Skills
MCP Ecosystem Audit: 43% of Public Servers Vulnerable to Command Execution, 341 Malicious Skills Found in Marketplaces
A comprehensive April 2026 security analysis of the MCP ecosystem reveals 43% of public servers vulnerable to command execution, 36.7% vulnerable to SSRF, and 53% using static credentials. Marketplaces host 341 malicious skills designed to steal credentials and execute arbitrary code. Even Anthropic's own Git MCP server had three CVEs disclosed. The research classifies five critical attack vectors: schema poisoning, tool poisoning, rug pulls, cross-server shadowing, and credential theft. For builders: MCP is heading toward the top of financially damaging attack vectors on agentic AI — audit every server before integration.
Source
↳ Follow the thread