The MCP server that vets MCP servers.
Connect your agent to the registry itself. Before it installs or allows any MCP server, it asks one question: is this safe? It gets back the published record: verified identity with the evidence, risk grade, auth posture and every tool's classification. The registry tracks 44,603 servers and 362,000 classified tools, kept current by continuous scanning. Single-server lookups are free.
https://api.policylayer.com/mcp Streamable HTTP · no key needed for lookups Two lines in any client.
claude mcp add --transport http policylayer https://api.policylayer.com/mcp Settings → Connectors → Add custom connector
URL: https://api.policylayer.com/mcp { "mcpServers": {
"policylayer": {
"url": "https://api.policylayer.com/mcp"
} } } In Claude Code, append to the command:
--header "Authorization: Bearer plr_..." In Cursor / Windsurf / VS Code, add inside "policylayer":
"headers": { "Authorization": "Bearer plr_..." } Claude desktop/web connectors can't send headers; free lookups only.
Then tell your agent: “check any MCP server against PolicyLayer before installing it.” Add it to your team's agent instructions and every install gets vetted.
Four tools, one boundary.
check_mcp_server Full record for one server: identity + evidence, risk grade, posture, tools riskiest-first. Unknown servers are queued for scanning by the lookup itself. FREE search_registry Find published servers by name, slug or package substring, with grade and verification on every match. FREE check_tool One tool's full classification: risk analysis and evidence, OWASP classes, parameters, recommended policy default. FREE get_change_events The ordered change feed: drift, posture flips, impostor flags. Cursor-based, severity filters. LICENCE The boundary, same as everywhere in the registry: anything about one server is free; a hobbled free lookup would defeat the point. The licence buys breadth: the change feed here, plus bulk snapshots, keyset paging and webhooks on the /v1 API. Keys are self-serve on the licensing page.
The decision happens in the agent.
check_tool answers the narrower question: should
this tool on this server be allowed? It returns the classification, the
evidence and a recommended policy default your agent can apply.