I understand the problem mentioned with mcp servers but this kind of attack could happen to any external dependency (like a smtp package) i guess
I understand the problem mentioned with mcp servers but this kind of attack could happen to any external dependency (like a smtp package) i guess
The difference is if you went looking for a smtp package you’d land on an established library with a track record and probably years worth of trust behind it. The Mcp stuff is so new all of that is missing, people are just using stuff that appeared yesterday. It’s the Wild West, you need to have your six shooter ready.
The "postmark-mcp" from the article seems like some random guy's package though, postmark has its own official mcp server as well: https://postmarkapp.com/lp/mcp. It's like installing ublock extension but published by a 'coder3012' account