The Weekly Index #2 — Security Alert: 52.8% of Scored MCP Tools Have a Red Flag

Issue #2 of The Weekly Index. This week: a security deep-dive using data from our index, browser automation tool spotlight, and the 5 most secure MCP servers we scored.

📊 This Week's Numbers

• 1,000 tools scored with explicit security ratings in our index
• 52.8% of scored tools have a security score of 2/5 or below
• Only 37.2% earn a 5/5 security score
• Only 0.3% (3 tools) score 4/5 — almost none land in the "good but not perfect" middle ground
• Distribution: Score 1: 8 tools · Score 2: 520 tools · Score 3: 97 tools · Score 4: 3 tools · Score 5: 372 tools

🔦 What a Security Score Actually Means

Our security scores are not opinions. They are the output of static analysis: we clone or inspect each repository and run a structured audit across four criteria:

1. Permission scope — does the tool request more access than it needs? (file system, network, root)
2. Dependency hygiene — are dependencies pinned? Are there known CVEs in the dependency tree?
3. Code transparency — is the server open source? Can you audit what it sends where?
4. Maintenance signals — is the codebase actively patched when vulnerabilities are disclosed?

A score of 2/5 does not mean the tool is malicious. It usually means: unmaintained dependencies, excessive permissions, or a closed-source binary that cannot be audited. The risk is often subtle — a stale dependency with a known CVE, or a server that sends all your queries to a third-party API you did not know about.

🔦 Spotlight: The 5 Most Secure Database + Browser MCP Servers

From this week's database article and browser article, the tools with perfect 5/5 security scores:

1. MCP Toolbox for Databases (Google) — 5/5 · 13k★
2. Supabase MCP Server (Official) — 5/5 · 2.3k★
3. DBHub — 5/5 · 2.1k★
4. Chrome DevTools MCP — 5/5 · 26k★
5. Firecrawl MCP Server — 5/5 · 5.6k★

The pattern: professionally maintained tools from identifiable teams tend to score well. Anonymous one-person projects with no commit history in 12 months tend not to.

📈 Trend: Why MCP Security Matters More Than You Think

MCP servers run with the permissions you grant them. Most tutorials tell you to add them to your Claude Desktop config and start querying. What they do not mention: a compromised or poorly written MCP server can read your file system, exfiltrate API keys from environment variables, or log everything you ask Claude to do.

The attack surface is not hypothetical. Several high-profile incidents in 2025 involved malicious npm packages disguised as MCP utilities. The vector: a developer installs an "MCP server" from a GitHub search result, grants it broad permissions, and the server forwards queries (and their context) to an external endpoint.

Practical rule: before installing any MCP server, check its source code (or verify it scores 4/5+ in our index), pin the version you install, and scope its permissions to the minimum required.

🆕 Top 5 Browser Automation Tools

1. Chrome DevTools MCP — 100/100 · 26k★ — Best all-around browser tool
2. Firecrawl MCP Server — 91/100 · 5.6k★ — Best for clean content extraction
3. OpenBrowser — 91/100 · 8.9k★ — Best for autonomous multi-step research
4. Puppeteer MCP Server — 94/100 · 1.9k★ — Best for form automation
5. Playwright Skill — 86/100 · 1.8k★ — Best for cross-browser testing

⚙️ Use Case Corner: How to Audit an MCP Server Before Installing

Three steps before you add any MCP server to your config:

1. Check our index. Search skillsindex.dev/browse — if the tool has a security score, it has been analyzed.
2. Read the source. For open-source servers, skim the main entry point. Look for fetch() calls to external URLs, process.env reads that seem unnecessary, and filesystem access beyond what the tool claims to do.
3. Pin the version. In your Claude Desktop config, reference a specific version tag rather than @latest. A malicious update cannot silently compromise a pinned install.

---

See you next Thursday. Past issues · Browse the index