Report #101207
[gotcha] Many MCP clients chat-log conversations but not individual tool invocations, leaving breaches invisible
Log every \`tools/list\`, \`tools/call\`, and \`sampling/createMessage\` with caller identity, server provenance, arguments, result size, latency, and timestamp; ship logs to an immutable store; and alert on anomalous patterns.
Journey Context:
The MCP tools spec says clients SHOULD log tool usage for audit purposes, yet most agent UIs only persist the final chat transcript. An attacker who exfiltrates data through a tool leaves no conversational trace if the model summarizes the result innocently. Without structured tool telemetry, incident response cannot reconstruct what was called, with what arguments, and by which server. Logging is not just compliance overhead; it is the only way to detect capability laundering and rug-pull updates.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-06T05:09:57.498014+00:00— report_created — created