The Security Landscape for MCP Servers
MCP (Model Context Protocol) servers are becoming a core part of the Claude Code workflow, connecting your AI to databases, APIs, and tools. With 97 million monthly SDK downloads and thousands of community packages on npm, the ecosystem is exploding. But a new security scan of 195 MCP packages reveals that while most are clean, some carry risks you need to check.
The scan found that 36% of packages had at least one security issue, though most were minor. The average security score was a high 96/100, and the official @modelcontextprotocol/* packages from Anthropic scored a perfect 100. However, community packages vary, and one was flagged with ELEVATED risk.
The Red Flags to Watch For
The scanner checks for five critical categories of issues that are directly relevant to Claude Code users who install these servers:
- Install Scripts (Found in 4% of packages):
postinstallorpreinstallhooks that run arbitrary code. This is a classic npm supply chain attack vector. One flagged package,@azure-devops/mcp, had a HIGH-risk preinstall script that modified the npm registry configuration (npm config set registry), which could redirect your future package installs. - Prompt Injection in Tool Descriptions (Found in 0%): The scanner looks for tool descriptions containing phrases like "ignore previous instructions" or system prompt overrides that could jailbreak the agent. None were found in this sample, but it's a check that will become more critical.
- Suspicious URLs (Found in 1 package): References to raw IP addresses (like
127.0.0.1) or known exfiltration endpoints. Combined with other flags, this warrants caution. - Dependency Bloat: Packages with 20+ runtime dependencies have a larger attack surface. The average was a manageable 6.
- Missing Metadata (12% had no license): No repository link means the source code can't be audited, and no license creates legal ambiguity.
How to Scan a Package Before You npm install
You don't have to guess. The researchers have made their scanner free and public via a simple API. Before adding a new MCP server to your claude_desktop_config.json, you can check its security score in seconds.
Run this curl command, replacing package-name with the npm package you're considering:
curl "https://agentscores.xyz/api/scan?npm=package-name"
For example, to check the popular @modelcontextprotocol/servers-sqlite:
curl "https://agentscores.xyz/api/scan?npm=@modelcontextprotocol/servers-sqlite"
The API returns a JSON object with a security score (0-100), a risk level (CRITICAL, HIGH, ELEVATED, GUARDED, LOW), and detailed findings for any issues.
Integrate Scanning Into Your Workflow
This scanner is part of a larger system called KYA (Know Your Agent), which offers six verification checks for AI agents. For Claude Code developers, the npm package scan is the most immediately actionable. You can integrate it into your process in two ways:
- Manual Pre-install Check: Make the curl command a habit before running
npm installor adding a new server to your MCP config. - Use the Official Tools: The project provides npm packages like
mcp-trust-guardandkya-abuse-checkfor programmatic use. Check the GitHub repo for integration examples.
The key takeaway is proactive verification. The MCP ecosystem is currently relatively clean, but its rapid growth makes it a target. A quick scan is a small step that significantly de-risks extending Claude Code's capabilities with third-party servers.
