Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think the reason is that MCP also works over a pipe (stdio), which does not need authentication.


It doesn't need it if this vulnerability is the only one you're worried about (remote websites), but it'd be nice to have it before letting it use e.g. your Github account. This is how VS Code extensions work, for example, and it's pretty nice




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: