A Claude Code hook that warns you before calling a low-trust MCP server

Last week researchers at Ox published findings showing that the MCP STDIO transport lets arbitrary command execution slip through unchecked, and that 9 of 11 MCP marketplaces they tested were poisonable . Anthropic's response: STDIO is out of scope for protocol-level fixes, the ecosystem is responsible for operational trust. Fair — Anthropic donated MCP to the Linux Foundation's Agentic AI Foundation in December 2025 specifically so independent infrastructure could grow around it. But that leave