We're running free security audits of popular MCP servers. The official MCP registry server scored 17/100 (F) with findings across 7 tools.
Given this repo's role as the canonical registry for the ecosystem, flagging this explicitly.
Breakdown by category:
| Category |
Grade |
| Validation |
F |
| Auth |
B |
| Hallucination |
varies by tool |
The main findings are structural:
- No input schema validation on most tools. Parameters accept arbitrary strings with no constraints.
- No authentication layer detected. Any agent can call any tool.
- Tool descriptions don't specify scope boundaries, which means LLMs will assume the broadest possible interpretation of what each tool can access.
These are the same patterns we see across 72% of the ecosystem. The difference is that this server serves as a reference point for community implementations, so fixing these here has outsized downstream impact.
Full results: https://agentsid.dev/registry
Scanner is open source: npx @agentsid/scanner
We're running free security audits of popular MCP servers. The official MCP registry server scored 17/100 (F) with findings across 7 tools.
Given this repo's role as the canonical registry for the ecosystem, flagging this explicitly.
Breakdown by category:
The main findings are structural:
These are the same patterns we see across 72% of the ecosystem. The difference is that this server serves as a reference point for community implementations, so fixing these here has outsized downstream impact.
Full results: https://agentsid.dev/registry
Scanner is open source:
npx @agentsid/scanner