Hacker NewsMost developers running MCP servers locally or in CI have no idea what's in
their config files. Hardcoded API keys, missing auth, tools with wildcard
permissions — it's the early days of Docker Hub all over again.
MCPSec scans MCP server configs (Claude Desktop, Cursor, VS Code, DXT extensions) for the OWASP MCP Top 10 risks. Written in Go, outputs OCSF JSON, has a pluggable YAML rules engine for community detections.
loading...