MCP - Grass Blog — Mobile access for Claude Code and AI coding agents

Grass Blog — Mobile access for Claude Code and AI coding agents

MCP

A collection of 6 posts

VellaVeto fail-closed policy mode: deny unsafe MCP tool calls by default and require approval for writes

Most agent safety controls are advisory until they sit on the tool-call path. VellaVeto is positioned as a runtime proxy for MCP tools: every call is evaluated against policy before execution, and policy failures deny the call. That fail-closed posture matters for agents that can read files, call SaaS APIs,

Pipelock MCP proxy + HTTPS_PROXY: stop secret exfiltration from prompt-injected tool calls without changing agent code

Prompt injection becomes operationally dangerous when an agent can both read secrets and make network or tool calls. Pipelock addresses that boundary problem by sitting between the agent, MCP servers, and the network. This article is for developers running coding agents locally or in CI who want a practical control

Pincer-MCP proxy tokens: keep real API keys out of agent memory while preserving MCP tool access

Agents often need credentials to be useful. They also read files, execute tools, and ingest untrusted content. That combination makes plaintext API keys in .env files, shell profiles, and agent config a poor default. Pincer-MCP takes a proxy-token approach: the agent receives a limited token, while real API keys stay

MCP tool-shadowing defenses: detect poisoned tool descriptions and block mid-session tool-definition rug pulls

MCP tools are not just code endpoints. Their names, descriptions, and schemas are fed to the model so it can decide what to call. That makes tool metadata part of the instruction channel. Tool shadowing and poisoned descriptions abuse that trust by hiding instructions where users rarely look but models

Bidirectional MCP scanning pipeline: catch leaks in outbound tool args and injection in inbound tool responses

Most MCP security discussions focus on either secret leakage or prompt injection. In practice, you need both directions. Outbound tool arguments can carry secrets to an attacker-controlled server. Inbound tool responses can carry instructions that compromise the next model step. A useful MCP gateway scans both paths. The short version

ai-dev-environments

The MCP Server Ecosystem in 2026: Integration Layer for AI Agents

The MCP ecosystem is larger than most developers realize — and discovery is the real bottleneck. Working integrations already exist for git, home automation, and messaging. Here's the map, plus a build-vs-find matrix.