Scanning Public MCP Servers for Security Vulnerabilities
The author built an open-source scanner called MCPWatch that runs security checks on public MCP (Minecraft Protocol) servers and publishes a daily leaderboard. The scanner found critical vulnerabilities in a large fraction of popular MCP servers.
Why it matters
The MCP ecosystem has seen a significant number of security vulnerabilities, highlighting the need for continuous monitoring and transparency around the security posture of public MCP servers.
Key Points
- 1MCPWatch scans public MCP servers for 10 OWASP-aligned security issues like command injection, path traversal, and unauthorized mutation
- 2The scanner found critical vulnerabilities in 30 CVEs across MCP implementations, with 4 being rated as critical (CVSS 7.3-9.6)
- 343% of scanned MCP servers have command injection risk and 82% have path traversal risk, but there is no public registry to identify safe servers
- 4MCPWatch has four components: a scanner, a crawler, a public dashboard, and a future enterprise API
Details
The author built MCPWatch, an open-source scanner that runs 10 pattern-based security checks derived from the draft OWASP MCP Top 10 on every public MCP server hosted on GitHub. The scanner checks for issues like command injection, path traversal, unauthorized mutation, prompt injection, SSRF, and secret leakage. It produces a 0-100 score and A-F letter grade for each server. The author ran the scanner on GitHub's MCP servers and found that a large fraction have critical vulnerabilities, including a GitHub MCP project that leaked private repository data. Despite these issues, there is currently no continuously updated public registry to inform developers which MCP servers are safe to install. The author plans to add AST-level taint analysis in a future version and is seeking contributions for new checks, especially Python-specific rules.
No comments yet
Be the first to comment