The MCP Supply Chain Problem: What Happens When You Install a Malicious Server

MCP (Model Context Protocol) servers are the new plugin system for AI-native development. You find one on npm that promises filesystem access, shell commands, or API integrations, you run npm install , wire it into your Claude Code config, and suddenly your AI assistant has superpowers. The problem: so does the package you just installed. What MCP Servers Can Actually Access Before we talk about attack vectors, let's be precise about what an MCP server is. When Claude Code connects to an MCP server, that server runs as a local process on your machine. It exposes "tools" — callable functions the AI can invoke during a session. The server's capabilities are bounded only by what Node.js (or Python, or Go) can do with your OS permissions. In practice, that means: Filesystem access. An MCP server can read, write, and delete files anywhere your user account can touch. Your ~/.ssh/id_rsa . Your .env files. Your browser's SQLite cookie store. Everything. Shell execution. Many legitimate MCP se

The MCP Supply Chain Problem: What Happens When You Install a Malicious Server

Related Articles

Replace Doom Scrolling With Intentional Reading

Web Color "Wheel" Chart

Im looking for indie apps and tools built by solo developers, their stories and perspectives for a newsletter I’m starting. If you know a solo maker or use an overlooked gem built by one please let me know! 🙏

Building a DIY OpenClaw

go-typedpipe: A Typed, Context-Aware Pipe for Go

Related Articles

How-To
Replace Doom Scrolling With Intentional Reading
Dev.to • 22m ago

How-To
Web Color "Wheel" Chart
Dev.to • 4h ago

How-To
Im looking for indie apps and tools built by solo developers, their stories and perspectives for a newsletter I’m starting. If you know a solo maker or use an overlooked gem built by one please let me know! 🙏
Dev.to • 16h ago

How-To
Building a DIY OpenClaw
Lobsters • 18h ago

How-To
go-typedpipe: A Typed, Context-Aware Pipe for Go
Dev.to • 1d ago