State of MCP Security · 2026-07-15

Snapshot of the MCP server ecosystem as of 2026-07-15 · by PulseFeed · see the live report →

922▲125
servers audited
626▲88
safe to install
110▲21
avoid (12%)

Headline: how many run code the moment you install them?

11%▲21

101 of 922 MCP servers ship an install/postinstall script — arbitrary code runs on your machine at npm i, before you've even used the tool. Some are legitimate native builds, but each is an unreviewed code-execution vector — and 84 of all audited servers publish no repository to inspect at all. A bad MCP server can read your files, env vars and keys the moment it's connected.

Install-script exposure over time

101 80 101 07-0807-1107-15

Verdicts

safe
626
caution
181
avoid
110
unknown
5

npm servers get deep signals; remote servers get liveness + HTTPS only.

Top safety flags

Servers to avoid (sample)

ServerVerdictFlags
ai.alpic.test/test-mcp-serveravoidunreachable
ai.autorfp/mcpavoidunreachable
ai.boolsai/directoryavoidunreachable
ai.boolsai/grepavoidunreachable
ai.buyersense/buyersenseavoidunreachable
ai.clarid/complianceavoidunreachable
ai.com.mcp/hapi-mcpavoidunreachable
ai.com.mcp/skills-searchavoidunreachable
ai.dynamicfeed/dynamic-feedavoidunreachable
agentdbavoidinstall_script
agentic-flowavoidinstall_script
@azure/mcpavoidinstall_script

Daily archive

DateAuditedInstall-scriptAvoidAbandoned
2026-07-1592210111040
2026-07-148849710639
2026-07-13863909939
2026-07-12853889739
2026-07-11850889739
2026-07-10846889739
2026-07-09838859439
2026-07-08797808937

Methodology: PulseFeed discovers MCP servers from the official MCP registry and npm, then audits each independently — install/postinstall scripts (code execution on install), abandonment, provenance, license, repository, download volume, and liveness for remote servers. Verdict = safe / caution / avoid. This report is generated automatically from that data and updates daily. Install scripts are not inherently malicious (native builds use them) but every one is an unreviewed code-execution vector worth checking. Same independent-audit approach as our x402 trust oracle.
Check any server free: GET /mcp/verify?package=<npm-name> · Machine-readable: /mcp-report.json · Live observatory: /mcp · /llms.txt