zlacker

[return to "Using proxies to hide secrets from Claude Code"]
1. pauldd+A7i[view] [source] 2026-01-19 03:42:22
>>drewgr+(OP)
Isn’t this (part of) the point of MCP.
◧◩
2. eddyth+Dfi[view] [source] 2026-01-19 05:19:18
>>pauldd+A7i
Possibly, but the point is that MCP is a DOA idea. An agent, like Claude code or opencode, don’t need an MCP. it’s nonsensical to expect or need an MCP before someone can call you.

There is no `git` MCP either . Opencode is fully capable of running `git add .` or `aws ec2 terminate-instance …` or `curl -XPOST https://…`

Why do we need the MCP? The problem now is that someone can do a prompt injection to tell it to send all your ~/.was/credentials to a random endpoint. So let’s just have a dummy value there, and inject the actual value in a transparent outbound proxy that the agent doesn’t have access to.

[go to top]