MCP Observatory
security

Security

Every MCP risk signal in one place — CVEs, tool safety, drift, naming, licenses. Heuristic: review signals, not verdicts.

Capability drift: a tracked server gaining a permission, adding/removing a tool, rewriting a description, or losing verified status between captures — a review signal, not a verdict.

  1. HIGH Builder106/Halberdcode analysis flagged committed secret in Builder106/Halberd
  2. HIGH firerpa/lamdacode analysis flagged committed secret ×6, dynamic code execution ×2 in firerpa/lamda
  3. HIGH lastmile-ai/mcp-agentcode analysis flagged dynamic code execution ×4 in lastmile-ai/mcp-agent
  4. HIGH 0x4m4/hexstrike-aicode analysis flagged dynamic code execution in 0x4m4/hexstrike-ai
  5. HIGH mukul975/Anthropic-Cybersecurity-Skillscode analysis flagged hidden prompt content ×11, committed secret, dynamic code execution ×2 in mukul975/Anthropic-Cybersecurity-Skills
  6. HIGH flipped-aurora/gin-vue-admincode analysis flagged committed secret ×2 in flipped-aurora/gin-vue-admin
  7. HIGH jeecgboot/JeecgBootcode analysis flagged committed secret ×6, dynamic code execution ×8 in jeecgboot/JeecgBoot
  8. HIGH evilsocket/nervecode analysis flagged dynamic code execution ×7 in evilsocket/nerve
  9. HIGH koreainvestment/open-trading-apicode analysis flagged committed secret, dynamic code execution ×13 in koreainvestment/open-trading-api
  10. HIGH Eronred/aso-skillscode analysis flagged hidden prompt content in Eronred/aso-skills
  11. HIGH universal-tool-calling-protocol/code-modecode analysis flagged dynamic code execution ×2 in universal-tool-calling-protocol/code-mode
  12. HIGH skernelx/tavily-key-generatorcode analysis flagged dynamic code execution in skernelx/tavily-key-generator
  13. HIGH lorryjovens-hub/claude-code-rustcode analysis flagged committed secret ×3 in lorryjovens-hub/claude-code-rust
  14. HIGH szczyglis-dev/py-gptcode analysis flagged dynamic code execution in szczyglis-dev/py-gpt
  15. HIGH superglue-ai/supergluecode analysis flagged dynamic code execution ×6 in superglue-ai/superglue
  16. HIGH heshengtao/comfyui_LLM_partycode analysis flagged hidden prompt content ×2, dynamic code execution ×2 in heshengtao/comfyui_LLM_party
  17. HIGH Jpisnice/shadcn-ui-mcp-servercode analysis flagged dynamic code execution in Jpisnice/shadcn-ui-mcp-server
  18. HIGH parcadei/Continuous-Claude-v3code analysis flagged dynamic code execution ×6 in parcadei/Continuous-Claude-v3
  19. HIGH joeseesun/qiaomu-anything-to-notebooklmcode analysis flagged dynamic code execution in joeseesun/qiaomu-anything-to-notebooklm
  20. HIGH 53AI/53AIHubcode analysis flagged committed secret ×4, dynamic code execution ×17 in 53AI/53AIHub
  21. HIGH cporter202/API-mega-listcode analysis flagged hidden prompt content ×3 in cporter202/API-mega-list
  22. HIGH sultannaufal/puppeteer-mcp-servercode analysis flagged dynamic code execution in sultannaufal/puppeteer-mcp-server
  23. HIGH shaharia-lab/mcp-frontendcode analysis flagged committed secret in shaharia-lab/mcp-frontend
  24. HIGH Galbaz1/video-research-mcpcode analysis flagged hidden prompt content ×2 in Galbaz1/video-research-mcp
  25. HIGH capiscio/a2a-demoscode analysis flagged dynamic code execution in capiscio/a2a-demos