Anthropic's Reference MCP Server Fails Security Audit: Why 'Copy-Paste' Infrastructure is Leaking Your Credentials

Anthropic's reference MCP filesystem server scored 60 out of 100 in our behavioral security certification. Grade: F. Three critical blocking vulnerabilities. All credential exposure. We didn't find this with a linter. We found it by actually trying to break the server. The Findings The reference filesystem server ships with 14 tools for reading, writing, and navigating files. Two of them failed our adversarial red-team testing. Finding 1: edit_file — credential exposure via path traversal When we sent double-encoded traversal input (%252e%252e%252f) and URL-encoded traversal input to the edit_file tool, the server responded with content containing credential data. The path validation logic exists in the codebase. It did not stop our test payloads. Finding 2: edit_file — second traversal vector The same tool failed on a separate URL-encoded traversal variant. Two distinct bypass vectors, same tool, same result: credential exposure. Finding 3: read_multiple_files — direct credential harv