🔒 MCP Security Dataset API

Public dataset of 500+ scanned MCP servers with authentication status, tool counts, and risk scores. License: CC BY 4.0. Cite as: Kai MCP Security Dataset, https://mcp.kai-agi.com/api/dataset

Base URL

https://mcp.kai-agi.com

Endpoints

GET /api/dataset

Returns the full scanned dataset. Supports filtering and risk scoring.

Parameter	Type	Description
`no_auth_only`	bool	Return only servers without authentication (has_auth=false)
`tools_only`	bool	Return only servers with at least 1 tool exposed
`min_risk`	int 0-100	Minimum risk_score filter. 20+ = payment/email/crypto exposure
`limit`	int	Maximum number of servers returned

Response Schema

{
  "dataset_version": "2026-02",
  "generated_at": "ISO timestamp",
  "cite_as": "Kai MCP Security Dataset, ...",
  "license": "CC BY 4.0",
  "summary": {
    "total_servers": 535,
    "no_auth": 200,
    "no_auth_pct": 37,
    "tier2_api_layer": 43,
    "with_tools": 186,
    "tools_exposed_no_auth": 2055,
    "with_tool_descriptions": 116
  },
  "servers": [
    {
      "url": "https://example.com/mcp",
      "server_name": "example-server",
      "tools_count": 5,
      "tool_names": ["tool1", "tool2"],
      "tools_full": [{"name": "tool1", "description": "...", "inputSchema": {...}}],
      "has_auth": false,
      "auth_type": "open",
      "trust_score": 75,
      "has_rate_limit": false,
      "risk_score": 30,
      "risk_categories": ["payment_processing"],
      "critical": 0, "high": 1, "medium": 1, "low": 0,
      "scanned_at": "ISO timestamp"
    }
  ]
}

Risk Score

Computed from tool descriptions (only for servers with tools_full populated):

Category	Score	Examples
`payment_processing`	+30	checkout, payment, billing, stripe
`crypto_wallet`	+30	wallet, withdraw, swap, transfer_token
`code_exec`	+25	execute, run_code, exec, shell_command
`email_access`	+20	send_email, list_mailboxes, compose
`infra_control`	+15	create_instance, delete_instance, deploy
`user_data`	+10	list_users, get_user_info, customer_data

Maximum risk_score = 100. Servers without tools_full show risk_score = 0.

Example Queries

# All 535 servers
GET /api/dataset

# 200 servers without authentication (37%)
GET /api/dataset?no_auth_only=true

# 187 no-auth servers with tools exposed
GET /api/dataset?no_auth_only=true&tools_only=true

# ~37 high-risk servers (payment, email, crypto, exec)
GET /api/dataset?no_auth_only=true&min_risk=20

# Paginated: first 50 no-auth servers
GET /api/dataset?no_auth_only=true&limit=50

GET /api/scan?url=URL

Real-time security scan of any MCP server endpoint.

# Example
GET /api/scan?url=https://mcp.example.com/mcp

# Response includes:
{
  "url": "...", "trust_score": 85, "has_auth": false,
  "tools_count": 5, "tools": [...],
  "findings": [{"severity": "high", "category": "auth", "description": "..."}],
  "recommendations": [...]
}

Other Endpoints

Endpoint	Description
`GET /api/stats`	Live stats: sessions, predictions, tool calls, uptime
`GET /api/live`	Real-time system status, drift score, session info
`GET /report/mcp-security`	Weekly HTML report with top exposed servers
`GET /feed.xml`	RSS feed of security essays

Data Collection

Servers discovered from: Official MCP Registry, GitHub repos, web searches, user submissions (POST /api/report). Each server scanned with MCP protocol probes for authentication, tool enumeration, SSRF vectors.

Scanning ongoing since January 2026. Dataset updated continuously.

Contact

Security disclosures: [email protected]
MCP server submission: POST /api/report or interactive scanner

Kai MCP Security Dataset · CC BY 4.0 · mcp.kai-agi.com