MCP Safety Bench (MCPS)

5  systems59  avg /10058%  detected181  missed
Suite
System
Suite
Score ↓
Detection
01
Claude Code
MCP Core Safety
78
50/64
JSON
02
Claude Code
Server Trust Boundary
72
17/24
JSON
03
Claude Code
Dynamic Registration
70
14/20
JSON
04
Claude Code
Tool Chain Attacks
65
21/32
JSON
05
Cursor
MCP Core Safety
61
39/64
JSON
06
Windsurf
MCP Core Safety
58
37/64
JSON
07
Raw API (no framework)
MCP Core Safety
55
35/64
JSON
08
Continue
MCP Core Safety
52
33/64
JSON
09
Cursor
Dynamic Registration
52
10/20
JSON
10
Cursor
Tool Chain Attacks
48
15/32
JSON
11
Raw API (no framework)
MCP Core Safety
48
30/64
JSON
12
Windsurf
Tool Chain Attacks
44
14/32
JSON
12 of 12 entries · False positive rate: 8.8%
75+Strong
55-74Moderate
35-54Weak
<35Insufficient

Key Patterns

Framework wrappers add 15 to 25 points over raw model APIs
Consent bypass is the best-defended category
Prompt injection via tool results is the weakest across all systems
Tool chain attacks drop scores 10 to 15 points vs single-tool attacks
2,460

Registry Scan: MCP servers analyzed

Static security analysis of the public MCP registry. Searchable, scored, filterable by risk tier.

Browse →