shameless plug: i wrote a personal mcp using wasm vm as sandboxing mechanism. plugins are packaged into OCI images, signed & publish to OCI registry.

by default, plugins has no filesystem access & network access unless specified by user via runtime config.

for this kind of attack, if they attempt to steal ssh keys, they still cannot send it out (no network access).

https://github.com/tuananh/hyper-mcp