MCP Security
Understanding MCP server risks, which servers are safe, and the most common vulnerabilities.
Last updated: · 4 questions in this topic · Based on 15,923 rated MCP servers
What is MCP (Model Context Protocol)?
MCP (Model Context Protocol) is an open standard created by Anthropic in late 2024 that lets AI assistants like Claude connect to external tools, data sources, and services through a unified interface. An MCP server exposes capabilities (file access, database queries, API calls, code execution) that an AI agent can invoke during a conversation. MCP is now supported by Claude Desktop, Cursor, Continue, Cline, and other AI clients. The ecosystem has grown to over 15,923 public MCP servers on GitHub, npm, and PyPI, which is why independent security ratings have become essential.
Is it safe to install MCP servers from GitHub?
Not all MCP servers are safe — our scans of 15,923 servers show that 64% are missing proper sandbox configuration and only 1.3% earn a B grade or higher. MCP servers run with significant privileges in the user's environment, so a malicious or poorly-written server can steal credentials, exfiltrate data, or execute arbitrary commands. Before installing any MCP server, check its SpiderRating at spiderrating.com/evaluate or browse pre-scanned servers at spiderrating.com/leaderboard/security. Never install MCP servers from unknown authors without an independent security review.
Which MCP servers are the safest to use?
The safest MCP servers are listed on our Most Secure leaderboard at spiderrating.com/leaderboard/security, ranked by security score. As of March 2026, no MCP server has achieved an A grade (9.0+); the top tier is grade B (7.0–8.9), held by only 211 servers (1.3% of the ecosystem). When choosing a server, prefer ones with B grade or higher, active maintenance (commits within the last 90 days), a clear license, and no critical hard-constraint failures. Our top-rated leaderboard combines security with description quality and metadata health.
What are the most common MCP security risks?
The most common security risk across 15,923 scanned MCP servers is missing sandbox configuration, affecting 64% of servers (10,197 out of 15,923). Other frequent issues include credential/token leakage (4.8%), Server-Side Request Forgery or SSRF (2.2%), child process injection (1.7%), missing input validation (1.6%), and path traversal vulnerabilities (1.5%). Beyond specific code flaws, our research has identified systemic problems: 97% of MCP tools don't tell AI agents when to use them, and 89% lack error-handling guidance. Read more in our State of MCP Security 2026 report.