MCP supply chain: tool pinning and rug pull detection #4
Description
MCP ecosystem has no package signing. Rug pulls: tool description changes after approval, agent continues with cached trust. Typosquatting: fake playwright-mcp reached 17k downloads. Proposal: hash each MCP tool description at first scan (mcp-pins.json), alert on changes, audit mcp.json config files for plaintext secrets. Reference: invariantlabs.ai/blog/mcp-security-notification-tool-poisoning-attacks