The MCP attack your code review cannot see
A security researcher developed mcpscan, a static scanner for MCP servers and Claude Code projects, after discovering tool poisoning attacks that hide malicious instructions in Unicode zero-width characters within tool d…