Show HN: MCP Security Suite https://ift.tt/f9PMCFH

Show HN: MCP Security Suite Hi HN! We kept seeing devs get pwned through MCP tools in ways that security scanners completely miss. So we built an open-source analyzer to catch these attacks. Our first OSS by Mighty team. The problem: At Defcon, we saw MCP exploits with 100% success rate against Claude and Llama. Three attack patterns: Hidden Unicode in "error messages" - Paste a colleague's error into Claude, your SSH keys get exfiltrated Trusted tool updates - That database tool you've used for months? Last week's update added credential theft Tool redefinition - Malicious tool redefines "deploy to prod" to run attacker's script Traditional scanners (CodeQL, SonarQube) catch <15% of these. They're looking for SQLi, not prompt injections hidden in tool descriptions. What we built: git clone https://github.com/NineSunsInc/mighty-security python analyzers/comprehensive_mcp_analyzer.py /path/to/your/mcp/tool Scans for prompt injection, credential exfil, suspicious updates, tool shadowing. Runtime wrapper adds <10ms overhead. Fully local, no telemetry. Why this matters: 43% of MCP tools have command injection vulns. GitHub's own MCP server was exploitable. We found Fortune 500s running database-connected MCP tools that hadn't been audited since installation. We went from paranoid code review to "AI said it works" in 18 months. The magic is real, but so are the vulnerabilities. Demo: https://www.loom.com/share/e830c56d39254a788776358c5b03fdc3 GitHub: https://github.com/NineSunsInc/mighty-security Would love feedback - what MCP security issues have you seen? https://github.com/NineSunsInc/mighty-security August 15, 2025 at 01:31AM