Installing an MCP server is running a stranger's code with your agent's permissions. Your shell, your environment variables, your filesystem — and increasingly your agent's own config and memory.
Discovery is the easy part; there are tens of thousands of servers to pick from. Knowing whether the one you just found is safe to run is not. I spent the last few months building a rule-based scanner and grading the entire public catalog — 130,000+ open-source agent skills and MCP servers — to figure out what "vetting" actually looks like at scale.
Here's the short version: four manual checks that catch most bad ones, and the data on why you need them.
Why bother: the risk lives exactly where you least expect it
Three numbers from grading the catalog:






