Users: be thoughtful about what you install, and watch out for dangerous combinations of tools.
Pay special attention to this part of the MCP specification:
For trust & safety and security, there SHOULD always be a human in the loop with the ability to deny tool invocations.
Applications SHOULD:
• Provide UI that makes clear which tools are being exposed to the AI model
• Insert clear visual indicators when tools are invoked
• Present confirmation prompts to the user for operations, to ensure a human is in the loop
I suggest treating those SHOULDs as if they were MUSTs.
I really want this stuff to work safely and securely, but the lack of progress over the past two and a half years doesn’t fill me with confidence that we’ll figure this out any time soon.
This is a fundamental problem with having a computer make decisions on your behalf with your data/info, compounded by the fact that the interface for this computer is human language and persuasion, compounded by the fact that the computer is guided to obey the latest/firmest command given, regardless of source.