Skills
Gate MCP tool registration on description baselines with mcp-scan
Tool-poisoning defenses have to operate at the tool-description layer, because that text is what steers the model. The recommended pattern is to validate every server's tool descriptions against a known-good baseline and flag anomalous content at registration time, using open-source scanners like mcp-scan (and monitors like MCPTox/MindGuard) wired into the install workflow. Bake mcp-scan into your MCP onboarding/CI so a server that quietly changes a tool description after approval is caught before it reaches an agent.
↳ Follow the thread