{"generated_at":"2026-04-24T11:49:43.891Z","report_title":"State of MCP Package Security — April 2026","monitoring":{"packages_monitored":855,"scans_total":8893,"latest_watch_update_at":"2026-04-24T11:48:07.892+00:00","scanner_version":"2.1"},"scores":{"sample_size":855,"mean":90.7,"median":95,"distribution":{"90-100":615,"80-89":133,"70-79":82,"60-69":15,"50-59":6,"40-49":3,"30-39":1,"20-29":0,"10-19":0,"0-9":0},"bucket_order":["90-100","80-89","70-79","60-69","50-59","40-49","30-39","20-29","10-19","0-9"]},"risk":{"distribution":{"LOW":720,"MODERATE":110,"ELEVATED":21,"HIGH":4,"CRITICAL":0},"order":["LOW","MODERATE","ELEVATED","HIGH","CRITICAL"]},"findings":{"sample_size":500,"scans_in_sample_with_findings":416,"scans_in_sample_without_findings":84,"total_in_sample":629,"by_type":{"no_provenance":388,"no_repository":70,"install_script":69,"command_injection":69,"unsafe_eval":15,"excessive_dependencies":7,"no_license":6,"sensitive_file_access":3,"hardcoded_secret":2},"by_severity":{"critical":2,"high":73,"medium":77,"low":477}},"capabilities":{"sample_size":534,"by_type":{"unknown":505,"search_index":292,"database_access":176,"network_egress":162,"email_messaging":138,"filesystem_read":109,"secrets_access":104,"memory_state":89,"browser_automation":76,"repo_read":69,"cloud_infra":62,"filesystem_write":61,"shell_exec":27,"repo_write":25,"code_analysis":19}},"install_scripts":{"sample_size":713,"present":65,"absent":648,"rate":0.091},"advisories":{"total":11,"by_severity":{"critical":0,"high":7,"medium":0,"low":4},"recent":[{"package":"agent-recall-mcp","severity":"low","published_at":"2026-04-10T08:38:08.213009+00:00"},{"package":"local-mcp","severity":"high","published_at":"2026-04-11T17:42:08.408468+00:00"},{"package":"@opentabs-dev/mcp-server","severity":"high","published_at":"2026-04-13T14:04:09.281636+00:00"},{"package":"@planu/cli","severity":"high","published_at":"2026-04-17T19:42:10.301235+00:00"},{"package":"vexp-cli","severity":"high","published_at":"2026-04-18T19:36:08.267218+00:00"},{"package":"@planu/cli","severity":"high","published_at":"2026-04-22T04:16:10.534747+00:00"},{"package":"idea-manager","severity":"high","published_at":"2026-04-22T05:24:12.489471+00:00"},{"package":"openchrome-mcp","severity":"high","published_at":"2026-04-23T01:38:10.041972+00:00"},{"package":"memorix","severity":"low","published_at":"2026-04-23T15:04:13.451895+00:00"},{"package":"semiotic","severity":"low","published_at":"2026-04-23T15:38:11.42137+00:00"}]},"lowest_scoring_packages":[{"package":"fa-mcp-sdk","score":30,"risk":"HIGH","version":"0.4.71"},{"package":"@stackmemoryai/stackmemory","score":40,"risk":"HIGH","version":"1.10.5"},{"package":"claude-flow","score":45,"risk":"HIGH","version":"3.5.80"},{"package":"daemora","score":45,"risk":"HIGH","version":"2026.1.2-beta.2"},{"package":"brave-real-browser-mcp-server","score":50,"risk":"ELEVATED","version":"2.45.29"},{"package":"nodebench-mcp","score":55,"risk":"ELEVATED","version":"3.2.0"},{"package":"memoir-cli","score":55,"risk":"ELEVATED","version":"3.6.1"},{"package":"perp-cli","score":55,"risk":"ELEVATED","version":"0.11.0"},{"package":"promptup-plugin","score":55,"risk":"ELEVATED","version":"0.2.2"},{"package":"pythia-lcs","score":55,"risk":"ELEVATED","version":"3.1.0"}],"notes":{"findings_sample":"Findings aggregates reflect the most recent 500 scans rather than all scans on record, to avoid double-counting repeat scans of the same package.","severity_downgrade":"Severity values reflect scanner v2.1 context-aware downgrade: findings flagged by regex but with a detected sanitizer wrapper or test-fixture context nearby are reduced in severity with an explicit annotation.","capability_sample":"Capability counts reflect packages that have capability analysis populated on their most recent scan. Older monitored packages may not have this field yet."}}