security

Security

Every MCP risk signal in one place — CVEs, tool safety, drift, naming, licenses. Heuristic: review signals, not verdicts.

Hijack targets: abandoned packages that are widely depended-on AND carry an open CVE — the combination that maximises blast radius if compromised. Ranked by a composite of staleness, incoming dependents, and worst CVE severity. A review signal, not a verdict.