Hi team π
I ran a free deep security scan of modelcontextprotocol/typescript-sdk using MCPSafe β a purpose-built scanner for MCP servers using a 5-LLM consensus panel to detect prompt injection risks, over-scoped tool schemas, supply chain issues, and more.
Results: 53/100 Β· Grade F
| Severity |
Count |
| π΄ Critical |
0 |
| π High |
11 |
| π‘ Medium |
125 |
| π’ Low |
0 |
Summary: 11 high + 125 medium findings across the SDK β worth reviewing before downstream MCP servers adopt these patterns
π Full report with findings and evidence: https://mcpsafe.io/registry/github/modelcontextprotocol/typescript-sdk
Add a security badge to your README
[](https://mcpsafe.io/registry/github/modelcontextprotocol/typescript-sdk)
This badge auto-updates whenever a new scan runs β great for showing users and enterprise customers your security posture at a glance.
Feel free to close this if you're already tracking these findings. Happy to answer any questions about specific findings.
β Truong BUI Β· mcpsafe.io
Hi team π
I ran a free deep security scan of modelcontextprotocol/typescript-sdk using MCPSafe β a purpose-built scanner for MCP servers using a 5-LLM consensus panel to detect prompt injection risks, over-scoped tool schemas, supply chain issues, and more.
Results: 53/100 Β· Grade F
Summary: 11 high + 125 medium findings across the SDK β worth reviewing before downstream MCP servers adopt these patterns
π Full report with findings and evidence: https://mcpsafe.io/registry/github/modelcontextprotocol/typescript-sdk
Add a security badge to your README
This badge auto-updates whenever a new scan runs β great for showing users and enterprise customers your security posture at a glance.
Feel free to close this if you're already tracking these findings. Happy to answer any questions about specific findings.
β Truong BUI Β· mcpsafe.io