DEV Community: Nono “no” The latest articles on DEV Community by Nono “no” (@nono_no_b32de048c5e6022). https://dev.to/nono_no_b32de048c5e6022 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F4000085%2F0b9b0479-8c56-4b08-b6a9-ddfcb4b3d83f.jpg DEV Community: Nono “no” https://dev.to/nono_no_b32de048c5e6022 en Your AI agent can probably delete your database. I built a 60-second way to check (open source) Nono “no” Wed, 24 Jun 2026 08:16:27 +0000 https://dev.to/nono_no_b32de048c5e6022/your-ai-agent-can-probably-delete-your-database-i-built-a-60-second-way-to-check-open-source-3g4j https://dev.to/nono_no_b32de048c5e6022/your-ai-agent-can-probably-delete-your-database-i-built-a-60-second-way-to-check-open-source-3g4j <p>MCP is becoming the USB-C of AI agents — one standard to plug an agent into GitHub, Slack, Postgres, Stripe, your internal tools. Great. But here's what almost nobody checks before flipping the switch:</p> <p><strong>What is this agent actually allowed to do?</strong></p> <p>The official MCP roadmap now lists audit trails, auth hardening, and gateway patterns as open enterprise gaps. The community already says "read the code before you connect a server to a host with your credentials." But who actually does that, line by line, across a dozen tools?</p> <p>So I built <strong>MCPGuard</strong> — a small open-source CLI that reads an agent's tool config and tells you, in plain terms:</p> <ul> <li>which tools it can call, grouped by what they actually do (read / write / delete / send / payment / admin)</li> <li>a risk score per tool and overall</li> <li>exposed secrets (API keys, tokens) — shown redacted</li> <li>missing auth and implicitly-trusted tools</li> <li>a recommended allow/ask/deny policy as ready-to-use YAML</li> </ul> <p>It's a <strong>static analyzer</strong>: it reads a config, it doesn't run your agent or sit in its traffic. Nothing to break, nothing to trust with your data. Install and scan in 60 seconds:</p> <p><code>pipx install git+https://github.com/sengchanhkano-prog/mcpguard.git</code></p> <p><code>mcpguard scan my_config.json</code></p> <p>Repo (MIT): <a href="https://github.com/sengchanhkano-prog/mcpguard" rel="noopener noreferrer">https://github.com/sengchanhkano-prog/mcpguard</a></p> <p><strong>This is v1 and deliberately small.</strong> It scans configs / tool definitions today; live MCP connection (tools/list) is next on the roadmap, timed around the new spec.</p> <p>I'd genuinely like feedback from people running agents in production:</p> <ol> <li>Is permission risk something you actually worry about, or a non-issue in practice?</li> <li>Would a <em>live</em> scan (connect to a running MCP server, pull its real tools, score them) be useful to you?</li> <li>What tool would you want detection rules for first?</li> </ol> <p>Roast it, tell me it's pointless, or tell me what would make it useful. Both help.</p> ai mcp security opensource