{"slug": "i-scanned-my-mcp-setup-and-it-scored-0-100-here-s-what-was-wrong", "title": "I scanned my MCP setup and it scored 0/100. Here's what was wrong.", "summary": "Developer alih552 released mcp-audit, a zero-dependency CLI tool that scans MCP server configurations for security issues, after a 2026 analysis of ~7,000 public MCP servers found 41% require no authentication and 36.7% are SSRF-vulnerable. The tool, which runs 100% locally, flagged the developer's own setup with a score of 0/100 due to issues including no auth on remote servers, plaintext secrets, unpinned executables, over-broad filesystem roots, and token bloat consuming up to 75k tokens per request.", "body_md": "I've been adding MCP servers to Claude and Cursor for months — GitHub, a filesystem server, a couple of search servers, a little internal HTTP one I wrote. It works great. Then two things bugged me:\n\nTurns out it's not just me. A 2026 analysis of ~7,000 public MCP servers found **41% require no auth**, **36.7% are SSRF-vulnerable**, and only **8.5% use OAuth**. So I wrote a tiny tool to check my own config — and it scored **0 out of 100**.\n\n`mcp-audit`\n\n([https://github.com/alih552/mcp-audit](https://github.com/alih552/mcp-audit)) is a zero-dependency CLI that reads your MCP config (Claude Desktop, Cursor, VS Code, Windsurf, or a plain .mcp.json) and tells you what's wrong. It runs **100% locally** — it never connects to your servers or sends your config anywhere.\n\n```\npipx install git+https://github.com/alih552/mcp-audit\nmcp-audit\n```\n\nHere's the kind of thing it flagged on my (deliberately messy) test config:\n\n```\nMCP Audit — ~/.cursor/mcp.json\n  7 server(s) - ~13,160 context tokens - score 0/100 (F)\n\n[HIGH] Remote server with no authentication  (internal-api)\n[HIGH] Plaintext secret in config (GitHub token)  (github)\n[MED]  Unpinned auto-updating executable (npx -y)  (filesystem)\n[MED]  Over-broad filesystem root '/Users'  (filesystem)\n[LOW]  7 servers ~ 13,160 context tokens loaded every request\n```\n\n**No auth on a remote server.** If your MCP server is reachable over HTTP and doesn't check a token, the model — or anyone who finds the URL — can run your tools. With prompt injection in the wild, the *server* has to hold the line, not the model.\n\n**Plaintext secrets in the config.** A GITHUB_TOKEN sitting in .mcp.json leaks through the file itself and through your git history. Move it to an env var or a secret manager.\n\n**npx -y / uvx without a pinned version.** That silently runs whatever was published most recently. It's a supply-chain risk — pin the version and review updates.\n\n**Over-broad filesystem roots.** A filesystem server pointed at /Users or $HOME lets the model read and write far more than your project. Scope it to the project directory.\n\n**Token bloat.** This was the one I didn't expect. Every server loads its tool schemas into *every* request. Five servers commonly cost **50-75k tokens of context before you type a word** — that's real money and real latency. Disable the servers you aren't actively using.\n\nFor the config issues: pin versions, move secrets to env vars, scope filesystem access, and put auth in front of anything remote. There's a full MCP Server Security Checklist here: [https://alih552.github.io/mcp-forge/checklist.html](https://alih552.github.io/mcp-forge/checklist.html)\n\nIf you're *building* an MCP server and want it secure from commit one, I also put together MCP Forge Kit ([https://alih552.github.io/mcp-forge/](https://alih552.github.io/mcp-forge/)) — a secure-by-default starter (bearer + JWT auth, SSRF-safe fetch, rate limiting, validation, tests, CI). But the auditor above is free and MIT, and genuinely useful on its own.\n\n```\npipx install git+https://github.com/alih552/mcp-audit\nmcp-audit --json\n```\n\nI'd love feedback on the checks — especially **false positives** and checks you think are missing. Repo: [https://github.com/alih552/mcp-audit](https://github.com/alih552/mcp-audit)", "url": "https://wpnews.pro/news/i-scanned-my-mcp-setup-and-it-scored-0-100-here-s-what-was-wrong", "canonical_source": "https://dev.to/alih552/i-scanned-my-mcp-setup-and-it-scored-0100-heres-what-was-wrong-28g", "published_at": "2026-06-28 01:40:10+00:00", "updated_at": "2026-06-28 02:03:34.502067+00:00", "lang": "en", "topics": ["ai-tools", "ai-safety", "developer-tools", "ai-infrastructure", "ai-agents"], "entities": ["alih552", "mcp-audit", "Claude", "Cursor", "GitHub", "MCP Forge Kit", "OAuth", "SSRF"], "alternates": {"html": "https://wpnews.pro/news/i-scanned-my-mcp-setup-and-it-scored-0-100-here-s-what-was-wrong", "markdown": "https://wpnews.pro/news/i-scanned-my-mcp-setup-and-it-scored-0-100-here-s-what-was-wrong.md", "text": "https://wpnews.pro/news/i-scanned-my-mcp-setup-and-it-scored-0-100-here-s-what-was-wrong.txt", "jsonld": "https://wpnews.pro/news/i-scanned-my-mcp-setup-and-it-scored-0-100-here-s-what-was-wrong.jsonld"}}