@brooksmcmillin.com on Bluesky

JavaScript RequiredThis is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is. Learn more about Bluesky at bsky.social and atproto.com.

Post

Brooks

brooksmcmillin.com

did:plc:un2ezdj3lajzyurcrc4dwd3s

1/ Most MCP vulns are classics in disguise: • Missing PKCE on public clients • Plaintext token storage • Timing attacks on token comparison (found this 8 times) • DNS rebinding against local servers • Default secrets deployed to prod

2026-02-07T16:39:27.573Z