MCPSafe.io
RegistryThreatsMethodologyDocsPricingScanSign in
⌘K
  • Getting Started
  • Quickstart

API Reference

  • Overview
  • POST /scan
  • GET /scan/:id
  • Private scans
  • Team & billing

Integrations

  • GitHub Actions
  • Cursor
  • Claude Code

Concepts

  • AIVSS Scoring
  • Findings
  • Severity Levels
  • CLI
  • Troubleshooting
  • FAQ
⌘K
MCPSafe.io

Security checks for MCP servers — public packages and private repos, fast or deep.

Legal

Privacy PolicyCookie PolicyTerms of ServiceSecurity disclosure

Resources

State of MCP SecuritySupportSystem statusMade in Germany 🇩🇪

© 2026 MCPSafe. All rights reserved.

GDPR — Privacy Policy

Severity Levels

How MCPSafe defines and uses critical, high, medium, and low severity.

Every finding is assigned one of four severity levels. Severity is a label set by the rule author — it feeds into the AIVSS calculation but is not derived from AIVSS.

Severity definitions

LevelColorMeaning
CriticalRedExploitable without preconditions. Immediate risk of data theft, code execution, or credential compromise.
HighOrangeSignificant risk requiring specific conditions to exploit.
MediumYellowNotable issue that increases attack surface.
LowGreenInformational. Best-practice violations or minor code hygiene issues that have limited exploitability.

The actual AIVSS score for a finding combines severity with category, threat multiplier, and the AARS (Agentic AI Risk Score) factors — see AIVSS Scoring for the formula. Two findings with the same severity can have different AIVSS scores depending on their category.

How severity affects the grade

The package-level grade is derived from the highest finding's AIVSS score, not severity directly. In practice this means:

Worst finding's AIVSSResulting grade
≥ 9.0 (typical for critical)F
7.0 – 8.9 (typical for high)D
4.0 – 6.9 (typical for medium)C
2.0 – 3.9B
< 2.0 (or no findings)A

Severity in the API response

The severity_distribution object gives a count per level:

{
  "severity_distribution": {
    "critical": 0,
    "high": 1,
    "medium": 2,
    "low": 3
  }
}

Use this for quick pass/fail gates in CI without parsing the full findings array:

CRITICAL=$(curl -s https://api.mcpsafe.io/scan/$SCAN_ID \
  | jq '.severity_distribution.critical')
 
[ "$CRITICAL" -gt 0 ] && echo "FAIL: critical findings" && exit 1

Severity vs AIVSS score

Severity is a bucketed label; AIVSS is the continuous underlying score. Two "high" findings may have AIVSS scores of 7.1 and 8.8 — both are "high" but the 8.8 finding is much more dangerous.

When building automated gates, use the aivss_score field from individual findings for precise thresholds, not just the severity label.

⚠

Don't ignore medium findings

Medium findings are commonly dismissed as low priority. In MCP servers they are not — a medium-severity deceptive description can silently redirect an AI agent to perform actions the user never intended.

←PreviousFindingsNextCLI→