Methodology, raw numbers, and the awkward findings nobody asked us to publish. Written by the person who built the scanner — no editorial team, no embargo, no spin.
91% of repos flagged by at least one of sixteen scanners. Half landed in the yellow zone — functional, maintained, and quietly carrying CVEs. The full breakdown, including which engines fire most often and which agree.
Read the report →A long-form essay on why the MCP ecosystem looks like npm circa 2014 — and which threat categories are unique enough to need new scanners. No vendors mentioned, no products pitched.
Read the essay →We ran 16 scanners against 769 repos. They agreed on almost nothing. Co-occurrence tables, overlap diagrams, and the case for never trusting a single tool's "all clear".
Read the analysis →Severity weights, engine weights, the per-engine cap, and the published nonlinearity. If you cannot reproduce a score on your own machine, it does not count as a verdict.
Read the spec →Three months of YARA matches: how often MCP tool descriptions contain instruction-like language that could quietly steer an agent's next step.
Read the dispatch →MCPAmpel is free. The blog is free. The scoring methodology is on GitHub. There is one author — Nikita Frikh-Khar — and zero growth team. If a piece is worth reading, it shows up here. If not, it doesn't.
RSS lives at /blog/feed.xml. Bring your own reader.
Sixteen engines. Sixty seconds. No account, no credit card, no email gate.