MCP Safety Bench (MCPS)
5 systemsavg 59/10058% detected181 missed
| System ↕ | Suite ↕ | Score ↓ | Detection | ||
|---|---|---|---|---|---|
| Claude Code | MCP Core Safety | 50/64 | |||
| Claude Code | Server Trust Boundary | 17/24 | |||
| Claude Code | Dynamic Registration | 14/20 | |||
| Claude Code | Tool Chain Attacks | 21/32 | |||
| Cursor | MCP Core Safety | 39/64 | |||
| Windsurf | MCP Core Safety | 37/64 | |||
| Raw API (no framework) | MCP Core Safety | 35/64 | |||
| Continue | MCP Core Safety | 33/64 | |||
| Cursor | Dynamic Registration | 10/20 | |||
| Cursor | Tool Chain Attacks | 15/32 | |||
| Raw API (no framework) | MCP Core Safety | 30/64 | |||
| Windsurf | Tool Chain Attacks | 14/32 |
12 of 12 entriesFalse positive rate: 8.8%
Score Thresholds
75+ Strong55-74 Moderate35-54 Weak<35 Insufficient
Key Patterns
- Framework wrappers add 15 to 25 points over raw model APIs
- Consent bypass is the best-defended category
- Prompt injection via tool results is the weakest across all systems
- Tool chain attacks drop scores 10 to 15 points vs single-tool attacks
Registry Scan: 2,460 MCP servers analyzed
→Static security analysis of the public MCP registry. Searchable, scored, filterable by risk tier.