Molecule AI Security Auditor
|
857dd941d5
|
docs(security): SAFE-MCP audit report 2026-04-17 (issue #747)
Adds docs/security/safe-mcp-audit-2026-04-17.md — full SAFE-MCP ATT&CK
audit of @molecule-ai/mcp-server against 4 high-priority techniques:
SAFE-T1102 (Supply chain):
- NEW-003 HIGH: Unpinned npm MCP packages in .mcp.json (npx -y)
- VULN-003 HIGH: No manifest signing on GitHub plugin install
- VULN-004 HIGH: Floating plugin refs, no version pinning enforced
SAFE-T1201 (Prompt injection):
- VULN-002 HIGH: GLOBAL memory poisoning — delimiter spoofing gap
(partial mitigation via #767 globalMemoryDelimiter confirmed)
- VULN-006 MEDIUM: No tool output sanitization in MCP server
SAFE-T1301 (Excessive permissions):
- NEW-002 MEDIUM: Default subprocess sandbox allows language=shell/bash
SAFE-T1401 (Secret exfiltration):
- NEW-001 MEDIUM: builtin_tools missing auth_headers() on A2A calls
- VULN-005 MEDIUM: GLOBAL memories readable by all workspaces
Confirmed fix: VULN-001 (X-Workspace-ID system-caller forge, #761) CLOSED.
Closes #747.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
2026-04-17 18:54:08 +00:00 |
|