{"schema_version":"papers/paper-detail-v1","title":"From Component Manipulation to System Compromise: Understanding and Detecting Malicious MCP Servers","surface":"papers","opportunity_kernel":{"paper_id":"4f37410a-9b1e-4625-9ce2-ccf35d8b5882","title":"From Component Manipulation to System Compromise: Understanding and Detecting Malicious MCP Servers","authors":["Yiheng Huang","Zhijia Zhao","Bihuan Chen","Susheng Wu","Zhuotong Zhou","Yiheng Cao","Xin Hu","Xin Peng"],"arxiv_id":"2604.01905v1","doi":null,"published_at":"2026-04-02T11:22:07.000Z","score_object":{"overall":{"value":7,"scale":"0-10","confidence":0.85,"confidence_reason":"Backfilled from persisted papers.viability_score.","model_version":"phase0-backfill-v1","pipeline_version":"phase0-kernel-v1","computed_at":"2026-04-03T20:14:30.045Z","fresh_until":"2026-05-03T20:14:30.045Z","is_stale":true,"source_count":1,"missingness":[]},"technical":{"value":0,"scale":"0-10","confidence":0.55,"confidence_reason":"Backfilled from paper_extraction_scorecards.reconstruction_score.","model_version":"phase0-backfill-v1","pipeline_version":"phase0-kernel-v1","computed_at":"2026-04-03T20:50:40.576Z","fresh_until":"2026-04-17T20:50:40.576Z","is_stale":true,"source_count":1,"missingness":["reproducibility_results.reproducibility_score","deployability_scores.score"]},"commercial":{"value":4,"scale":"0-10","confidence":0.75,"confidence_reason":"Backfilled from persisted commercial_flags and repo availability.","model_version":"phase0-backfill-v1","pipeline_version":"phase0-kernel-v1","computed_at":"2026-04-03T20:14:30.045Z","fresh_until":"2026-05-03T20:14:30.045Z","is_stale":true,"source_count":1,"missingness":[]},"market":{"value":5.7,"scale":"0-10","confidence":0.34,"confidence_reason":"Estimated from commercial flags, repo presence, author coverage, and market-language heuristics because no persisted distribution_readiness_scores row was available.","model_version":"phase0-backfill-v1","pipeline_version":"phase0-kernel-v1","computed_at":"2026-04-03T20:14:30.045Z","fresh_until":"2026-04-17T20:14:30.045Z","is_stale":true,"source_count":5,"missingness":["distribution_readiness_scores.score"]},"team":{"value":6,"scale":"0-10","confidence":0.31,"confidence_reason":"Estimated from author count, repo presence, and summary coverage because no persisted team-quality evidence was available.","model_version":"phase0-backfill-v1","pipeline_version":"phase0-kernel-v1","computed_at":"2026-04-03T20:14:30.045Z","fresh_until":"2026-04-17T20:14:30.045Z","is_stale":true,"source_count":3,"missingness":["engineer_profiles.builder_score","author_startups"]},"methodology":{"value":3.65,"scale":"0-10","confidence":0.82,"confidence_reason":"Backfilled from paper_extraction_scorecards.total_score.","model_version":"phase0-backfill-v1","pipeline_version":"phase0-kernel-v1","computed_at":"2026-04-03T20:50:40.576Z","fresh_until":"2026-05-03T20:50:40.576Z","is_stale":true,"source_count":2,"missingness":[]}},"evidence_receipt":{"freshness":"stale","proof_status":"unverified","repo_status":"missing","references_count":0,"source_count":0,"coverage":0.3333,"missingness":["repo_url","references","proof_status","distribution_readiness_scores"],"unresolved_unknowns":["distribution readiness has not been computed yet","proof verification has not been recorded yet"],"last_verification_at":"2026-04-03T20:50:40.576Z"},"lineage_hash":"e431202729f4192aee3587225b93ca503c26fa903585b0ec7cbb1f17fda37d1c"},"distribution":null,"replication_evidence":[],"author_dna":[]}