also need to be a way to "audit" a websites full tool list at connection time and throw some sort of warning if tools show up that are not part of this list during use.

Interesting problems for sure. I really appreciate you taking to time to think them through. I'll call these out in the issues section of the repo

[miguelspizza]

Added a summary of what has been brought up here to the repo wiki. Let me know if I missed anything

https://github.com/MiguelsPizza/WebMCP/wiki/Known-Security-I...