We audited 31 MCP server packages across npm and PyPI. For each one, we ran two checks: a direct check of the top-level package a scan of the installed dependency tree The direct package check found 1 finding. The installed trees found 69. Findings by scan view That difference is the story. MCP servers are installable tool surfaces. When an operator installs one, the package manager resolves a runtime tree. That tree can contain vulnerable dependencies even when the top-level package has no finding attached to it. In this run, 11 of 31 installed trees had at least one finding. Across those trees, we saw 54 unique vulnerabilities: 2 critical, 34 high, 28 medium, 4 low, and 1 unknown severity. This does not mean every finding is exploitable in every deployment. It does mean a shallow package check answers a narrower question than operators usually need answered. The Scan Shape The population covered 21 npm packages and 10 PyPI packages.…