OWASP MCP Top 10 Mapping

How MCPShield's 80 detection rules map to the OWASP MCP Top 10 security framework.

MCP01

Token Mismanagement & Secret Exposure

Hardcoded keys, env var leakage, credential theft

8 rules

TP-003Credentials Referenced in DescriptionHTTP

TP-004Env Var Access InstructionsHTTP

TP-011Credential Harvesting LanguageHTTP

GH-CRED-001Hardcoded CredentialsGitHub

GH-EXPO-001Sensitive File CommittedGitHub

GH-ENVLEAK-001Environment Variable ExposureGitHub

GH-ENVHARV-001Environment Variable HarvestingGitHub

GH-CREDHARV-001Credential Harvesting LanguageGitHub

MCP02

Tool Poisoning

Malicious tool descriptions, shadowing, cross-tool manipulation

19 rules

TP-001Cross-Tool Reference in DescriptionHTTP

TP-002Behavioral Manipulation InstructionsHTTP

TP-005Sensitive File Path ReferencedHTTP

TP-006External URL in DescriptionHTTP

TP-007Data Harvesting InstructionsHTTP

TP-008Name-Description MismatchHTTP

TP-009Cross-Tool Manipulation LanguageHTTP

TP-010Dangerous Capability DeclarationHTTP

TP-012Email Injection PatternHTTP

TP-013Full Schema PoisoningHTTP

TP-016Dangerous Tool Capability CombinationHTTP

TS-001Duplicate Tool NamesHTTP

TS-002Non-ASCII Tool NamesHTTP

TS-003Common Built-in Tool NameHTTP

GH-MCPI-001MCP Tool Description InjectionGitHub

GH-SHADOW-001Cross-Tool ManipulationGitHub

GH-INSTAG-001Instruction Tag MarkersGitHub

GH-SEQHIJACK-001Tool Sequence HijackingGitHub

GH-SKILLMD-001Ghost Instructions in Skill FilesGitHub

MCP03

Insufficient Input Validation

Command injection, path traversal, SQL injection, SSRF

10 rules

IV-001Command Execution SurfaceHTTP

IV-002File System Operation SurfaceHTTP

IV-003SQL Injection SurfaceHTTP

IV-004SSRF SurfaceHTTP

IV-005String Parameter Without maxLengthHTTP

GH-CMDI-001Command Injection RiskGitHub

GH-PATH-001Path Traversal RiskGitHub

GH-SQLI-001SQL Injection RiskGitHub

GH-MCPV-001Missing MCP Input ValidationGitHub

GH-DANGEREXEC-001Shell Execution with User InputGitHub

MCP04

Prompt Injection

Hidden Unicode, bidi overrides, homoglyphs, injection markers

10 rules

PI-001Hidden Unicode CharactersHTTP

PI-002LLM Injection MarkersHTTP

PI-003Encoded Payload PatternsHTTP

PI-004HTML Entity ObfuscationHTTP

PI-005Whitespace SmugglingHTTP

PI-006HTML Comment InjectionHTTP

PI-007Instruction Tag MarkersHTTP

GH-BIDI-001Bidirectional Text OverrideGitHub

GH-HOMOGLYPH-001Homoglyph CharactersGitHub

GH-ZWCHAR-001Zero-Width CharactersGitHub

MCP05

Software Supply Chain Attacks

Malicious packages, typosquatting, git persistence, config injection

9 rules

GH-SUPPLY-001Suspicious Lifecycle ScriptGitHub

GH-DEPS-001Known Vulnerable DependencyGitHub

GH-TYPOSQUAT-001Package Name TyposquattingGitHub

GH-CONFIGINJ-001AI Client Config InjectionGitHub

GH-GITPERSIST-001Git Hook PersistenceGitHub

GH-TIMEGATE-001Time-Delayed PayloadGitHub

GH-CIDETECT-001CI Environment DetectionGitHub

GH-BGPERSIST-001Background PersistenceGitHub

GH-MCPCONFIG-001Dangerous MCP ConfigGitHub

MCP06

Excessive Permissions

Over-privileged tools, destructive operations, sampling abuse

5 rules

AUTHZ-001Read-Only Annotation Contradicts DescriptionHTTP

AUTHZ-002Missing Destructive AnnotationHTTP

META-007Sampling Capability (Elevated with Network)HTTP

META-008Experimental CapabilitiesHTTP

GH-DESTRUCTIVE-001Unrestricted Destructive OperationsGitHub

MCP07

Insufficient Authentication & Authorization

Missing auth, CORS misconfiguration, weak transport security

6 rules

AUTH-001No HTTP AuthenticationHTTP

AUTH-002Plain HTTP (No TLS)HTTP

AUTH-003Stdio Implicit TrustHTTP

GH-AUTH-001Missing AuthenticationGitHub

GH-CORS-001CORS Wildcard ConfigurationGitHub

GH-SHADOWSRV-001Server Binding to 0.0.0.0GitHub

MCP08

Lack of Audit & Telemetry

Missing logging, no immutable audit trail for tool calls

0 rules

No rules yet — planned for future release.

MCP09

Shadow MCP Servers

Unauthorized MCP instances, privacy claim violations

2 rules

GH-PRIVACY-001Privacy Claim Contradicted by CodeGitHub

GH-MCPCONFIG-001Dangerous MCP Server ConfigGitHub

MCP10

Context Injection & Over-Sharing

Data exfiltration, DNS tunneling, base64 exfil

11 rules

TP-014Cloud Metadata / SSRF TargetHTTP

TP-015Reverse Shell PatternHTTP

GH-EXFIL-001Data ExfiltrationGitHub

GH-FSACCESS-001Sensitive File AccessGitHub

GH-DNS-001DNS ExfiltrationGitHub

GH-B64EXFIL-001Base64 ExfiltrationGitHub

GH-SSRF-001Cloud Metadata / SSRFGitHub

GH-REVSHELL-001Reverse Shell PatternGitHub

GH-CRYPTO-001Cryptocurrency MiningGitHub

GH-EMAILINJ-001Email BCC InjectionGitHub

GH-DGA-001Domain Generation AlgorithmGitHub

Benchmark results: 100% recall on GenTelBench-v1 (50K samples) and MCPTox (485 samples).

Scan Your MCP Server