[stingraycharles]

It’s not a great blog post. He attached a shell MCP server to Claude Desktop and is surprised that output / instructions from one MCP server can cause it to interact with the shell server.

These types of vulnerabilities have been known for a long time, and the only way to deal with them is locking down the MCP server and/or manually approving requests (the default behavior)

[jcelerier]

> These types of vulnerabilities

I don't understand why it's called a vuln. It's, like, the whole point of the system to be able to do this! It's how it's marketed!

[timhh]

Yeah I also don't understand how this is unexpected. You gave Claude the ability to run arbitrary commands. It did that. It might unexpectedly run dangerous commands even if you don't connect it to malicious emails.

[antonvs]

If it allows the system to be exploited in unwanted ways, it's a vulnerability. The fact that companies are marketing a giant security vulnerability as a product doesn't really change that.

[michaelt]

A chainsaw juggler surely does not want to chop their own hand off.

But if they do, it's hardly a defect of the chainsaw.

[skeeter2020]

I get your analogy, but isn't this a defect in the juggling?

[tough]

nobody said chainsaw juggling was a smart career move

[stingraycharles]

It kind of is in the same way that Windows used to be root-only. This was a known issue. / vulnerability because those who understood the risks were generally smart enough to avoid getting exploited. The general population, however, did not understand this and the consequences of this became bigger and bigger.

With AI, there’s a whole class of people who don’t really know what they’re signing up for when installing these types of MCP servers. It may not be a vulnerability, but a solution is necessary.

[loa_in_]

People want to eat the cake and have it too.

[c-linkage]

Ted? Is that you?

[shakna]

Didn't Copilot get hit by this?

[0] https://windowsforum.com/threads/echoleak-cve-2025-32711-cri...

[simonw]

Yup, classic example of the lethal trifecta: https://simonwillison.net/2025/Jun/11/echoleak/