Hi HN!We kept seeing devs get pwned through MCP tools in ways that security scanners completely miss. So we built an open-source analyzer to catch these attacks. Our first OSS by Mighty team.The problem: At Defcon, we saw MCP exploits with 100% success rate against Claude and Llama. Three attack patterns:Hidden Unicode in "error messages" - Paste a colleague's error into Claude, your SSH keys get exfiltratedTrusted tool updates - That database tool you've used for months? Last week's update added credential theftTool redefinition - Malicious tool redefines "deploy to prod" to run attacker's scriptTraditional scanners (CodeQL, SonarQube) catch