MCP Observatory
security

Security

Every MCP risk signal in one place — CVEs, tool safety, drift, naming, licenses. Heuristic: review signals, not verdicts.

Static code-analysis findings — hidden prompt content in shipped skill files, committed secrets, dynamic-exec sinks, and suspicious call-home endpoints — across the analyzed catalogue. Heuristic, pure, no code executed; every row deep-links to its source. Click a kind to filter.

analysis coverage38% of 17283 analyzable servers
6275 analyzed
297 re-analysis due
1444 not analyzable
9267 not yet analyzed
711 source gone

Running analyzer v17. The scanner changelog explains what each version detects and when it changed.

committed secrets
  1. haymon-ai/dbmcp 8
  2. @mcp-guardian/server 7
  3. firerpa/lamda 6
  4. jeecgboot/JeecgBoot 6
  5. Aganium/agenium 5
dynamic-exec sinks
  1. 53AI/53AIHub 17
  2. koreainvestment/open-trading-api 13
  3. KevinRabun/judges 10
  4. ruvnet/sublinear-time-solver 10
  5. gnh1201/welsonjs 8
suspicious endpoints
  1. Coff0xc/AutoRedTeam-Orchestrator 13
  2. nirholas/cryptocurrency.cv 10
  3. @mcp-guardian/server 8
  4. manthanghasadiya/mcpsec 8
  5. vbcherepanov/total-agent-memory 8
credentials in logs
  1. gnh1201/welsonjs 4
  2. MCFLAMINGO/gsb-swarm 3
  3. flow-nexus 3
  4. Gammell53/clawwork-mcp 2
  5. Hekkova/hekkova-mcp 2
over-broad OAuth scopes
  1. hith3sh/clawlink 7
  2. @a-bonus/google-docs-mcp 6
  3. gg-mcp 6
  4. juspay/neurolink 6
  5. sanjay3290/ai-skills 6
suspicious bundled scripts
  1. mukul975/Anthropic-Cybersecurity-Skills 36
  2. Leo-Atienza/atlas-claude 10
  3. loki-mode 4
  4. Createya-ai/createya-mcp 2
  5. IgorGanapolsky/mcp-memory-gateway 1
ships skill files
  1. ComposioHQ/awesome-claude-skills 200
  2. ecc-universal 193
  3. event4u-app/agent-config 190
  4. mukul975/Anthropic-Cybersecurity-Skills 184
  5. saajunaid/junai 183
  1. LOW token-logbrilliant-directories-mcpcredential in logconsole.log(` claude mcp add ${serverName} -- npx -y brilliant-directories-mcp --api-key ${apiKey} --url ${apiUrl}`);
    package/index.js:4704
  2. LOW token-logpokecredential in log`)}catch(r){console.error(r instanceof Error?r.message:"Failed."),process.exit(1)}});Ee.command("tunnel").description("Forward a local port to Poke (start your MCP server separately, then tunnel that
    package/dist/cli.cjs:81
  3. LOW token-logtask-master-aicredential in logContext:`)),t.orgName&&console.log(B.gray(` Organization: ${t.orgName}`)),t.briefName&&console.log(B.gray(` Brief: ${t.briefName}`))),{success:!0,action:`status`,credentials:{token:e?.access_tok
    package/dist/dependency-manager-BJq6jWA5.js:87
  4. LOW token-log@bike4mind/clicredential in logconsole.log(`Expires: ${new Date(authTokens.expiresAt).toLocaleString()}`);
    package/dist/index.mjs:7723
  5. LOW token-logsocialneuron/mcp-servercredential in logconsole.error(` ${pollData.api_key}`);
    socialneuron-mcp-server-2717c9c/src/cli/commands.ts:176
  6. LOW token-logchenyuan35/aineedhelpfromotheraicredential in logif (info.password) console.log(`::add-mask::${info.password}`);
    chenyuan35-aineedhelpfromotherai-3dcc470/scripts/resolve-render-database-url.js:52
  7. LOW token-logkunwarvivek/mcp-github-project-managercredential in logconsole.log(accessToken);
    kunwarVivek-mcp-github-project-manager-1672d4e/scripts/get-github-token.js:46
  8. LOW token-logsmithery-ai/clicredential in logconsole.log(`SMITHERY_API_KEY=${apiKey}`)
    smithery-ai-cli-407ac3b/src/index.ts:485
  9. LOW token-logcline/linear-mcpcredential in logconsole.log(`LINEAR_API_KEY=${process.env.LINEAR_API_KEY}`);
    cline-linear-mcp-023ac90/scripts/get-test-tokens.ts:34
  10. LOW token-logmsfeldstein/mcp-test-serverscredential in logconsole.error(`✅ Token refreshed: new access token expires in ${ACCESS_TOKEN_EXPIRY_SECONDS}s`);
    msfeldstein-mcp-test-servers-6865b0e/src/oauth-token-refresh-server.js:231
  11. LOW token-logfilipecalegario/mcp-server-strateegiacredential in logconsole.log(accessToken);
    filipecalegario-mcp-server-strateegia-c3d97ce/src/debug.ts:55
  12. LOW token-loghenryhaoson/yuque-mcp-servercredential in logLogger.log(`accessToken: ${accessToken}`);
    HenryHaoson-Yuque-MCP-Server-34b696d/src/server.ts:271
  13. LOW token-logtayler-id/social-media-mcpcredential in logconsole.log(`Access Token: ${access_token}`);
    tayler-id-social-media-mcp-7966dc1/scripts/linkedin-oauth.js:192
  14. LOW token-logcpropster/linear-mcp-servercredential in logconsole.log(`LINEAR_ACCESS_TOKEN=${process.env.LINEAR_ACCESS_TOKEN}`);
    cpropster-linear-mcp-server-378458a/scripts/get-test-tokens.ts:34
  15. LOW token-lograkeshgangwar/strava-mcp-servercredential in logconsole.log(`Access Token: ${access_token}`);
    rakeshgangwar-strava-mcp-server-7be8113/get-strava-token.js:62