Public servers scanned
Have critical vulnerabilities
MCP makes building easy. That doesn’t make it safe.
MCP servers have become the standard for how agents execute tools. Organizations are replacing exposed API services with outcome-oriented MCP tools to accelerate agentic development.
But MCP servers are simple to build — and that simplicity masks real security gaps. Last month, BlueRock published research showing how an unbounded URI call in Microsoft’s Markitdown MCP server (86,000+ stars) could take over cloud infrastructure by fetching instance metadata credentials.
Our analysis of 9,000+ public MCP servers found 36.7% have the same vulnerability.
The gap isn’t intent — it’s visibility. Teams want to build the right way. They need the tools to verify it.
The MCP Trust Registry scanned 9,000+ MCP servers.
Here's what we found:
of MCP servers have critical vulnerabilities
Nearly 1 in 10 servers your agents touch are compromised.
of MCP servers have command injection flaws
Happens below the gateway layer.
MCP servers are vulnerable to SSRF
One request to reach your internal network.
See the MCP Trust Registry in Action
Understand how BlueRock evaluates MCP servers for security risks.
What You Get in Every MCP Trust Scan Result
Risk rating: Low, Medium, High, or Critical with severity rationale.
Deep findings: Impacted rules and vulnerability explanations.
Tool inventory: Every tool exposed by the server, including destructive operations.
Rescan on release changes, full trend view.
Developer + admin steps.
Scan any MCP server. Public or yours.
Browse the Public Registry
Search 9,000+ public MCP server builds. See risk ratings, vulnerability details, and remediation guidance before you connect a server to your agent.
Submit Your Own Build
Most enterprise MCP adoption is internal. Submit your private repo for the same 22-rule analysis. Get a full security report with code-level findings your team can act on immediately.
Same analysis. Same rules. Same remediation guidance — whether the repo is public or yours.
Request Private MCP Server Repository Scan
Choose safe MCP servers and tools before you connect.
What the Trust Registry Evaluates
22 security rules. Code-level evidence.
Exposure & Authentication
Unrestricted endpoints
Unsafe token/secret handling
Missing scopes, overbroad permissions
Tool Risk
Dangerous verbs (delete/drop/export)
Tool namespace collisions
User input sanitization failures
Data & Egress
Unbounded outbound fetch (SSRF)
Lack of egress controls
Mass data extraction patterns
Runtime & Dependencies
Unpinned packages + CVEs
Sandbox/exec risks
Deserialization / injection sinks
BlueRock MCP Trust Registry FAQ
What is the MCP Trust Registry?
The MCP Trust Registry is a catalog of MCP servers and tools with security-focused scorecards. Each entry captures exposed tools, read/write capabilities, likely risks (e.g., RCE, data exfil, full-schema poisoning), and practical remediation notes so you can decide what’s safe to wire into your agents.
How do you assess risk for MCP servers and tools?
We combine static and runtime-informed checks: tool discovery, permission analysis (read vs write, destructive verbs), configuration drift, and exposure to known vulnerability patterns from OWASP agentic/LLM work and real-world MCP incidents. The output is a risk band plus concrete guidance, not just a vague score.
Can I use the registry without deploying BlueRock?
A: Yes. You can use the MCP Trust Registry as a standalone reference to vet servers and tools before you connect them. When you do deploy BlueRock, registry entries can seed allow-lists and guardrails so the tools you approve are automatically governed at runtime.
How often are registry entries updated?
A: Entries are periodically updated as new vulnerabilities, configuration changes, or tool behaviors emerge. Our goal is to keep the registry aligned with current MCP exploits and agentic attack research, not just a one-time scan.
How does this help with “shadow” or unknown MCP usage?
The registry helps you evaluate known MCP servers up front, and BlueRock’s runtime visibility helps you discover servers, tools, and agents that slipped in outside formal review. Together, they close the gap between what you think is connected and what’s actually in use in production.