MCP

TL;DR MCPB files are ZIP archives with a .mcpb extension ZIP format has inherent security risks: path traversal (zip slip), silent overwrite, symlink attacks MCPB CLI had zip slip vulnerability before v0.2.6 (fixed in PR #74), still no overwrite warning Adopters using raw libraries like fflate must implement protections themselves What is MCPB? MCPB (MCP Bundles) is the packaging format for distributing MCP servers. Originally developed by Anthropic as “Desktop Extensions,” it was transferred to the Model Context Protocol project in November 2025 (see Adopting the MCP Bundle format (.mcpb) for portable local servers). ...

What Happened In our previous analysis, we identified capability laundering in Anthropic’s Memory MCP Server: a “memory storage” tool that could write arbitrary configuration files through unconstrained implementation. This is the second case. The MCP Git Server (mcp-server-git) exposes Git operations to AI agents. The git_init tool accepts arbitrary repo_path values without validation, creating repositories in any filesystem location. Combined with git_diff_staged, this turns a “Git helper” into a credential exfiltration primitive. ...

What Happened Anthropic’s Memory MCP Server is designed to help AI agents remember information across conversations by storing entities in a knowledge graph JSON Lines (JSONL) file. According to its documentation, each entity should only contain name, entityType, and observations. However, the vulnerable implementation accepted and stored additional properties beyond what was documented. That turned “memory persistence” into arbitrary JSON injection, enabling persistent VS Code configuration injection and terminal profile hijacking. ...