[raincole]

I do if their "mitigation" looks like this:

> 1 · Deploy an MCP Guard (three-command setup)

> A guardrail can help protect every tool call with a protective layer that blocks malicious or out-of-policy instructions in real time. Here is how to install the GA MCP guard which is open-source and requires no billing.

> $ pip install generalanalysis # install the guard

> $ ga login # browser-based auth

> $ ga configure

> MCP Guard protection enabled

[Tokumei-no-hito]

great point. sorry i didn't realize it was reaching out to their servers. that's no longer equivalent to an open patch.

[Tokumei-no-hito]

so if a security researcher comes up with a free open source patch which, presently, is the only available solution then they should just keep that to themselves?

it's an evolving field. if anthropic doesn't have a solution should we just not do anything?

[raincole]

What this "open source patch" does is to set up a proxy server on your machine and route your requests to their server first for moderation.

Do I really need to explain why this is a bad idea? Honestly this post should be flagged by HN as phishing attempt, if anything. (But it won't, as this company is YC-backed...)

> if anthropic doesn't have a solution should we just not do anything?

A solution to what? This article describes a theoretical scenario where a theoretical user misuses a system. If you give LLM tool some permissions, it would do things that are permitted but probably not expected by you. It's a given.

It's like asking Amazon to have a "solution" for users who posts their AWS access tokens online.

The real problem here is the very existence of Stripe MCP. It's a ridiculous idea. I'm all for raising awareness of that, but it's not an excuse to fearmonger readers into adding yet another AI tool onto their tech stack.