Independent Report on MCP Server Reliability and Security Findings
The first independent security and reliability report on MCP servers has been published, analyzing data from 2,181 remote MCP server endpoints. The report covers reliability, security, and maintenance metrics gathered through monitoring of publicly accessible endpoints.
Key Findings from the Analysis
- 52% of remote MCP server endpoints are dead
- 300 servers have zero authentication, meaning any agent can connect
- 51% have wide-open CORS (Cross-Origin Resource Sharing) configurations
- The finance category scores lowest on trust despite handling sensitive data
- Only 42% of servers with GitHub repositories have committed code in the last 30 days
Available Resources
The full report with detailed methodology is available at yellowmcp.com/report. Developers can test their own MCP servers using the tool at yellowmcp.com/test.
📖 Read the full source: r/ClaudeAI
👀 See Also
OpenClaw Skill Safety Scanner: 7.6% of 31,371 Skills Flagged as Dangerous
A developer built a tool that scanned the entire ClawHub registry and found 2,371 out of 31,371 skills contain dangerous patterns like wallet drainers, credential theft, and prompt injection. The tool provides API access and badges for checking skills before installation.
OpenClaw Security Breach: 42,000 Instances Exposed
OpenClaw experienced a significant security failure exposing 42,000 instances with 341 malicious skills. The rapid response involved creating AgentVault, a security proxy.
Domain-Camouflaged Injection Attacks Evade Detectors in Multi-Agent LLM Systems
A new paper shows injection payloads tailored to domain vocabulary evade detection, dropping IDR from 93.8% to 9.7%. Multi-agent debate amplifies attacks. Llama Guard 3 detects zero payloads.
Security Audit Experiment Shows AI Agent Performance Depends on Knowledge Access
A developer ran three security audits on the same Next.js codebase using different AI approaches: Claude Code's built-in review found 1 critical, 6 high, 13 medium issues; an AI agent without extra context found 1 critical, 5 high, 14 medium; an AI agent with 10 professional security books found 8 critical, 9 high, 10 medium issues.