MCP Observatory
security

Security

Every MCP risk signal in one place — CVEs, tool safety, drift, naming, licenses. Heuristic: review signals, not verdicts.

Static code-analysis findings — hidden prompt content in shipped skill files, committed secrets, dynamic-exec sinks, and suspicious call-home endpoints — across the analyzed catalogue. Heuristic, pure, no code executed; every row deep-links to its source. Click a kind to filter.

analysis coverage38% of 17283 analyzable servers
6275 analyzed
297 re-analysis due
1444 not analyzable
9267 not yet analyzed
711 source gone

Running analyzer v17. The scanner changelog explains what each version detects and when it changed.

committed secrets
  1. haymon-ai/dbmcp 8
  2. @mcp-guardian/server 7
  3. firerpa/lamda 6
  4. jeecgboot/JeecgBoot 6
  5. Aganium/agenium 5
dynamic-exec sinks
  1. 53AI/53AIHub 17
  2. koreainvestment/open-trading-api 13
  3. KevinRabun/judges 10
  4. ruvnet/sublinear-time-solver 10
  5. gnh1201/welsonjs 8
suspicious endpoints
  1. Coff0xc/AutoRedTeam-Orchestrator 13
  2. nirholas/cryptocurrency.cv 10
  3. @mcp-guardian/server 8
  4. manthanghasadiya/mcpsec 8
  5. vbcherepanov/total-agent-memory 8
credentials in logs
  1. gnh1201/welsonjs 4
  2. MCFLAMINGO/gsb-swarm 3
  3. flow-nexus 3
  4. Gammell53/clawwork-mcp 2
  5. Hekkova/hekkova-mcp 2
over-broad OAuth scopes
  1. hith3sh/clawlink 7
  2. @a-bonus/google-docs-mcp 6
  3. gg-mcp 6
  4. juspay/neurolink 6
  5. sanjay3290/ai-skills 6
suspicious bundled scripts
  1. mukul975/Anthropic-Cybersecurity-Skills 36
  2. Leo-Atienza/atlas-claude 10
  3. loki-mode 4
  4. Createya-ai/createya-mcp 2
  5. IgorGanapolsky/mcp-memory-gateway 1
ships skill files
  1. ComposioHQ/awesome-claude-skills 200
  2. ecc-universal 193
  3. event4u-app/agent-config 190
  4. mukul975/Anthropic-Cybersecurity-Skills 184
  5. saajunaid/junai 183
  1. MEDIUM suspicious endpointharness-mcp-v21.2.3.4" {list:{elements:[{cluster:'staging', url:'https://1.2.3.4'}, {cluster:'prod', url:'https://2.3.4.5'}]}}\n" +
    package/build/registry/toolsets/gitops.js:690
  2. MEDIUM suspicious endpoint@askexenow/exe-osapi.telegram.orgconst url = `https://api.telegram.org/bot${botToken}/sendMessage`;
    package/dist/chunk-L4WRH3DL.js:64
  3. MEDIUM suspicious endpoint@askexenow/exe-osapi.telegram.orgconst url = `https://api.telegram.org/bot${botToken}/sendMessage`;
    package/dist/chunk-CEPXBGAS.js:64
  4. MEDIUM suspicious endpointclaude-memapi.telegram.orgconst response = await fetch(`https://api.telegram.org/bot${botToken}/sendMessage`, {
    package/openclaw/src/index.ts:468
  5. MEDIUM suspicious endpointmneme-aiapi.telegram.orgconst tgReach = tgCfg ? await ping(`https://api.telegram.org/bot${tgCfg.token}/getMe`) : null;
    package/dist/commands/live.js:1993
  6. MEDIUM suspicious endpointwallieinformal201/pentest-mcp-server169.254.169.254 (cloud metadata)template: 'http://169.254.169.254/latest/meta-data/',
    wallieinformal201-pentest-mcp-server-4f17ad3/src/data/payloads/ssrf.ts:12
  7. MEDIUM suspicious endpointparallelclaw/memex-mvpapi.telegram.orgconst API_BASE = 'https://api.telegram.org';
    parallelclaw-memex-mvp-1d4cbc5/bot/telegram.js:13
  8. MEDIUM suspicious endpointgautamvarmadatla/mcpsafetywarden169.254.169.254 (cloud metadata)ssrf http://169.254.169.254/latest/meta-data/, http://metadata.google.internal/
    gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/scan/mcpsafety.py:87
  9. MEDIUM suspicious endpointWayforthOfficial/wayforthdiscord.comsvc("Discord Webhooks", "discord_webhooks", "https://discord.com/api/webhooks", "communication",
    WayforthOfficial-wayforth-a2da85a/apps/api/scripts/seed_premium_catalog.py:743
  10. MEDIUM suspicious endpointFentaris/fentarisapi.telegram.orgconst defaultApiBaseUrl = "https://api.telegram.org";
    Fentaris-fentaris-44a0b5b/packages/approval-telegram/src/index.ts:47
  11. MEDIUM suspicious endpointmobilevibe/notification-mcpapi.telegram.orgconst TELEGRAM_API_URL = `https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}`;
    MobileVibe-notification-mcp-43c051a/src/index.ts:29
  12. MEDIUM suspicious endpointmobilevibe/notification-mcpapi.telegram.orgconst TELEGRAM_API_URL = `https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}`;
    MobileVibe-notification-mcp-43c051a/build/index.js:19
  13. MEDIUM suspicious endpointmalamutemayhem/unclickapi.telegram.orgconst TELEGRAM_API_BASE = "https://api.telegram.org";
    package/dist/telegram-tool.js:4
  14. MEDIUM suspicious endpointfalcoschaefer99-eng/muse-brainapi.telegram.orgconst response = await fetch(`https://api.telegram.org/bot${botToken}/${method}`, {
    falcoschaefer99-eng-muse-brain-0dd97da/runner/src/telegram-voice-bridge.ts:90
  15. MEDIUM suspicious endpointfalcoschaefer99-eng/muse-brainapi.telegram.orgconst response = await fetch(`https://api.telegram.org/bot${this.botToken}/sendMessage`, {
    falcoschaefer99-eng-muse-brain-0dd97da/runner/src/notifiers/telegram.ts:42