Skills
AgentSeal Scans 1,808 MCP Servers: 66% Have Security Findings — First Large-Scale Empirical Audit of the MCP Ecosystem
AgentSeal published the first comprehensive empirical security audit of the MCP ecosystem, scanning 1,808 servers discovered across GitHub, npm, PyPI, Smithery, and MCP.run. 66% had at least one security finding. The analysis enumerated every exposed tool, analyzed descriptions and schemas, checked configurations, and ran a full detection pipeline. Notable precedents include a Smithery.ai path traversal that gave root access to 3,243 Fly.io apps, and a LayerX finding that Claude Desktop Extensions run without any sandbox — a single Google Calendar event with embedded instructions could trigger full code execution.
Source
↳ Follow the thread