Secure any MCP server your app exposes or consumes - shippingszn launch readiness
MCP is how AI agents connect to tools and data. If your app exposes an MCP server, it's an API that can drive real actions — and many ship with no authentication. If your app consumes third-party MCP tools, a malicious or hijacked tool can turn your agent against you.
This surface barely existed a year ago and is now actively attacked. 2026 audits found a large share of remote MCP servers expose tools with no auth and handle credentials in plaintext; a trusted MCP email package turned malicious in a routine version bump and silently BCC'd every message to an attacker; and 'tool poisoning' — hidden instructions in a tool's description — succeeded against agents at high rates. If you expose or consume MCP, it needs the same care as a payment integration.
Owner verification required: MCP auth, token-audience validation, and tool-poisoning exposure depend on runtime configuration and the third-party tools you connect — the scanner can't authenticate to your MCP endpoints or judge whether a tool description is malicious.
The Launch Fix Kit keeps scan-specific findings, file and line evidence, AI-builder punch-list tasks, and verification steps tied to the paid report.
- List every MCP server your app exposes and every third-party MCP server or tool it consumes.
- For servers you expose: require OAuth 2.1 + PKCE, validate the token audience, and never leave an MCP endpoint unauthenticated.
- Validate and allow-list every tool input; block tool calls that fetch private/internal IPs (SSRF).
- Gate sensitive or irreversible tools behind an explicit human-confirmation step.
- For tools you consume: pin exact versions, review the diff on every update, and treat every third-party tool description as untrusted input.
Run the scanner | Unlock Launch Fix Kit
Canonical URL: https://shippingszn.com/i/mcp-security/