// MCP SERVER

The MCP server that vets MCP servers.

Connect your agent to the registry itself. Before it installs or allows any MCP server, it asks one question: is this safe? It gets back the published record: verified identity with the evidence, risk grade, auth posture and every tool's classification. The registry tracks 44,603 servers and 362,000 classified tools, kept current by continuous scanning. Single-server lookups are free.

ENDPOINT https://api.policylayer.com/mcp Streamable HTTP · no key needed for lookups
// CONNECT

Two lines in any client.

CLAUDE CODE
claude mcp add --transport http policylayer https://api.policylayer.com/mcp
CLAUDE (DESKTOP / WEB)
Settings → Connectors → Add custom connector
URL: https://api.policylayer.com/mcp
CURSOR / WINDSURF / VS CODE
{ "mcpServers": {
  "policylayer": {
    "url": "https://api.policylayer.com/mcp"
} } }
ADDING A REGISTRY LICENCE KEY

In Claude Code, append to the command:

--header "Authorization: Bearer plr_..."

In Cursor / Windsurf / VS Code, add inside "policylayer":

"headers": { "Authorization": "Bearer plr_..." }

Claude desktop/web connectors can't send headers; free lookups only.

Then tell your agent: “check any MCP server against PolicyLayer before installing it.” Add it to your team's agent instructions and every install gets vetted.

// TOOLS

Four tools, one boundary.

check_mcp_server Full record for one server: identity + evidence, risk grade, posture, tools riskiest-first. Unknown servers are queued for scanning by the lookup itself. FREE
search_registry Find published servers by name, slug or package substring, with grade and verification on every match. FREE
check_tool One tool's full classification: risk analysis and evidence, OWASP classes, parameters, recommended policy default. FREE
get_change_events The ordered change feed: drift, posture flips, impostor flags. Cursor-based, severity filters. LICENCE

The boundary, same as everywhere in the registry: anything about one server is free; a hobbled free lookup would defeat the point. The licence buys breadth: the change feed here, plus bulk snapshots, keyset paging and webhooks on the /v1 API. Keys are self-serve on the licensing page.

// WHY THIS EXISTS

The decision happens in the agent.

Vet at install time
The moment a server is about to enter your stack is the moment its record matters. Your agent checks identity, posture and tool intelligence across every tracked server without leaving the conversation.
Gate risky tool calls
check_tool answers the narrower question: should this tool on this server be allowed? It returns the classification, the evidence and a recommended policy default your agent can apply.
Misses make the registry better
Look up a server we don't know and the lookup itself queues it for identity resolution and a priority scan. Ask again shortly and the record is there.
// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.