Feature: Security scan MCP servers before connecting

[elliotllliu]

Problem

Continue connects to MCP servers that have access to your codebase, terminal, and network. Snyk 2026 found 36% of agent skills have security flaws — backdoors, data exfiltration, prompt injection.

There is no automated way to verify an MCP server is safe before connecting.

Suggestion

Add optional security scanning when configuring MCP servers. AgentShield could scan server source code and warn users:

• 30 rules covering backdoors, exfiltration, injection, tool poisoning
• Cross-file analysis traces credential theft paths
• 100% offline (no data leaves IDE)
• ~200ms per scan

npx @elliotllliu/agent-shield scan ./mcp-server/ --json

We scanned 493 Dify plugins — found 6 real backdoors, 0 false positives.

Open source, MIT: https://github.com/elliotllliu/agent-shield

[polterguy]

Scanning MCP servers before connecting feels like the right default, especially if the ecosystem wants trust to be earned rather than assumed.

Pre-connection visibility into risky descriptions, exposed capabilities, and weak boundaries could prevent a lot of avoidable mistakes upstream. If anyone is curious about adjacent thinking in this space, feel free to click my profile avatar.