Should I trust an MCP server from GitHub?

Updated
Short answer

Only with operator-pinned fingerprint + scope-locked tools. April 2026 Anthropic MCP RCE affected 200,000+ servers; Invariant Labs disclosed structural rug-pull pattern. Default-trust = unsafe.

MCP servers from random GitHub repos are an attacker's dream supply chain. Apr 2026 Anthropic MCP RCE design flaw + Invariant Labs tool-poisoning class show default-install is unsafe.

Defense: Securie's mcp-guard crate enforces operator-pinned TrustedCatalog + Validator + ScopeGuard. Reject every MCP server whose fingerprint isn't operator-authored.

People also ask

Is MCP safe to use in production?
MCP is safe with discipline: fingerprint-pinned servers + scope-locked tools + Llama Guard 4 output filtering. Without t
What is an MCP rug pull?
An MCP rug-pull is when a server ships a safe v1 tool catalog at install time, then mutates to a v2 catalog (with attack