Blog

Skill and MCP server security, reported in public.

Methodology posts, public scan data, and field notes on the supply-chain surface of LLM agents. No fluff, no recycled vendor marketing.

2026-04-23 · Launch post

Why 36.7% of community MCP servers fail a basic SSRF check

A public 2026 scan of community Model Context Protocol servers found SSRF in more than a third of them and unsafe command execution in 43%. Here is what that actually looks like in code, why existing dependency scanners miss it, and what we built about it.
Read the post →