Report · 2026
The State of MCP Security
We audited 244 Model Context Protocol servers (207 repositories + 37 live endpoints) against the OWASP MCP Top 10. Your agent trusts every one of them. It shouldn't.
46%
score D or F
68
average score / 100
59
failing outright (29%)
244
servers audited
Grade distribution
A
46 · 22%
B
32 · 15%
C
33 · 16%
D
37 · 18%
F
59 · 29%
Popular ≠ safe
The most-starred MCP servers that still score C or below. Stars measure hype, not safety.
| modelcontextprotocol/servers | ★ 88k | 71C |
| mastra-ai/mastra | ★ 26k | 75C |
| elie222/inbox-zero | ★ 12k | 75C |
| browsermcp/mcp | ★ 6.8k | 66D |
| 21st-dev/magic-mcp | ★ 5.3k | 57D |
| financial-datasets/mcp-server | ★ 2.2k | 60D |
| nottelabs/notte | ★ 2.0k | 73C |
| Azure/azure-mcp | ★ 1.2k | 54F |
Worst offenders
| openfort-xyz/mcp | ★ 3 | 3F |
| routineco/mcp-server | ★ 3 | 9F |
| 4everland/4everland-hosting-mcp | ★ 3 | 9F |
| riza-io/riza-mcp | ★ 12 | 12F |
| digma-ai/digma-mcp-server | ★ 11 | 12F |
| aws-powertools/powertools-mcp | ★ 42 | 13F |
| apimatic/apimatic-validator-mcp | ★ 7 | 16F |
| Adfin-Engineering/mcp-server-adfin | ★ 9 | 16F |
Don't ship on a bad score.
Audit any MCP server free, then protect every call to it in real time — cache reads (30–60% off your Claude bill) and block injection / exfiltration / secret leaks with the mcpizy proxy.
Audit a server →❯ npx mcpizy proxy install
Methodology: each server is probed and scored 0–100 against the OWASP MCP Top 10 (security, token cost, tool design, compliance, reliability). Repos are scored on repository quality (maintenance, license, adoption, docs). Data refreshes hourly · 207 repos + 37 endpoints · browse the full directory.