Remote versus local is more important than it seems. A locally installed tool is auditable. You can read the code, pin the version, and know it won't change under you.
行动建议:优先使用本地安装的工具而非远程工具,因为本地工具更可审计。对于必须使用的远程工具(如托管MCP服务器),应将其视为不受信任的组件,首先在隔离环境中使用模拟数据进行测试,以限制恶意工具的影响范围。