MCP security registry
Security ratings for public Model Context Protocol servers, scored 0 to 100 by shield-mcp. Each server is scanned for tool poisoning, over-broad permissions, and hidden prompt-injection in its tool, resource, and prompt metadata.
Checking a server you are about to add? Scan it yourself in one line:
npx @votal/mcp-scan stdio:'npx -y some-mcp-server'
How servers are scored
| band | score | meaning |
|---|---|---|
| clean | 90 to 100 | no findings, or only minor ones |
| minor | 70 to 89 | low-impact issues to review |
| review | 40 to 69 | notable issues; read the findings before connecting |
| high-risk | 0 to 39 | tool poisoning or a hidden injection was found |
| unrated | n/a | could not be scanned, or exposes no tools |
Ratings are generated from real scans of a curated, version-pinned list and are refreshed on a schedule. To add a server, open a PR against registry/servers.yaml.
Rated servers
No servers have been scanned yet. Ratings appear here after the first scan run.