We scanned 500 MCP servers on Smithery. Here is what we found.
A security scan of 500 servers on the MCP registry Smithery revealed that 15.3% of them contained security vulnerabilities. These findings include critical issues like file-disguise vectors and tool description injections, with one in six servers exhibiting toxic flows that form complete attack paths. Notably, some well-known services such as Slack, Google Sheets, and AWS documentation were found to have high-severity issues, indicating that even actively maintained and recognizable servers are not immune to these security risks. AI
IMPACT Highlights critical security risks in AI agent development tools, potentially impacting enterprise adoption and agent security practices.