mcp.json Security: A Worm Now Hunts Your Claude Config
A npm worm now hunts ~/.claude/mcp.json by name. Here is a hands-on mcp.json security pass — env indirection, scoping, and 4 checks I ran today.
April 27, 2026
A npm worm now hunts ~/.claude/mcp.json by name. Here is a hands-on mcp.json security pass — env indirection, scoping, and 4 checks I ran today.