Is it safe to install MCP servers from GitHub?

Last updated: · Based on 15,923 rated MCP servers

Not all MCP servers are safe — our scans of 15,923 servers show that 64% are missing proper sandbox configuration and only 1.3% earn a B grade or higher. MCP servers run with significant privileges in the user's environment, so a malicious or poorly-written server can steal credentials, exfiltrate data, or execute arbitrary commands. Before installing any MCP server, check its SpiderRating at spiderrating.com/evaluate or browse pre-scanned servers at spiderrating.com/leaderboard/security. Never install MCP servers from unknown authors without an independent security review.

← All FAQsMore in MCP SecurityStill stuck? Contact us