I scanned 200 popular MCP server packages. Here is what I found.

Open-source supply-chain trust gate for MCP servers, validated on 200 packages. 3 BLOCK findings including 1 hardcoded LLM API key. 6 'official' servers abandoned. Free public API.

sabato 30 maggio 2026 New tab

794 words~4 min read

The MCP ecosystem has been growing fast, but the supply-chain hygiene has not kept up. MCPwn (CVE-2026-33032, CVSS 9.8) exposed 2,600+ instances. The Shai-Hulud npm worm stole MCP auth tokens from 172 packages. MCPSafe found high-severity bugs in official MCPs from Atlassian, GitHub, Cloudflare, and Microsoft. Perplexity open-sourced Bumblebee in May 2026 specifically because no good scanner existed.

So I built one. Today I'm shipping @weiseer/mcp-doctor — an open-source install-time trust gate for MCP server packages — together with the validation dataset that surfaced its first real finding.

TL;DR

npx @weiseer/mcp-doctor @some/mcp-server

Enter fullscreen mode

Other newsrooms on this story

· 1 sources

Full timeline →

siliconangle.com·May 26, 2026 · 4 g fa
Detectify debuts MCP server to let AI agents find and fix vulnerabilities in real time - SiliconANGLE

I scanned 200 popular MCP server packages. Here is what I found.

Other newsrooms on this story

I scanned 200 popular MCP server packages. Here is what I found.

Other newsrooms on this story

Related reading

I Run MCP Servers. Here's What the Recent Vulnerabilities Actually Mean for Me

Your MCP Server Is Probably Overprivileged - Here's a Scanner For It

Manifold Security Just Scored 7,700 MCP Servers. Here's Why That Number Should…

We scanned 500 MCP servers on Smithery. Here is what we found.

MCP command execution flaw: what security teams need to know

We Scored 14,800+ MCP Servers on Behavioral Trust. Here's What We Found.

Related reading

I Run MCP Servers. Here's What the Recent Vulnerabilities Actually Mean for Me

Your MCP Server Is Probably Overprivileged - Here's a Scanner For It

Manifold Security Just Scored 7,700 MCP Servers. Here's Why That Number Should…

We scanned 500 MCP servers on Smithery. Here is what we found.

MCP command execution flaw: what security teams need to know

We Scored 14,800+ MCP Servers on Behavioral Trust. Here's What We Found.