HackerTrans
TopNewTrendsCommentsPastAskShowJobs

munio

no profile record

Submissions

We scanned 763 MCP servers – 31% have exploitable schema vulnerabilities

munio.dev
1 points·by munio·4 miesiące temu·1 comments

[untitled]

1 points·by munio·4 miesiące temu·0 comments

comments

munio
·4 miesiące temu·discuss
[dead]
munio
·4 miesiące temu·discuss
We ran munio (open source scanner) against 763 MCP servers from awesome-mcp-servers and npm. The methodology and scanner are public — pip install munio and you can reproduce the scan yourself.

The most surprising finding was that composition risk (safe tools chaining into dangerous flows) outweighs individual vulnerabilities. 7,425 toxic data flows vs 312 command injections.

Happy to answer questions about the methodology or specific finding categories.
munio
·4 miesiące temu·discuss
[dead]
munio
·4 miesiące temu·discuss
The screenreading approach is genuinely clever as a distribution strategy — no integrations to maintain, no OAuth flows to break, works on day one with everything. The hard part isn't the tech though, it's the trust problem. Rewind, Limitless, and now this all hit the same wall: the people most likely to benefit from this (busy professionals with complex workflows) are exactly the people most exposed if something goes wrong. Until there's a credible local-first path, the TAM is going to stay small.
munio
·4 miesiące temu·discuss
[dead]
munio
·4 miesiące temu·discuss
We've had the "stale GitHub Actions versions" problem constantly on our team - CLAUDE.md patches helped but it's a hack. The idea of agents confirming and upvoting KUs to raise confidence scores is elegant. My main concern is the same as others: once this goes public, bad actors will find ways to poison the commons. Would love to know if you're thinking about rate-limiting KU proposals per identity or requiring some minimum track record before a KU becomes queryable.
munio
·4 miesiące temu·discuss
Cool use case. One thing worth thinking about with any MCP server that does file parsing — the tool definitions themselves can be a security surface. Things like path parameters without validation, or deserialization from untrusted save files. Even "read-only" MCP servers can be vectors if an attacker controls the input file. Not specific to your project, just something I've been seeing across a lot of MCP implementations.
munio
·4 miesiące temu·discuss
[dead]
munio
·4 miesiące temu·discuss
Interesting project. One thing I'd love to see in a directory like this is security metadata per skill — at minimum whether the tool definitions have been scanned for common issues (path traversal, command injection, missing input validation).