HN Reader

Experimenting with no-build Web Applications • AndreGarzia.com (andregarzia.com)

1 points by rbanffy 4m ago 0 comments

50 Years of Microsoft and Developer Tools with Scott Guthrie (newsletter.pragmaticengineer.com)

1 points by rbanffy 5m ago 0 comments

The History of R2E and the Micral (abortretry.fail)

1 points by rbanffy 5m ago 0 comments

Show HN: Loregrep – In Memory RepoMap for coding assistants (github.com)

1 points by vasu014 6m ago 0 comments

Red Hat just transformed enterprise server Linux (zdnet.com)

2 points by taubek 7m ago 0 comments

The Original 300B (westernelectric.com)

1 points by belter 10m ago 0 comments

American Science and Surplus is fighting for its life. Why Should You Care? (arstechnica.com)

1 points by signa11 13m ago 0 comments

Top AI Tools

1 points by Reviewtechs 14m ago 0 comments

A Programming System (2023) (andreyor.st)

1 points by r4um 15m ago 0 comments

Advertising is coming to AI, and it's going to be product placement on steroids (sebs.website)

1 points by Incerto 16m ago 0 comments

A Writers frustrating experience with ChatGPT's approach to lying (amandaguinzburg.substack.com)

1 points by wgx 16m ago 0 comments

Django, JavaScript Modules and Importmaps (406.ch)

1 points by ThibWeb 16m ago 0 comments

Viralia Project (indiegogo.com)

1 points by jskkkkk 17m ago 0 comments

Tesla Optimus photoshoot with influencer Anna Malygon (coeval-magazine.com)

2 points by nreece 19m ago 0 comments

The Original Permissionless JPEG: From malware payload to Bitcoin blockchain (theoriginalpermissionlessjpeg.com)

1 points by rmcdaniel 19m ago 1 comments

Detecting, Exploiting, Remediating a Path Traversal Vulnerability Across GitHub (arxiv.org)

1 points by rntn 20m ago 0 comments

Magnetic 3D-printed pen could help diagnose people with Parkinson's (theguardian.com)

1 points by bookofjoe 21m ago 0 comments

Geojob App (indiegogo.com)

2 points by staceplaaaa 23m ago 1 comments

Mellon "We Are Not Alone" – A Reflection on UAP and Humanity's Cosmic Context [video] (youtube.com)

1 points by keepamovin 24m ago 0 comments

'I happened to be sitting next to Bill Joy at UCB when he wrote the first "yes"' (github.com)

1 points by JdeBP 24m ago 1 comments

The Steve Ballmer Interview (open.spotify.com)

1 points by doener 25m ago 0 comments

Building a Catalytic Computer over the Weekend (leetarxiv.substack.com)

1 points by muragekibicho 25m ago 1 comments

An Interview with Cursor Co-Founder and CEO Michael Truell About Coding with AI (stratechery.com)

2 points by feross 26m ago 1 comments

Open Table Format Revolution: Why Hyperscalers Are Betting on Managed Iceberg (rilldata.com)

2 points by articsputnik 26m ago 0 comments

Morley Safer Award Winners (2019) (morleysaferaward.briscoecenter.org)

1 points by kpli 28m ago 0 comments

Manatees as Gardeners of the Amazon (worldsensorium.com)

1 points by dnetesn 28m ago 0 comments

The Mathematical Mysteries of Fireflies (nautil.us)

1 points by dnetesn 29m ago 0 comments

Tesla loses another manager to layoffs – but this one quit due to morale (electrek.co)

3 points by doener 33m ago 0 comments

Nvidia ISO-26262 Spark Process (nvidia.github.io)

1 points by todsacerdoti 35m ago 0 comments

Inkscape UI Vision Going Forward [video] (media.ccc.de)

2 points by jarek-foksa 35m ago 0 comments

Yorick programming language for scientific computations (yorick.sourceforge.net)

3 points by smartmic 38m ago 1 comments

Over $1B in federal funding got slashed for this polluting industry (technologyreview.com)

1 points by doener 39m ago 0 comments

10 Years of Betting on Rust (tably.com)

7 points by K0nserv 39m ago 0 comments

Scope of Work Generator (chromewebstore.google.com)

1 points by startumproject 50m ago 1 comments

UK tech job openings climb 21% to pre-pandemic highs (theregister.com)

9 points by beardyw 53m ago 1 comments

GOP rage with Musk spills out privately after break with Trump (axios.com)

1 points by r721 53m ago 0 comments

Consumer groups filed a complaint against SHEIN for dark patterns (beuc.eu)

1 points by Improvement 54m ago 0 comments

Ask HN: Self Hosted Cloud Stack

1 points by asim 54m ago 1 comments

What Palantir Does (twitter.com)

1 points by nreece 55m ago 0 comments

2010 U.S.-Russia Treaty Helped Kyiv's UAVs Destroy Russian Nuclear Bombers (eurasiantimes.com)

2 points by mkfs 59m ago 2 comments

Synee – A Socializing App Reinventing Event Hosting

1 points by synee 59m ago 0 comments

Pice: India's #1 Invoicing and Payment Collections Software (piceapp.com)

1 points by thesandi001 1h ago 0 comments

DNS4EU for Public Is Available (joindns4.eu)

5 points by todsacerdoti 1h ago 0 comments

GenAI-Assisted Fantasies (cacm.acm.org)

1 points by rbanffy 1h ago 0 comments

Core Database Design (andyatkinson.com)

2 points by furkansahin 1h ago 0 comments

How NASA advisory committees are navigating a new political landscape (spacenews.com)

1 points by rbanffy 1h ago 0 comments

Andrej Karpathy: Opaque, Non-Scriptable UI-Heavy Products Risk Obsolescence (twitter.com)

2 points by nsoonhui 1h ago 0 comments

WhatsApp's Billion-User Database: How FreeBSD and Erlang Handled the Impossible (medium.com)

2 points by rodrigo975 1h ago 0 comments

There Aren't Enough Engineers to Meet Growing Hunger for Power (bloomberg.com)

3 points by petethomas 1h ago 1 comments

Deriod Calculator (deriod.net)

1 points by BruceWok 1h ago 0 comments

The Permission Pitfall: Securing MCP Servers Without Limiting Value

2 pyoo 1 6/4/2025, 7:25:28 PM joinformal.com ↗

Comments (1)

pyoo · 15h ago
Last week Invariant Labs discovered a vulnerability in the Github MCP that lets you exfiltrate data from private repos via a public issue through prompt injection.

At the root of the issue was the lack of implemented granular permissions. Claude Desktop authenticates to Github via a personal access token (PAT) and over permissive PATs are what allowed the prompt injection.

When digging deeper, the challenge you face is that the permissions allowed by the base system (e.g., Github) does not allow you to implement least privilege. An agent that creates and commits PRs must also be given the ability to approve and merge them. This makes you choose between enforcing least privilege and increasing the value an agent can provide.

You may have guessed it, but I believe the solution is to have a decoupled centralized permissions layer on top of what the system natively gives. This way you can ensure an agent can create PRs without ever approving or merging them.

The goal is to not limit the ability of the agent but to provide the right guardrails in which it can operate. You can read the blog to see how we we're able to achieve this!