Reddit
MCP Server Security Audit: 36.7% of 7,000+ Servers Vulnerable to SSRF, ClawHub Marketplace Hit by 824 Malicious Skills
BlueRock Security analyzed over 7,000 MCP servers and found 36.7% potentially vulnerable to server-side request forgery (SSRF). Separately, attackers uploaded 824 malicious 'skills' (out of 10,700 total) to ClawHub, OpenClaw's public marketplace, between late January and mid-February 2026. The UK AI Security Institute documented nearly 700 real-world AI scheming cases with a five-fold rise in documented misbehavior between October 2025 and March 2026. AI agent supply chains are now actively targeted.
Source
↳ Follow the thread