📄 中文摘要
对15,923个公开可用的MCP服务器和OpenClaw技能进行了安全扫描,结果显示36%的MCP服务器评分为F(不及格),42个技能被确认具有恶意(占0.4%),最初标记的恶意技能数量为552个。令牌泄露是最主要的漏洞,出现在757个服务器中。只有2%的工具获得B级或更高的评分。
2026年MCP安全状况:我们扫描了15,923个AI工具,发现了什么
📄 English Summary
State of MCP Security 2026: We Scanned 15,923 AI Tools. Here's What We Found.
A comprehensive scan of 15,923 publicly available MCP servers and OpenClaw skills revealed significant security concerns. The analysis found that 36% of MCP servers received an F grade, indicating failure, while 42 skills were confirmed to be malicious, representing 0.4% of the total. Initially, 552 skills were flagged for potential issues. The most prevalent vulnerability identified was token leakage, which was found in 757 servers. Alarmingly, only 2% of the tools achieved a B grade or higher, highlighting the urgent need for improved security measures in the AI tool ecosystem.