The OWASP MCP Top 10 defines the top security risks for AI agents using MCP. 9 out of 10 can be mitigated with Claude Code hooks.
| Risk | Hook Defense | Hooks |
|---|---|---|
| MCP01: Token/Secret Exposure | ✅ Full | 20+ |
| MCP02: Privilege Escalation | ✅ Full | 6 |
| MCP03: Tool Poisoning | ✅ Full | 9 |
| MCP04: Supply Chain Attacks | ✅ Full | 18 |
| MCP05: Command Injection | ✅ Full | 19 |
| MCP06: Intent Subversion | ✅ Full | 3 |
| MCP07: Insufficient Auth | △ Monitor | 2 |
| MCP08: Lack of Audit | ✅ Full | 10 |
| MCP09: Shadow MCP Servers | ✅ Full | 1 |
| MCP10: Context Injection | ✅ Full | 19 |
Hardcoded credentials, long-lived tokens, secrets exposed in model memory or logs.
npx cc-safe-setup --install-example credential-file-cat-guard
npx cc-safe-setup --install-example credential-exfil-guard
npx cc-safe-setup --install-example hardcoded-secret-detectorAlso: write-secret-guard, no-secrets-in-logs, output-secret-mask, no-default-credentials, staged-secret-scan
Compromised dependencies, unreviewed packages, dependency tampering.
npx cc-safe-setup --install-example dependency-install-guard
npx cc-safe-setup --install-example dependency-audit
npx cc-safe-setup --install-example npm-script-injectionAlso: dependency-version-pin, check-dependency-age, check-dependency-license, no-force-install
Unvalidated inputs leading to destructive system commands.
npx cc-safe-setup --install-example destructive-guard
npx cc-safe-setup --install-example no-eval
npx cc-safe-setup --install-example prompt-injection-guardAlso: rm-safety-net, sql-injection-detect, terraform-guard, no-exec-user-input
Unauthorized MCP servers bypassing security governance.
npx cc-safe-setup --install-example mcp-server-guardBlocks modification of .mcp.json and unauthorized MCP server launches. Allowlist-based.
667 hooks · 9,200+ tests · Covers all 10 OWASP MCP risk categories