AI-infused

Posted by eastgate
Sep 26, 2025 at 05:39 PM

Perhaps other uses of MCP are insecure, but this is NOT a concern in with Tinderbox (https://www.eastgate.com/Tinderbox/).

1. Your notes are in Tinderbox. If Tinderbox wanted to do something nefarious with them (it doesn’t!), it could just go ahead and to that without MCP.
2. You’re using Claude Desktop, or ollama, or whatever, on your machine. They pose the same threat they would pose, or that ANY software poses, without MCP.
3. The client (Claude Desktop) can use MCP to try to communicate with Tinderbox. If you haven’t given permission, nothing happens. If you have, you have the same risk you’d have without MCP.
4. There might be a vulnerability if some miscreant broke into your house, deleted Tinderbox, and replaced it with a different application that is also named TINDERBOX 11. But to do this, the bad guy has access to your house, your computer, and your passwords. If the bad guy has this much access, you’re stuck — and you’d be stuck without MCP.

There might be good reasons to ignore the great breakthrough of our time. (I remember when people wouldn’t fly because planes were too dangerous.) Insecurity of MCP is not among those reasons.