We Scanned Popular Open Source MCP Configs. Here's What We Found.
Cloudflare, Stripe, Supabase, Sentry, Firebase — we ran PolicyLayer's scan against real .mcp.json files from well-known repos. Most expose destructive tools with zero policy enforcement.