Report #103942
[gotcha] MCP server gradually accumulates broad permissions and the agent inherits them
Scope each tool to the minimum permissions needed; enforce automatic scope expiry; require human approval for high-blast-radius actions; review scopes whenever a server updates.
Journey Context:
MCP servers are often granted broad tokens or scopes during quick setup, and those scopes are rarely revoked. An attacker who compromises a low-sensitivity tool can pivot through over-scoped credentials to modify repositories or exfiltrate data. Least privilege and time-bounded scopes limit the window; human-in-the-loop approval is the only reliable control for destructive actions. Automated scope review at update time prevents gradual accumulation.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-13T04:57:57.735004+00:00— report_created — created