📄 中文摘要
对 MCP 服务器的审计显示,194 个软件包中有 118 个存在安全问题,失败率高达 60.8%。开发者并非懒惰,而是缺乏可见性。在使用 npm 安装 MCP 服务器时,用户无法得知其是否对输入进行验证、是否泄露环境变量或是否存在未经过滤的输入。当前已有 Lighthouse 用于网页性能评估,Snyk 用于依赖漏洞检测,但缺乏针对 MCP 服务器安全的工具。为此,提出了 MCP 安全评分的建议,采用 0-100 分制,自动计算并涵盖五个维度,以提升安全性和透明度。
如果 MCP 服务器有类似 Lighthouse 的安全评分会怎样?
出处: what if MCP servers had a Lighthouse-style security score?
发布: 2026年3月30日
📄 English Summary
what if MCP servers had a Lighthouse-style security score?
An audit of MCP servers revealed that out of 194 packages scanned, 118 had security findings, resulting in a failure rate of 60.8%. The issue is not developer negligence but a lack of visibility. When users install MCP servers via npm, they have no insight into whether the server validates input, leaks environment variables, or handles unsanitized input. While tools like Lighthouse for web performance and Snyk for dependency vulnerabilities exist, there is currently no equivalent for MCP server security. Therefore, the proposal for an MCP Security Score is introduced, which would use a 0-100 scale, automatically calculated across five dimensions to enhance security and transparency.