[devashishjadhav]

This is a real problem and it's going to get worse as the MCP ecosystem grows. The supply chain trust issue is structurally identical to what npm faced in 2018-2020 and the stakes are higher because MCP servers have filesystem access by design.

The origin check approach you described is a good defensive measure, but it's ultimately opt-in and fragile. What the ecosystem actually needs is provenance signing at publish time so any client can verify that the binary they're running was signed by the same key as the original author, regardless of which marketplace or scope it came through.

Ed25519 signatures are 32 bytes and fast to verify. It's not a hard problem technically it's a coordination problem. Someone needs to establish the standard before the ecosystem gets big enough that bad actors have real incentive.