This repository contains the replication data and scripts for the paper titled
"Model Context Protocol (MCP) at First Glance: Studying the Security and Maintainability of MCP Servers".
It provides structured datasets and supporting materials for reproducing the study's analyses and results.
The repository includes the following datasets:
- Count: 1,899 MCP servers
- Description: Combines both:
- Official and community servers listed in Anthropic's MCP repository
- Additional MCP-compatible open source servers mined from GitHub
- Count: 583 MCP servers
- Description: A curated subset of MCP servers that have gained significant developer attention on GitHub (i.e., more than 10 stars).
- Includes: Repository metadata and key maintainability metrics such as contributor count, issue count, commit activity, codebase size, and CI/CD metrics.
- Source: Static analysis using SonarQube
- Focus: Standard vulnerabilities detectable by static analysis.
- Source: mcp-scan
- Focus: Identifies tool poisoning and other MCP-specific risks in codebases that expose or depend on model context manipulation.
- Source: SonarQube
- Focus: Maintainability concerns such as complex code, duplicated logic, overly long methods, and latent bugs with severity
CRITICALorBLOCKER.
You can use these datasets for:
- Reproducing experiments from the paper
- Conducting follow-up research on secure and maintainable AI infrastructure
- Benchmarking static analysis tools and threat detection techniques for protocol-driven services
If you use this dataset in your work, please cite the original paper:
@article{hasan2025model,
title={Model context protocol (mcp) at first glance: Studying the security and maintainability of mcp servers},
author={Hasan, Mohammed Mehedi and Li, Hao and Fallahzadeh, Emad and Rajbahadur, Gopi Krishnan and Adams, Bram and Hassan, Ahmed E},
journal={arXiv preprint arXiv:2506.13538},
year={2025}
}
For questions or feedback, please open an issue or contact the authors directly.