mcp-server-integration

The document is a legitimate integration guide for MCP servers but contains operational patterns that raise supply-chain and credential-exfiltration risk: unpinned global npm installs and npx execution, broad wildcard tool permissions, and example arbitrary filesystem reads/writes. There is no direct malicious code in the provided file, nor obvious obfuscation or hard-coded credentials. The main risk is that installed or transitive npm packages (or external MCP endpoints) could exfiltrate secrets or execute harmful actions if compromised. Recommendations: pin package versions, avoid global/unverified installs in CI, use narrowly scoped tokens and env vars, restrict tool capabilities (do not use "*"), sandbox filesystem access, and include concrete input validation/allowlist examples.