AGENTFORCE-33.1: MCP Over-Provisioning
๐ด High ยท Graph: MCP Identity Mismatch
[Enterprise] Detects MCP server configurations where the authorizing Connected App has full-scope OAuth access (full/api/chatter_api) disproportionate to the MCP tool's stated narrow purpose. The integration identity has more power than the tool requires.
Detailsโ
| Field | Value |
|---|---|
| Rule ID | AGENTFORCE-33.1 |
| Severity | High |
| Category | Graph: MCP Identity Mismatch |
| Compliance | OWASP_MCP_TOP_10, SOC2_CC6 |
Remediationโ
Refer to the SquireX documentation for
remediation guidance specific to AGENTFORCE-33.1.