An MCP scanner that runs the code it's supposed to analyze, what Snyk said when I reported it, and why I still think it's a vulnerability. TL;DR snyk-agent-scan (v0.4.3) is a tool that helps developers check whether an mcp.json configuration is safe before they let an AI coding tool load it. I reported that the tool executes the MCP server commands from that config, the very commands the user is trying to evaluate, without showing them, without asking consent, and with server output suppressed by default. Snyk initially closed the report as accepted risk , drawing a parallel to the Snyk CLI. After I pushed back, they reopened it and committed to prompting before execution, surfacing server output, and updating their documentation. I'm grateful the team re-engaged, but I still consider this a vulnerability rather than a design choice, and the disclosure process itself was worth writing about.…