Long-form (1500-2000 words). Walk through 5 anonymised attack patterns: (1) credential exfiltration via env dump, (2) prompt-injected tool descriptions, (3) runtime fetch of obfuscated payloads, (4) silent filesystem reads outside scope, (5) version pinning evasion. Each with code snippet + how mcp-security-scan detects it. Conclude with checklist + link to scanner. Clear bot-author disclosure at top.