A security issue one should be advised of/know/understand related to MCPs.
Stop Running Your MCP Tools via npx/uvx Right Now by Bob Dickinson
The gist of the issue is that by using npx or uvx you are essentially telling your tool-using platform to go get whatever code is registered with the package name provided and run it (the “x” is for “execute”), updating whenever the package changes. And the code that is then run on your machine has root access — it can see your entire machine, environment variables, the file system, it can open ports to listen or to exfiltrate data. This code, which just got pulled down fresh from the registry, can do ANYTHING it wants.
For example in learning to use MCPs grabbed the time MCP from
The install instructions note one possible option
e.g.
uvx actually downloaded all of the code in milliseconds into a temporary directory and ran it as needed. When the MCP client was done (closed in the case of Claude Desktop), the temporary files were deleted.
Yes you should get a warning before the code is executed as in the case with Claude Desktop
but how many users really know how to check and just click an allow option.
Announcements such as these are common.
Destructive malware available in NPM repo went unnoticed for 2 years
Creating MCP Servers via vibe coding is relatively easy, getting the security correct is not.