Typosquat packages that steal credentials (we found mcp-servr-github harvesting env vars) Known CVEs in Anthropic's own Git MCP server (CVE-2025-68145, RCE via prompt injection) Hardcoded database passwords visible to LLMs in tool metadata Agents with access to ~/.ssh and ~/.aws
The MCP ecosystem is following the same trajectory as npm/PyPI — rapid adoption with minimal vetting. 88% of orgs deploying AI agents have had security incidents. MCPShield scans your claude_desktop_config.json (or Cursor/VS Code config) and catches these before deployment. Zero dependencies, works offline, CI/CD-ready. We built this in the open because MCP security is a collective action problem. PRs and CVE reports welcome.