undefined | Better HN

0 pointsjoshwarwick1511mo ago0 comments

Most of these are not a real concern with remote servers with Oauth. If you install the PayPal MCP MCP server from im-deffo-not-hacking-you.com than https://mcp.paypal.com/sse its the same sec model as anything else online...

The article also reeks of LLM ironically

0 comments

tuananh11mo ago

it still is. if user has 1 bad tool, it's done!

https://invariantlabs.ai/blog/mcp-security-notification-tool...

joshwarwick15OP11mo ago

Its the same security model as NPM/left pad yep, but consumers still use electron apps? It's a novel attack method, but its not a novel attack surface

j / k navigate · click thread line to collapse