State of MCP Security 2026: We Scanned 15,923 AI Tools. Here's What We Found.

We scanned every publicly available MCP server and OpenClaw skill — 15,923 in total . Here's the complete security landscape of the AI tool ecosystem. TL;DR : 36% of MCP servers scored F (failing). 42 skills confirmed malicious (0.4%), with 552 initially flagged. Token leakage is the #1 vulnerability, found in 757 servers. Only 2% earned a B grade or higher. The Dataset SpiderRating analyzed 15,923 AI tools across two ecosystems: 5,725 MCP servers (Model Context Protocol — the standard for connecting AI agents to external tools) 10,198 OpenClaw/ClawHub skills (agent behavior definitions for Claude, Cursor, Windsurf) Each tool was rated on three dimensions: Description Quality, Security, and Metadata — combined into a SpiderScore (0-10) and letter grade (A-F). This is the largest independent security analysis of the MCP/AI tool ecosystem to date. Key Findings 1. Most AI Tools Are Mediocre — Only 2% Score B or Higher Grade MCP Servers Skills What It Means A (9.0+) 0 (0%) 0 (0%) No tool m