We Scanned 17 Popular MCP Servers — Here's What We Found

The Model Context Protocol (MCP) is quickly becoming the standard for connecting AI agents to external tools. Claude Desktop, Cursor, Windsurf, and dozens of other AI apps now support MCP servers as plugins. But here's the problem: nobody is checking if these servers are safe to install. We built Agent Shield , a security scanner for AI agent tools, and used it to audit 17 of the most popular MCP servers — including official ones from Anthropic, AWS, Cloudflare, Docker, Brave, and Azure. The results were eye-opening. TL;DR 17 servers scanned , 4,198 files, 1.2 million lines of code 100% of servers lack proper permission declarations 5 servers (29%) scored as high risk 1 real eval() vulnerability found in Playwright MCP Average security score: 34/100 What We Scanned We selected servers across the MCP ecosystem — from official reference implementations to popular community projects: Tier Servers Official Anthropic's reference servers, AWS MCP Major vendors Cloudflare, Azure, Docker, Brav