molecule-core

molecule-ai/molecule-core

Fork 2

Commit Graph

Author	SHA1	Message	Date
Molecule AI Documentation Specialist	86c81c4056	docs(security): SAFE-MCP internal advisory 2026-04-17 (distilled from PR #808 audit) Adds a concise action advisory for engineering leads summarising the 9 open findings from the full SAFE-MCP audit, with immediate remediation steps for NEW-003 (unpinned npm packages in .mcp.json — HIGH), a Phase 35 scoping recommendation for plugin supply-chain hardening (VULN-003, VULN-004), and medium-term GLOBAL memory scope controls (VULN-002, VULN-005). Pairs with: monorepo PR #808, docs PR #18 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-17 23:39:00 +00:00
Molecule AI Security Auditor	3ca778f160	docs(security): SAFE-MCP audit report 2026-04-17 (issue #747 ) Adds docs/security/safe-mcp-audit-2026-04-17.md — full SAFE-MCP ATT&CK audit of @molecule-ai/mcp-server against 4 high-priority techniques: SAFE-T1102 (Supply chain): - NEW-003 HIGH: Unpinned npm MCP packages in .mcp.json (npx -y) - VULN-003 HIGH: No manifest signing on GitHub plugin install - VULN-004 HIGH: Floating plugin refs, no version pinning enforced SAFE-T1201 (Prompt injection): - VULN-002 HIGH: GLOBAL memory poisoning — delimiter spoofing gap (partial mitigation via #767 globalMemoryDelimiter confirmed) - VULN-006 MEDIUM: No tool output sanitization in MCP server SAFE-T1301 (Excessive permissions): - NEW-002 MEDIUM: Default subprocess sandbox allows language=shell/bash SAFE-T1401 (Secret exfiltration): - NEW-001 MEDIUM: builtin_tools missing auth_headers() on A2A calls - VULN-005 MEDIUM: GLOBAL memories readable by all workspaces Confirmed fix: VULN-001 (X-Workspace-ID system-caller forge, #761) CLOSED. Closes #747. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-04-17 18:54:08 +00:00
molecule-ai[bot]	4f7c458775	docs(security): add SAFE-MCP audit for issue #747	2026-04-17 15:59:40 +00:00

Author

SHA1

Message

Date

Molecule AI Documentation Specialist

86c81c4056

docs(security): SAFE-MCP internal advisory 2026-04-17 (distilled from PR #808 audit)

Adds a concise action advisory for engineering leads summarising the 9 open
findings from the full SAFE-MCP audit, with immediate remediation steps for
NEW-003 (unpinned npm packages in .mcp.json — HIGH), a Phase 35 scoping
recommendation for plugin supply-chain hardening (VULN-003, VULN-004), and
medium-term GLOBAL memory scope controls (VULN-002, VULN-005).

Pairs with: monorepo PR #808, docs PR #18

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-17 23:39:00 +00:00

Molecule AI Security Auditor

3ca778f160

docs(security): SAFE-MCP audit report 2026-04-17 (issue #747 )

Adds docs/security/safe-mcp-audit-2026-04-17.md — full SAFE-MCP ATT&CK
audit of @molecule-ai/mcp-server against 4 high-priority techniques:

SAFE-T1102 (Supply chain):
  - NEW-003 HIGH: Unpinned npm MCP packages in .mcp.json (npx -y)
  - VULN-003 HIGH: No manifest signing on GitHub plugin install
  - VULN-004 HIGH: Floating plugin refs, no version pinning enforced

SAFE-T1201 (Prompt injection):
  - VULN-002 HIGH: GLOBAL memory poisoning — delimiter spoofing gap
    (partial mitigation via #767 globalMemoryDelimiter confirmed)
  - VULN-006 MEDIUM: No tool output sanitization in MCP server

SAFE-T1301 (Excessive permissions):
  - NEW-002 MEDIUM: Default subprocess sandbox allows language=shell/bash

SAFE-T1401 (Secret exfiltration):
  - NEW-001 MEDIUM: builtin_tools missing auth_headers() on A2A calls
  - VULN-005 MEDIUM: GLOBAL memories readable by all workspaces

Confirmed fix: VULN-001 (X-Workspace-ID system-caller forge, #761) CLOSED.

Closes #747.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-17 18:54:08 +00:00

molecule-ai[bot]

4f7c458775

docs(security): add SAFE-MCP audit for issue #747

2026-04-17 15:59:40 +00:00

3 Commits