MCPConfigCheck: Check Your MCP Server Config for Known Supply Chain Risks

#ai #security #mcp #devtools

Your MCP config might be one unpinned version away from a supply chain attack.

If you're running MCP servers in Claude Desktop, Claude Code, Cursor, or VS Code, that config file is now part of your attack surface, and most developers never check it against anything.

The pattern behind recent incidents

The MCPoison and ContextCrush incidents both followed the same playbook:

A config gets approved once, looking completely benign
It's silently updated to a malicious version later
Or a tampered server feeds attacker-controlled instructions directly into the AI agent's context

Because MCP servers have direct access to your AI agent's working memory and can invoke tools on your behalf, a compromised server can exfiltrate credentials or execute commands with no visible indication anything is wrong.

What MCPConfigCheck does

Paste your mcp.json or claude_desktop_config.json and it instantly checks for:

Known incident matches: cross-referenced against a maintained catalog of disclosed MCP supply chain incidents
Unpinned versions: @latest or no version pin, which can silently resolve to a compromised release
Overly broad filesystem access: root (/) or home directory (~) access that exposes SSH keys, .env files, and credentials
Unverified npm scopes: packages outside known publisher scopes, more exposed to typosquatting
Hardcoded secrets: API keys or tokens sitting in plain text in your config
Unexpected command runners: anything outside the standard npx, node, python, uvx, docker set

Each server gets a Critical, Warning, or Clean rating with a plain-English explanation and a fix.

Why it's safe to paste your actual config

Everything runs 100% client-side. The JSON is parsed locally in your browser, the threat catalog is a static bundled dataset, and no network requests are made. Nothing leaves your browser, and if your config has secrets in env vars, they're masked in the output.

No install, no signup, no server.