[ratnaditya]

The supply chain angle is the right framing — the typosquat example with mcp-servr-github is exactly the kind of thing that's hard to catch manually. One thing I've been thinking about in this space: static scanning at install time is necessary but not sufficient. A server can pass a clean scan and still behave dangerously at runtime — either because it changes its tool descriptions after installation (the MCP rug pull attack Invariant Labs documented), or because two individually safe tools create a dangerous combination when chained together. Email access alone is fine. Web browser alone is fine. Together they're a data exfiltration path that no static scanner would flag. Curious whether MCPShield has any plans to address chaining and runtime behavior, or if the focus is intentionally on the pre-deployment supply chain problem?