Execute First, Ask Never: A Vulnerability in snyk-agent-scan

An MCP scanner that runs the code it's supposed to analyze, what Snyk said when I reported it, and why I still think it's a vulnerability. TL;DR snyk-agent-scan (v0.4.3) is a tool that helps developers check whether an mcp.json configuration is safe before they let an AI coding tool load it. I reported that the tool executes the MCP server commands from that config, the very commands the user is trying to evaluate, without showing them, without asking consent, and with server output suppressed by default. Snyk initially closed the report as accepted risk, drawing a parallel to the Snyk.