Should I trust an MCP server from GitHub?

Updated
Short answer

Only with operator-pinned fingerprint + scope-locked tools. April 2026 Anthropic MCP RCE affected 200,000+ servers; Invariant Labs disclosed structural rug-pull pattern. Default-trust = unsafe.

MCP servers from random GitHub repos are an attacker's dream supply chain. Apr 2026 Anthropic MCP RCE design flaw + Invariant Labs tool-poisoning class show default-install is unsafe.

Defense: Securie's MCP trust-enforcement layer enforces an operator-pinned trusted catalog + the manifest validator + the per-dispatch scope check. Reject every MCP server whose fingerprint isn't operator-authored.

People also ask

Is MCP safe to use in production?
MCP is safe with discipline: fingerprint-pinned servers + scope-locked tools + Llama Guard 4 output filtering. Without t
What is an MCP rug pull?
An MCP rug-pull is when a server ships a safe v1 tool catalog at install time, then mutates to a v2 catalog (with attack