Secure Your MCP Servers
MCPSafe is the security scanner and quality registry for Model Context Protocol servers. Scan for vulnerabilities, verify trust, and discover safe MCP tools for your AI applications.
Trusted by the MCP Community
Real-time security intelligence for Model Context Protocol servers
Featured Secure Servers
Top-rated MCP servers with verified security scores. Trusted by developers worldwide.
Recent Vulnerabilities
Stay informed about the latest security issues discovered in MCP servers.
Why MCPSafe?
Comprehensive security analysis for MCP servers to keep your AI applications safe.
Security Scanning
Deep analysis of MCP server code for vulnerabilities, unsafe patterns, and potential security risks.
Code Analysis
AST-based parsing to detect command injection, credential exposure, and dangerous API usage.
Trust Registry
Browse and discover verified MCP servers with security scores and community reviews.
Connect Your Agent in Seconds
One endpoint. Full security intelligence. Built for Claude, GPT, and any AI agent.
Quick Start — Get Service Info
No auth required. Your agent can discover all capabilities instantly.
Response:
{
"service": "MCPSafe",
"capabilities": ["scan_url", "get_report", "get_badge"],
"endpoints": {
"scan": "POST /api/v1/scans/url",
"badge": "GET /api/badge/{slug}.svg"
},
"free_tier": { "scans_per_month": 1 }
}Instant Scans
Submit any GitHub URL, get security results in seconds
Security Badges
Embed trust badges for any scanned server
Full Registry
Query verified MCP servers with security and quality scores
Free: 1 scan/month • Pro ($7/mo): 10 scans • Team ($29/mo): Unlimited
Everything You Need for MCP Security
From deep code analysis to continuous monitoring, MCPSafe provides a complete security toolkit for the Model Context Protocol ecosystem.
AST-Based Analysis
Tree-sitter powered parsing for JavaScript, TypeScript, and Python. Analyze code structure without executing it.
50+ Security Rules
Comprehensive rule set covering OWASP Top 10, command injection, path traversal, SSRF, and more.
Real-Time Scanning
Scan any MCP server in seconds. Submit a GitHub URL, npm package, or upload source code directly.
Vulnerability Details
Get detailed reports with code snippets, line numbers, CWE IDs, CVSS scores, and remediation guidance.
CI/CD Integration
GitHub Actions and CLI tools to automate security checks in your development workflow.
Security Alerts
Get notified when new vulnerabilities are discovered in servers you're watching.
API Access
Full REST API with OpenAPI documentation. Build custom integrations and workflows.
Quality Metrics
Beyond security: documentation quality, test coverage, maintenance activity, and compatibility scores.
Registry Discovery
Browse the verified MCP registry, backed by 450 scanned sources and strict cleanup of non-server packages.
100% Free — No Limits
Every feature is free for everyone. Unlimited scans, full registry access, API access, webhooks, and more — no credit card required.
- Full registry access — all servers
- Unlimited security scans
- Detailed vulnerability reports
- Full API access
- Unlimited watchlist
- Webhook notifications
- CI/CD integration
- Email alerts
Ready to secure your MCP servers?
Everything is free — create an account and start scanning in seconds.