Model Context Protocol (MCP) Security

An exploration of common MCP server vulnerabilities, along with a deep dive into MCP server prompt injection (+demonstrations for each!).

→ Tomby68/mcp-vulnerabilities · listed on mcp_so

Install from

mcp.so

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

✅

No credential exfiltration, no sensitive file access, no obfuscation

Static analysis found nothing flowing your secrets to unexpected places.

✅

Open source with a license and README

Anyone can audit the code, the license is declared, and the publisher documents what it does.

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 1 concrete improvement we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/tomby68-mcp-vulnerabilities-ogzj69)](https://m8ven.ai/mcp/tomby68-mcp-vulnerabilities-ogzj69)

commit: 68525cc4b72c4a594e779d8fb8c89b00eda9199c

code hash: 9e5103dd4e461a9b529cb8697c7faf047af83eb2208071ec20b99df2cc55bf09

verified: 4/18/2026, 6:09:59 PM

view raw JSON →