MCP Observatory
security

Security

Every MCP risk signal in one place — CVEs, tool safety, drift, naming, licenses. Heuristic: review signals, not verdicts.

Static code-analysis findings — hidden prompt content in shipped skill files, committed secrets, dynamic-exec sinks, and suspicious call-home endpoints — across the analyzed catalogue. Heuristic, pure, no code executed; every row deep-links to its source. Click a kind to filter.

analysis coverage38% of 17283 analyzable servers
6275 analyzed
297 re-analysis due
1444 not analyzable
9267 not yet analyzed
711 source gone

Running analyzer v17. The scanner changelog explains what each version detects and when it changed.

committed secrets
  1. haymon-ai/dbmcp 8
  2. @mcp-guardian/server 7
  3. firerpa/lamda 6
  4. jeecgboot/JeecgBoot 6
  5. Aganium/agenium 5
dynamic-exec sinks
  1. 53AI/53AIHub 17
  2. koreainvestment/open-trading-api 13
  3. KevinRabun/judges 10
  4. ruvnet/sublinear-time-solver 10
  5. gnh1201/welsonjs 8
suspicious endpoints
  1. Coff0xc/AutoRedTeam-Orchestrator 13
  2. nirholas/cryptocurrency.cv 10
  3. @mcp-guardian/server 8
  4. manthanghasadiya/mcpsec 8
  5. vbcherepanov/total-agent-memory 8
credentials in logs
  1. gnh1201/welsonjs 4
  2. MCFLAMINGO/gsb-swarm 3
  3. flow-nexus 3
  4. Gammell53/clawwork-mcp 2
  5. Hekkova/hekkova-mcp 2
over-broad OAuth scopes
  1. hith3sh/clawlink 7
  2. @a-bonus/google-docs-mcp 6
  3. gg-mcp 6
  4. juspay/neurolink 6
  5. sanjay3290/ai-skills 6
suspicious bundled scripts
  1. mukul975/Anthropic-Cybersecurity-Skills 36
  2. Leo-Atienza/atlas-claude 10
  3. loki-mode 4
  4. Createya-ai/createya-mcp 2
  5. IgorGanapolsky/mcp-memory-gateway 1
ships skill files
  1. ComposioHQ/awesome-claude-skills 200
  2. ecc-universal 193
  3. event4u-app/agent-config 190
  4. mukul975/Anthropic-Cybersecurity-Skills 184
  5. saajunaid/junai 183
  1. LOW skill fileclaude-all-configskill
    package/skills/writing-skills/SKILL.md
  2. LOW skill fileclaude-all-configskill
    package/skills/writing-plans/SKILL.md
  3. LOW skill fileclaude-all-configskill
    package/skills/whatsapp-business-platform/SKILL.md
  4. LOW skill fileclaude-all-configskill
    package/skills/verification-before-completion/SKILL.md
  5. LOW skill fileclaude-all-configskill
    package/skills/using-superpowers/SKILL.md
  6. LOW skill fileclaude-all-configskill
    package/skills/using-git-worktrees/SKILL.md
  7. LOW skill fileclaude-all-configskill
    package/skills/ui-ux-review/SKILL.md
  8. LOW skill fileclaude-all-configskill
    package/skills/ui-ux-pro-max/SKILL.md
  9. LOW skill fileclaude-all-configskill
    package/skills/threat-detection/SKILL.md
  10. LOW skill fileclaude-all-configskill
    package/skills/testing-skills-with-subagents/SKILL.md
  11. LOW skill fileclaude-all-configskill
    package/skills/testing-anti-patterns/SKILL.md
  12. LOW skill fileclaude-all-configskill
    package/skills/test-driven-development/SKILL.md
  13. LOW skill fileclaude-all-configskill
    package/skills/terraform-patterns/SKILL.md
  14. LOW skill fileclaude-all-configskill
    package/skills/tech-stack-authority/SKILL.md
  15. LOW skill fileclaude-all-configskill
    package/skills/tech-debt-hunter/SKILL.md