We ranked the 50 most-downloaded MCP server packages on npm by weekly install count. For each, we combined behavioral signals (maintainer count, package age, publish cadence) with CWE-22 static analysis from our mcp-scan tool . The result is a supply-chain risk leaderboard for the packages most likely running inside AI agents right now. The top 2 packages alone pull 3.2 million downloads per week . Both scored WARN. The official reference implementation sits at #3 with 28 CWE-22 pattern flags. The scanner is pattern-based, not semantic. A flag means "this code touches filesystem paths in a way that warrants review," not "this is definitely exploitable." Some flags are in build scripts, not handler code. We note where that distinction matters. How We Scored Them Each package gets a score from 0–100. Lower is riskier.…