I am sorry DAVE. I am afraid I can’t let you do that. Cooking something with @kkmookhey @riyazwalikar.

10/ Next step if you liked this play session I’ll drop the tiny MCP server and the script in the replies. Use them to prototype. Use them to harden. DM me if you want a quick walkthrough. https://t.co/wGsW3X7Clc - Riyaz Walikar #MCP #AgentPlayground #Claude #AItools #Appsecco

9/ Quick checklist while you play • Mark demo endpoints clearly. Delete them when done. • Add auth to production endpoints. • Rate limit and log the registry calls. • Use a local MCP proxy to filter calls during demos.

8/ But also a quick risk note Discovery is discovery. Public metadata helps tooling and attackers alike. If you run an MCP server, treat what you publish as intentional.

7/ Why this is useful, not just scary If you build agent tooling, the registry is a fast way to prototype discovery features. You can show a PoC to colleagues in an hour. That matters for UX and product dev.

6/ Simple cURL+jq URL=" https://t.co/z13RY9ldnD" while [ "$URL" != "null" ]; do resp=$(curl -s "$URL") echo "$resp" | jq '.servers // [] | .[] | {name: .name, endpoint: (.remotes[0].url // "none")}' URL=$(echo "$resp" | jq -r '.next // "null"') done Run in a lab. Have fun.

5/ A playful experiment you can try Run the paging script, sample 50 entries, and print the endpoint hostnames. You will quickly get a feel for what people publish.

4/ Fun discovery points • The API is easy to page. Paging tokens are obvious. • Many entries contain helpful metadata. That is good for tooling. • Some endpoints look like public demos. Great for playing. Not great for production

3/ What I did, in order • Opened the registry to see the json • Hit the /v0 API and paged results • Wrote a tiny script to sample entries • Wrote a minimal MCP that accepts a query and returns matching entries • Used that MCP to demo how registry data can feed an agent

2/ The mood: low effort, high curiosity This was not a full audit. It was 20 minutes of exploration and a few quick scripts. Think lab tinkering, not threat hunting.

1/ TL;DR I was just tinkering. The registry is neat. It makes discovery easy. That makes clever tools simpler and attackers happier. So play, learn, then harden.

I spent an afternoon playing with Anthropic's new MCP registry. I walked it. I scraped it. I built a tiny MCP that queries it. Mostly curious experiments. Here’s what I found and what you might try. 🧵👇

Join us to meet all the OGs and catch up as we celebrate 15 years of @Nullblr Bangalore tomorrow at @cloudsek! Don't miss out on the fun. RSVP now - https://t.co/dgbhQAUrPD @makash @amolnaik4 @riyazwalikar @NeeluTripathy @murtuja_bharmal @InfosecVandana @abh1sek @fb1h2s

There seems to be an Authorisation problem here 😜 #websecurity

I fondly remember my first #kubernetes cluster pentest several years ago. Gained cluster admin by reading protected credentials using a binary planting/path confusion bug! Fun times! 😎 🎊 I'm running a poll to know who in my connections is using Kubernetes in prod?

_______ is my go to scanning tool for AWS #cloudsecurity Please reshare for better reach

We did some analysis of a recent research post where the author claimed to have found 2 #AWS #EKS 0 Days with significant risks to thousands of clusters. Our analysis showed that the claims were simply a result of how AWS EKS is designed. https://t.co/o7270G0pFS #kubernetes

The wait is over! We have now released the content for Session 1 to Session 6 of the ongoing #AWS Security #Masterclass. Go to https://t.co/gdHjwofqs7 now! Content for Session 7 - 10 will be released after the Masterclass is over. Subscribe to get notified! #cloudsecurity

We have opened special registration for Session 6 of the ongoing #AWS Security #Masterclass. Limited seats only for this mini hackathon/CTF. Link for registration - https://t.co/n7s7LPa1K4 Registrations will close on capacity! #CloudSecurity

Limited seats only! I'll be doing a 2 day in person hands-on cloud security training titled "Breaking and Pwning Apps and Servers on #AWS and #GoogleCloud" @bsidesbangalore on June 6th-7th. Register now! https://t.co/9My7pzXcSN cc @appseccouk @Kloudleinc