MCP Tool Descriptions Leak SSH Keys

// 57d agoSECURITY INCIDENT

MCP Tool Descriptions Leak SSH Keys

Security researchers showed that malicious MCP tool metadata can hide instructions that make agents read sensitive local files, including SSH keys, and exfiltrate them through otherwise normal tool calls. The attack expands beyond top-level descriptions to nested schema fields and mid-session tool definition changes.

// ANALYSIS

MCP’s trust model is too loose: it treats remote tool JSON as documentation, while the model treats it as instructions. That gap is enough to turn a harmless-looking server into a credential-stealing channel.

–Tool descriptions are part of the model context, so hidden instructions can steer behavior without any explicit user prompt injection
–The attack is broader than one field: parameter names, nested schema text, and dynamic `tools/list` updates all widen the blast radius
–A one-time approval dialog is not enough if tool definitions can mutate later without re-consent
–Defenses need to move below the model layer: schema scanning, hash pinning, drift detection, and network-side monitoring
–This is a reminder that MCP turns “developer convenience” into “attack surface” unless servers are treated as untrusted by default

// TAGS

mcpagentautomationapisafety

DISCOVERED

57d ago

2026-04-17

PUBLISHED

57d ago

2026-04-16

RELEVANCE

8/ 10

AUTHOR

Still_Piglet9217

// KEEP READING

More AI developer news from the feed

EXPLORE FULL FEED

OPEN SOURCE56m ago

Qdrant is a production-ready, open-source vector search engine and database built in Rust for high-performance similarity search.

Qdrant is an open-source, high-performance vector search engine and database written in Rust. It is designed to store, manage, and search high-dimensional vectors with extended filtering support, making it well-suited for AI, machine learning, recommendation systems, and Retrieval-Augmented Generation (RAG) applications. Qdrant features a RESTful API and offers official client libraries for multiple programming languages including Python, Go, and TypeScript.

INFRA1h ago

The developer behind Crabbox is increasingly relying on Codex to automate the overwhelming volume of issues and pull requests.

The maintainer of Crabbox, an open-source project by OpenClaw, has integrated Codex directly into the build process to help manage a flood of community contributions. Codex has been running continuously inside Crabbox for the past four days, becoming an essential piece of infrastructure for testing and landing PRs.

UPDATE1h ago

Small Harness offers a lightweight framework for running local LLMs, with plans to introduce hybrid frontier-local orchestration optimized by VulcanBench.

Small Harness is a fast, transparent, open-source terminal harness designed to run local Large Language Models (LLMs) on local hardware. The creator, Morgan Linton, announced that the project will soon support hybrid workflows that connect frontier models for planning with local models for execution. Additionally, a tool called VulcanBench will be integrated to optimize when each model tier is utilized.