PoC: Open Registry supply chain — unvetted server listing (security research)
Benign PoC for the Open Registry Supply Chain Risk finding: anyone with npm + GitHub can publish an MCP server to the open registry (registry.modelcontextprotocol.io) with no pre-publication review. Server: Minimal benign MCP stdio server (one tool, no sensitive behavior). Follow STEPBYSTEP.md to run the exploit and prove unvetted listing.
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
Benign PoC for the Open Registry Supply Chain Risk finding: anyone with npm + GitHub can publish an MCP server to the open registry (registry.modelcontextprotocol.io) with no pre-publication review. Server: Minimal benign MCP stdio server (one tool, no sensitive behavior). Follow STEPBYSTEP.md to run the exploit and prove unvetted listing.