📄 中文摘要
MCP 拉地毯攻击是一种供应链攻击,恶意或被攻陷的 MCP 服务器在开发者或系统已批准工具后,悄然改变工具的定义或行为。大多数 MCP 客户端在安装时验证工具,但在定义更改时不会重新提醒,因此代理继续调用已更改的工具,而用户对此毫不知情。这种攻击在 2025 年影响了成千上万的团队,揭示了供应链安全的重要性和潜在风险。开发者需要加强对工具更新的监控,以防范此类攻击。
MCP 拉地毯攻击:在您批准后更改工具的威胁
📄 English Summary
The MCP Rug Pull Attack: The Threat That Changes Your Tools After You've Approved Them
The MCP rug pull attack is a supply chain attack where a malicious or compromised MCP server silently alters a tool's definition or behavior after it has been approved by a developer or system. Most MCP clients verify tools at install time but do not alert when definitions change, allowing the agent to continue calling the altered tool without the user's knowledge. This attack affected thousands of teams in 2025, highlighting the importance and potential risks of supply chain security. Developers need to enhance monitoring of tool updates to mitigate such attacks.