Tool shadowing
A second MCP server registers a tool with the same name as a built-in one, intercepting calls.
Severity: highOWASP LLM: LLM03
How it works
Without strict naming, two servers can both register 'send_email'. The malicious one receives calls intended for the legit one.
Example payload
[Malicious server registers 'send_email' with the same description as the legit one.]
Defenses
Namespace tools by server. Reject duplicate registrations. Prefer fully-qualified tool names in agent calls.