Data report

MCP Server Security & Privacy Report

Name: MCP Server Security & Privacy Report
Creator: HeyClaude
License: https://creativecommons.org/licenses/by/4.0/

How Model Context Protocol servers for Claude handle credentials, network exposure, and supply-chain trust — quantified across the HeyClaude registry. MCP servers run with real permissions and reach real data, so these signals matter before you install.

Data as of June 20, 2026 (UTC).

446

MCP servers

analyzed

446

Safety notes

100% of total

446

Privacy notes

100% of total

Verified package

9% of total

Authentication methods

The strongest credential each server declares it needs, inferred from its prerequisites and notes. Servers may support more than one; the strongest identity (OAuth › API key › token) is counted.

OAuth

108

24%

API key

120

27%

Token / PAT

None / unspecified

196

44%

Network exposure

Local (stdio) servers run as a process on your machine; hosted (HTTP/SSE) servers send your requests to a remote endpoint. Remote servers widen the trust boundary — review what they receive.

Local (stdio)

272

61%

Remote (hosted)

138

31%

Unspecified

Supply-chain verification

Servers whose package was verified by a maintainer, and those shipping a checksummed downloadable artifact. Both are signals that what you install matches what was reviewed.

Verified package

Checksummed download

Documentation coverage

Share of MCP servers carrying the metadata you need for a safe rollout — declared prerequisites, reviewer-checked safety and privacy notes, and troubleshooting guidance.

Prerequisites listed

440

99%

Safety notes

446

100%

Privacy notes

446

100%

Troubleshooting

100

22%

Safety & privacy notes

Reviewer-checked notes on execution, permissions, and data handling — the metadata that sets HeyClaude apart. Counts are of all 446 servers; entries can carry both.

Safety notes

446

100%

Privacy notes

446

100%

Both

446

100%

Before you install

Scope credentials to the minimum the task needs; prefer OAuth or read-only keys.
For hosted servers, confirm what data leaves your machine and where it lands.
Prefer verified packages and checksummed artifacts over unpinned installs.
Read the MCP threat-model guide before a team rollout.

Methodology & citation

Figures are computed at build time from the 446 MCP servers in the HeyClaude registry, snapshot dated June 20, 2026. Authentication method is inferred from each server's declared prerequisites and reviewer notes (a heuristic, not a security audit); network exposure is derived from the declared transport. Safety and privacy notes are assigned during maintainer review.

Citing this report? Link to heyclau.de/mcp-security-report with the data-as-of date. See also the State of MCP Servers report. Browse all MCP servers.

Track MCP security

A weekly digest of new servers, coverage shifts, and what landed in the registry.