Show HN: Diplomat-agent scan Python MCP servers for unguarded tool calls
Diplomat-agent is a tool that scans Python Model Context Protocol servers to detect unguarded tool calls, helping developers identify potential security risks in their MCP server implementations.
Background
- MCP (Model Context Protocol) is an open standard that lets AI agents expose and call "tools" — functions like file access, database queries, or shell commands — through a structured server interface. It's the infrastructure behind many AI coding and automation tools.
- This project, diplomat-agent, automatically scans MCP servers to find tools that lack proper safety guards (e.g., no user confirmation before destructive actions like deleting files or running terminal commands).
- The concern is that as AI agents gain more autonomy, unguarded tool calls could be exploited: an attacker (or even a benign prompt injection) could trick the AI into executing dangerous operations without the user's knowledge.
- This sits in a broader debate about AI safety: many argue that MCP and similar agentic frameworks were designed with functionality first, security second — leaving a gap that tools like this aim to measure and patch.