mcp-config-poisoning
OfficialAssess MCP config poisoning risk in AI IDEs.
Software Engineering#vulnerability#mcp#ide#poisoning#security-testing#prompt-injection#workspace-config
AuthorMindgard
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Identifies and assesses MCP configuration poisoning vulnerabilities in AI IDEs, focusing on workspace-level MCP server definitions that could be loaded or trusted without explicit user consent.
Core Features & Use Cases
- Assess auto-load behavior of MCP configurations from workspace settings.
- Evaluate approval models, prompt injection risks, and TOCTOU scenarios across multiple IDEs.
- Build attack-chains from validated primitives to understand risk and remediation steps.
Quick Start
Identify the target IDE's MCP config path and verify whether untrusted workspaces auto-load definitions.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: mcp-config-poisoning Download link: https://github.com/Mindgard/ai-ide-skills/archive/main.zip#mcp-config-poisoning Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.