Members-Only
Recent Talks & Demos are for members only
You must be an AI Tinkerers active member to view these talks and demos.
MCP Checkpoint traces data leaks
Explore how MCP configs allow agents to access data. This talk demos a tool that parses configs, maps tools and routes, and traces potential sensitive data leaks.
I’ll walk through how I built MCP Checkpoint, a small tool that reads an agent’s MCP config and shows where things can go wrong. The demo covers how we parse the config, map each tool and route, and trace the paths where sensitive data could leak once the agent starts running. I’ll also share a few mistakes from the early versions, odd MCP servers we tested against, and how we ended up with simple rules that catch risky source to sink flows. It’s a hands-on look at the code and the reasoning behind it.
- MCPMCP is the open-source standard for securely connecting AI agents (like LLMs) to external tools, data, and enterprise workflows.The Model Context Protocol (MCP) functions as a standardized integration layer: think of it as a USB-C port for AI applications. Developed and open-sourced by Anthropic, this protocol allows large language models (LLMs) to access real-time context and execute actions via external tools like GitHub, Jira, or proprietary databases . It uses a simple JSON-RPC interface to define tools, schemas, and endpoints, which enables AI agents to perform complex, state-changing tasks—such as creating a GitHub issue or running a test script—rather than just generating text . MCP is essential for building agentic AI systems that can autonomously pursue goals and operate within defined safety and permission boundaries .
- PythonPython: The high-level, general-purpose language built for readability, powering everything from web backends to advanced machine learning models.Python is the high-level, general-purpose language prioritizing clear, readable syntax (via significant indentation), ensuring rapid development for any team . Its ecosystem is massive: use it for robust web development with frameworks like Django and Flask, or leverage its power in data science with libraries such as Pandas and NumPy . The Python Package Index (PyPI) provides thousands of community-contributed modules, offering immediate solutions for tasks from network programming to GUI creation . The language is actively maintained by the Python Software Foundation (PSF), with the stable release currently at Python 3.14.0 (as of November 2025) .
- config parsingConfig parsing is the automated extraction of structured parameters from external files like YAML, JSON, or INI to control application behavior without recompiling code.Modern systems rely on config parsing to separate logic from environment-specific data. Whether you are using Python's configparser for legacy INI files or Pydantic for type-safe JSON validation, the goal is the same: ingest raw strings and map them to actionable objects. High-performing operators use this to manage everything from database credentials to feature flags across dev, staging, and production. By centralizing these variables in external files (like settings.yaml or .env), you ensure that a single container image remains portable and secure across your entire infrastructure.
- schema inspectionSchema inspection is the technical process of validating, visualizing, and auditing structured data to ensure search engines and applications interpret site content with 100% accuracy.Effective schema inspection moves beyond simple syntax checks to provide a full audit of your data architecture. By using industry-standard tools like the Schema Markup Validator or Google’s Rich Results Test, operators can extract JSON-LD, Microdata, or RDFa to identify critical errors and missing required properties (such as Price or Availability in Product schemas). This process visualizes complex entity relationships, allowing you to verify that your site’s metadata aligns with Schema.org vocabulary and qualifies for enhanced SERP features like star ratings and breadcrumbs. It is a mandatory step for maintaining data integrity and maximizing SEO visibility across modern search ecosystems.
Related projects
Using custom agents to build IoT firmaware
Seattle
This talk details using Ansible playbooks and agents to build Raspberry Pi firmware for a WiFi CTF lab…
Gotchas while building ChatGPT Apps
Seattle
This talk shares practical lessons and common pitfalls encountered while developing a ChatGPT application designed to assist users…
PRESENT: Voice + Steward Architecture for Real-Time Multi-Agent Meeting Assistant
Seattle
This talk details refactoring a real-time voice assistant from three agents to a two-process voice and steward system…
Quantifying the Unquantifiable: AI Agent That Measures Positioning Clarity
Seattle
This talk details an AI agent built in Claude Projects that quantifies positioning clarity across consistency, focus, and…
Building AI Profit Intelligence for Fabrication Shops
Seattle
Discover how domain expertise in fabrication shops reveals hidden profit patterns missed by existing ERPs, leading to an…
Using Claude Code to X-Ray Claude Code to build a Claude Code Tracking App
Seattle
This talk details building Shinzo, an app to record Claude Code sessions. It covers architecture, usage, and technical…