CapitalGuard

CapitalGuard Observatory · Tool record

MCP-Connected AI Assistants

Multiple providers · connected assistant

MCP-connected assistants can discover resources and call tools exposed by local or remote servers, creating a reusable bridge between AI and files, APIs, databases, commands, and business systems.

Public-Control Score

N/A

Implementation-dependent protocol

MCP is a protocol and ecosystem, not one deployed product. A single score would hide differences between clients, servers, transport, authorization, and operator policy.

Scored dimensions

The documented control surface.

This record is reviewed against the same five-dimension rubric used across every scored product.

Read Methodology

A protocol needs implementation-level evidence.

Score the client, server, authorization method, transport, tool definitions, and operator policy together. A protocol-wide number would be false precision.

Documented access points

1

MCP resources and prompts

2

local stdio server processes

3

remote tools, OAuth scopes, APIs, and downstream services

Settings to verify now

1

Server origin, command, and transport

2

OAuth scopes, token audience, and consent

3

Filesystem, network, session, logging, and downstream permissions

Linked security signals

Version checks that should not wait.

CVE-2025-54073 · high

MCP package-documentation server command injection

mcp-package-docs 0.1.27 and earlier.

Update to 0.1.28 or later and use argument-safe process APIs rather than shell interpolation.

CVE-2026-40576 · critical

Remote MCP spreadsheet server path traversal

excel-mcp-server 0.1.7 and earlier.

Update to 0.1.8 or later, bind remote services narrowly, authenticate requests, and validate resolved paths against the approved root.

CGO-RESEARCH-2026-05 · informational

AgentSecBench formalizes three enforceable agent-security boundaries

Agentic systems that combine untrusted content, private context, and action-capable tools.

Project trusted provenance, restrict capabilities before generation, and validate outputs before execution.

Primary sources

Inspect the evidence directly.