I Scanned 13 Popular MCP Servers. Here's What I Found. 🔐

mcp-fortress — Tue, 25 Nov 2025 20:51:09 +0000

Model Context Protocol (MCP) servers are becoming essential tools for AI workflows. But with great power comes great security risk.

I just finished scanning 13 of the most popular MCP servers using mcp-fortress, an open-source security scanner I built for the MCP ecosystem.

Here's what every MCP user needs to know.

🚨 The First Malicious MCP Server

Before I even started scanning, security researchers at Semgrep and Snyk discovered postmark-mcp - the first confirmed malicious MCP server on npm.

What it did: Added a hidden BCC to all emails sent through AI agents, silently harvesting every email.

Why it matters: This proves MCP servers are already being weaponized. It won't be the last.

📊 What I Scanned

I scanned 13 packages including:

Official Anthropic Servers:

@modelcontextprotocol/server-filesystem
@modelcontextprotocol/server-puppeteer
@modelcontextprotocol/server-github
@modelcontextprotocol/server-slack
...and more

Popular Third-Party Servers:

mcp-framework (80+ projects depend on it)
mcp-use (complete MCP framework)
@contentful/mcp-server
...and more

✅ The Good News

All official @modelcontextprotocol servers are exceptionally secure:

0 CVEs found
Minimal dependencies (<15 for most)
No suspicious patterns
Regular updates

Verdict: Trust and use official servers with confidence.

⚠️ The Concerning Patterns

Undisclosed Telemetry

mcp-use makes 6 external network requests to:

PostHog (analytics)
Langfuse (LLM tracking)
Scarf (package analytics)
Vendor cloud

Issue: Not disclosed in documentation. Users should know their AI interactions are being tracked.

Dependency Risk

Package	Dependencies	Risk
mcp-use	47	Medium
@modelcontextprotocol/sdk	37	Low
mcp-framework	27	Low

More dependencies = more supply chain attack surface.

🛡️ How to Protect Yourself

1. Scan Before Installing

# Quick scan
npx mcp-fortress scan @modelcontextprotocol/server-github

# Install tool
npm install -g mcp-fortress

2. Check These Red Flags

🚩 Published < 1 week ago
🚩 0 downloads or GitHub stars
🚩 No source code repository
🚩 Typosquatting names
🚩 300+ dependencies
🚩 Undisclosed external requests

3. Use Sandbox Environments

Test new MCP servers in isolated VMs/containers before giving production access.

🎯 Key Takeaways

Official servers are safe - use them with confidence
Third-party servers need scrutiny - scan before installing
Malicious servers exist - postmark-mcp proves this
Always scan packages - npx mcp-fortress scan <package>

🌐 What Needs to Happen

The MCP ecosystem needs:

Security guidelines for developers
Vetting process for popular servers
Transparency requirements (disclose telemetry)
Built-in scanning in Claude Desktop, Cursor, etc.

We're in the "npm 10 years ago" phase. Let's not repeat the same security mistakes.

🏰 About MCP Fortress

mcp-fortress is a free, open-source security scanner for MCP servers that works three ways:

1️⃣ CLI Tool

npm install -g mcp-fortress
mcp-fortress scan @modelcontextprotocol/server-github

2️⃣ MCP Server (Scan from Claude Desktop)

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "mcp-fortress": {
      "command": "mcp-fortress",
      "args": ["serve-mcp"]
    }
  }
}

Now you can ask Claude: "Scan the puppeteer MCP server for vulnerabilities"

3️⃣ Claude Code Plugin

Install the MCP Fortress plugin in Claude Code to scan MCP servers directly from your coding environment.

Features:

✅ Scans for CVEs via OSV database
✅ Detects dangerous code patterns (eval, exec, etc.)
✅ Finds undisclosed external requests
✅ Analyzes dependency risks
✅ Scores security risk
✅ Detects prompt injection attempts
✅ Identifies tool poisoning

Use it however you want:

CLI: Quick terminal scans
MCP Server: Integrate into your AI workflow
Claude Code Plugin: Scan while you code

Links:

GitHub: https://github.com/mcp-fortress/mcp-fortress
npm: https://www.npmjs.com/package/mcp-fortress
MCP Registry: https://registry.modelcontextprotocol.io
Smithery (Remote): https://smithery.ai/server/@mcp-fortress/mcp-fortress-server

What do you think about MCP security? Share your thoughts in the comments!

If you found this valuable, star the repo and spread the word. Security is a team sport.

Forem: mcp-fortress