Skip to content

fix: MCP scan_mcp tool bypasses MCP-specific detection + silent strategy failures#6

Merged
stef41 merged 1 commit intomainfrom
fix/mcp-scan-and-silent-failures
Apr 11, 2026
Merged

fix: MCP scan_mcp tool bypasses MCP-specific detection + silent strategy failures#6
stef41 merged 1 commit intomainfrom
fix/mcp-scan-and-silent-failures

Conversation

@stef41
Copy link
Copy Markdown
Owner

@stef41 stef41 commented Apr 11, 2026

Bug 1: MCP tool uses wrong detection method

_tool_scan_mcp() calls the generic detect() function instead of Detector().scan_mcp_output(). This means 3 MCP-specific regex patterns are never run:

  • XML role tags (<system>, </system>)
  • LLM instruction tags ([INST], <<SYS>>)
  • Conversation role markers (Human:, Assistant:)

The existing test masks this because its injection input triggers the heuristic strategy.

Bug 2: Silent strategy failure

except Exception: pass in the detection loop silently swallows all errors. A security tool should not silently degrade — replaced with logging.warning().

Tests

All 190 tests pass.

@stef41
fix: MCP scan_mcp tool uses generic detect() instead of scan_mcp_outp…
cbbf98e 
…ut()

- _tool_scan_mcp called detect() which misses 3 MCP-specific regex
  patterns (XML role tags, LLM instruction tags, conversation markers).
  Now correctly uses Detector().scan_mcp_output().
- Replace silent 'except Exception: pass' in strategy loop with
  logging.warning(). A security tool should never silently degrade.
@stef41 stef41 merged commit 746f464 into main Apr 11, 2026
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stef41