Independent safety audit of the Model Context Protocol server ecosystem · by PulseFeed · updated 2026-07-08 · 1 day(s) of data
80 of 797 MCP servers ship an install/postinstall script — arbitrary code runs on your machine at npm i, before you've even used the tool. Some are legitimate native builds, but each is an unreviewed code-execution vector — and 64 of all audited servers publish no repository to inspect at all. A bad MCP server can read your files, env vars and keys the moment it's connected.
npm servers get deep signals; remote servers get liveness + HTTPS only.
| Server | Verdict | Flags |
|---|---|---|
| ai.alpic.test/test-mcp-server | avoid | unreachable |
| ai.autorfp/mcp | avoid | unreachable |
| ai.boolsai/directory | avoid | unreachable |
| ai.boolsai/grep | avoid | unreachable |
| ai.buyersense/buyersense | avoid | unreachable |
| ai.clarid/compliance | avoid | unreachable |
| ai.com.mcp/hapi-mcp | avoid | unreachable |
| ai.com.mcp/skills-search | avoid | unreachable |
| ai.dynamicfeed/dynamic-feed | avoid | unreachable |
| agentdb | avoid | install_script |
| agentic-flow | avoid | install_script |
| @azure/mcp | avoid | install_script |
We're opening a paid API + CI check: block unsafe MCP servers (install scripts, abandoned, no-provenance) in your pipeline before your team or your agent connects them. Free while in preview — tell us where to send access.
| Date | Audited | Install-script | Avoid | Abandoned |
|---|---|---|---|---|
| 2026-07-08 | 797 | 80 | 89 | 37 |
Methodology: PulseFeed discovers MCP servers from the official MCP registry and npm, then audits each independently — install/postinstall scripts (code execution on install), abandonment, provenance, license, repository, download volume, and liveness for remote servers. Verdict = safe / caution / avoid. This report is generated automatically from that data and updates daily. Install scripts are not inherently malicious (native builds use them) but every one is an unreviewed code-execution vector worth checking. Same independent-audit approach as our x402 trust oracle.
Check any server free: GET /mcp/verify?package=<npm-name> · Machine-readable: /mcp-report.json · Live observatory: /mcp · /llms.txt