Trust · Capability · Risk
MCP server security inspector
Every MCP server triaged for filesystem reach, shell exec, network calls, secrets, browser automation. Trust scored 0–100 with transparent signal weights.
Start with a featured server
- Audit →
Filesystem MCP Server
Secure file operations with configurable access controls
- Audit →
GitHub MCP Server
Repos, issues, PRs and code search over MCP
- Audit →
Postgres MCP Server
Read-only SQL access with schema introspection
- Audit →
Playwright MCP
Full browser automation for agents
- Audit →
Notion MCP Server
Pages, databases and blocks as first-class tools
- Audit →
Stripe MCP Server
Invoices, customers and payment intents safely
- Audit →
Figma MCP Server
Read designs and generate code from frames
- Audit →
Memory MCP Server
Persistent knowledge graph for your agent
How the score works
1. Capabilities
8 capability kinds matched against server metadata: filesystem read/write, shell, process spawn, DB write, network, browser, secrets.
2. Signals
6 signals: Loadout-verified, official author, GitHub stars, public source, stability tag, capability surface. Each carries a fixed weight.
3. Score & grade
Sum of signals → 0–100. Mapped to A / B / C / D / F. Higher is safer to install with default scope.
Security inspector — FAQ
What does the security inspector detect?
It runs an in-browser heuristic over each catalogued MCP server: filesystem reach, shell exec, network calls, secrets handling, browser automation. Each capability gets a risk level (low / medium / high) and contributes to a trust score (0–100).
Is this a real security audit?
No — it is a first-pass triage. The score is built from heuristics over server metadata and install commands, not full source code analysis. Use it as a starting point for your own review, not the final answer.
How is the trust score computed?
Six signals contribute: verification status, official authorship, community traction (GitHub stars), public source availability, stability tag, and capability surface (more high-risk capabilities lower the score). Each signal carries a fixed weight.
Can I audit a server that is not in your catalog?
Submit it through /submit so we ingest it. A direct "paste-a-repo-URL" mode that fetches GitHub data live is on the roadmap.