MCPSafe.io
RegistryThreatsMethodologyDocsPricingScanSign in
MCPSafe.io

Security checks for MCP servers — public packages and private repos, fast or deep.

Legal

Privacy PolicyCookie PolicyTerms of ServiceSecurity disclosure

Resources

State of MCP SecuritySupportSystem statusMade in Germany 🇩🇪

© 2026 MCPSafe. All rights reserved.

GDPR — Privacy Policy

Public dashboard · Last refresh 46m ago

The State of MCP Security

Live numbers from MCPSafe’s scan cache. Updated every few minutes as new servers are scanned.

Packages scanned

507

Graded A or B

371

73% of catalog

Graded D or F

2

0% of catalog

Total findings

5,393

across latest scans

Grade distribution

507
  • A99(20%)
  • B272(54%)
  • C
134
(26%)
  • D1(0%)
  • F1(0%)
  • Top finding categories

    • server configuration
      2,717
    • readiness
      2,619
    • verbose errors
      1,212
    • resource exhaustion
      651
    • ansi escape injection
      271
    • data exfiltration
      186
    • behavioral mismatch
      138
    • xxe
      104
    • insecure container image
      67
    • vulnerable dependency
      36

    Top MCP packages

    Most popular

    Ranked by GitHub stars.

    1. 1.Bpunkpeye/awesome-mcp-servers90,254 ★
    2. 2.Cupstash/context758,549 ★
    3. 3.Cgithub:github/github-mcp-server@1add5fe2310430,137 ★
    4. 4.Dgithub:modelcontextprotocol/python-sdk@e8e64842781c23,113 ★
    5. 5.Btadata-org/fastapi_mcp11,936 ★
    6. 6.Dgithub:LaurieWired/GhidraMCP@27f316f801398,965 ★
    7. 7.Bwong2/awesome-mcp-servers4,193 ★
    8. 8.Dcloudflare/mcp-server-cloudflare3,915 ★
    9. 9.Cdomdomegg/airtable-mcp-server449 ★
    10. 10.Dgithub:veithly/ssh-client-mcp@99258b2feb192 ★

    Highest rated

    A-graded packages, ranked by safety score.

    1. 1.Avercel-labs/mcp-for-next.jsscore 96
    2. 2.Amcp/fetchscore 88
    3. 3.Adocker:mcp/fetch:latestscore 88

    By package source

    How the catalog splits across npm, PyPI, GitHub, and Docker Hub — and which source ships the safest MCP servers on average.

    PyPI

    86%

    435

    scanned

    Avg score
    80.6
    Graded A/B
    319 (73%)
    Graded D/F
    0
    Findings
    4,291

    GitHub

    12%

    63

    scanned

    Avg score
    79.6
    Graded A/B
    45 (71%)
    Graded D/F
    1
    Findings
    1,034

    npm

    2%

    9

    scanned

    Avg score
    78.7
    Graded A/B
    7 (78%)
    Graded D/F
    1
    Findings
    68

    Top publishers

    • crunchtools
      3
    • luminarylane
      1
    • Asyboi
      1
    • TecniForge
      1
    • Steffd415
      1
    • khurram-uworx
      1
    • URL42
      1
    • AzizBenMallouk
      1
    • CocoRoF
      1
    • arun250492
      1

    Notable recent findings

    Packages flagged for high risk on their most recent scan. “Flagged” means our rules found issues worth a human review — not that the package is malicious.

    • ax-bi

      C

      github · score 38 · 25 findings

      Run a fresh deep scan

    Subscribe

    Get the monthly State of MCP Security in your inbox.

    One email per month. Quotable stats, new threat patterns, and the packages worth watching. Unsubscribe anytime.

    Share:X / TwitterLinkedIn

    How these numbers are built

    • Every counter is derived from the most recent scan of each package in our cache. Older scans do not double-count.
    • Grade distribution uses the same A–F scale shown on the scan report. See /threats for the detection categories behind each finding.
    • Top publishers are inferred from GitHub package URLs (the owner in github.com/owner/repo). Packages from npm, PyPI, and Docker don’t count here today.
    • Browse the full catalog from the registry.

    Frequently asked

    What is an MCP server?+
    Model Context Protocol (MCP) servers expose tools, resources, and prompts to AI agents. They sit between an LLM and an underlying system — your filesystem, a database, an API — and execute privileged actions on the agent's behalf, which makes their security profile materially different from a typical web service.
    Where does this data come from?+
    Every counter is derived from the most recent MCPSafe scan of each public MCP server in our cache. Older scans don't double-count. Findings are produced by the same rule engine that powers individual scan reports — see our methodology page for the rubric.
    How is the safety grade calculated?+
    Each server gets a 0-100 safety score that combines static analysis findings, supply-chain signals (typosquatting, CVEs), permission and network posture, and LLM-judged behavioral risks. Scores map to A through F bands. The full scoring rubric is published — we don't keep it secret.
    How often is this dashboard updated?+
    The dashboard re-reads its source-of-truth aggregate every few minutes. Individual server scans are re-run when their version changes, when a new rule ships, or on demand from the public registry.
    Can I scan a private MCP server?+
    Public scans are free and require no account. Private repository scanning is available on paid plans — see the pricing page for details.
    Can I cite or embed this data?+
    Yes — the dataset is intended to be quoted in research, blog posts, and security write-ups. Please link back to this page and credit MCPSafe. An embeddable widget for partner sites is on the roadmap.