MCP Tool Drift: Pin the Manifest, Block Rug-Pulls in 40 Lines
A new method called mcp_pin.py has been developed to prevent "MCP tool drift," a security vulnerability where a server modifies a tool's description or inputSchema after a user has approved it. This technique, identified by Invariant Labs and categorized by OWASP as MCP03:2025 Tool Poisoning, involves creating a SHA-256 hash of the tool's definition at the time of approval and re-verifying it before each subsequent use. The solution is implemented in approximately 40 lines of Python code and acts as a CI gate to block potential rug-pull attacks. AI
IMPACT Mitigates a specific supply-chain attack vector targeting AI agents by ensuring tool definitions remain immutable after approval.