We scanned 763 MCP servers – 31% have exploitable schema vulnerabilities

We ran munio (open source scanner) against 763 MCP servers from awesome-mcp-servers and npm. The methodology and scanner are public — pip install munio and you can reproduce the scan yourself.

The most surprising finding was that composition risk (safe tools chaining into dangerous flows) outweighs individual vulnerabilities. 7,425 toxic data flows vs 312 command injections.

Happy to answer questions about the methodology or specific finding categories.