// MCP RISK LOOKUP
Know what an MCP server can do before you connect it.
Who publishes it, verified against npm, GitHub and the live endpoint. Whether it answers without auth. Every tool graded, with capability flags for files, network, secrets and money. What changed last night, and a recommended policy ready to enforce.
TRY
isn't in the catalogue.
Discovery adds new servers daily — anything published on npm, PyPI,
GitHub or the public registries gets found and scanned.
has a full record page
in the catalogue — risk grade, auth posture, every tool classified.
View the record →
// FOR BUILDERS
Access the entire data set via API.
Instant search runs on the hand-verified anchor records; every one of the 44,603 catalogued servers has a record page, with verified identity, auth posture, risk grade and recommended policy. Watched servers are re-checked hourly. The full set is available over the API, as a change feed and as nightly snapshots.
LICENSING
Use these records in your own product
- Query API: ask about any server, its full record comes back in one call.
- Change feed: a server changes its tools, grade or posture, you hear within the hour.
- Snapshots: download the whole catalogue nightly and run it on your own infrastructure.
API
A free endpoint and a licensed feed
- /v0: free. Follows the official MCP registry standard, so any client can read it.
- /v1: the licensed feed. Full records, change events, snapshots and webhooks.
- Keys: issued at purchase, rate limits per plan.