However, by removing the package, it will not remove from the machines that already run. Although it is unclear how many developers have actually downloaded the version, each of each of the “average 1500 weekly” is compromised by each one – the factors that probably motivate the swift withdrawal of the package attacker.
To reduce the damage, KOI recommends immediate removal of postmark-MCP (version 1.0.16), the rotation of credentials is probably leaked via email, and all MCPS in use completely audit.
“These MCP servers run with the same privilege as AI auxiliary – email access, database connection, API permissions – yet they do not appear in any asset list, sellers abandon the risk assessment, and bypassing every safety control from DLP to Email Gateway,” said DARDIKMAN. “As long as someone finds out that his AI assistant has quietly emailed an outsider for months, the damage is already frightening.”
Safety doctors have suspected MCP since Cloud’s creator, Anthropic. Over time, the protocol has hit several bumps, in which vendors such as anthropic and asanas have reported important flaws in their MCP implementation.
