6. Over-permissive Marketplace Installations

6. Over-permissive Marketplace Installations

Attack: An organization installs an MCP Server from a public registry without validating its scope or capabilities.

Impact: Server has permission to call outbound APIs, access local file system, or leak data to attacker domains.

Mitigation:

  • Only install verified packages (e.g., signed, reviewed)
  • Run servers in isolated containers with strict runtime permissions
  • Use runtime permission manifest (similar to Android apps)
ON THIS PAGE