MCP Score is an independent trust registry that evaluates and rates Model Context Protocol (MCP) servers. Below are 14 notes & docs apps with similar functionality to MCP Score, matched by what each product actually does — not ranked or scored. Explore each to find the closest fit for your use case.
MCP Scoreboard is a web-based analytics platform that provides independent quality scores for public MCP servers. Users can browse, compare, and track server reliability, access data via API or CLI, and receive score alerts. It is designed for MCP server operators and ecosystem participants.
Canopii Trust Index is a platform that provides security scores for MCP servers by independently scanning and evaluating each server for various risks. The tool addresses concerns such as tool poisoning, prompt injection, supply-chain vulnerabilities, and credential risks within the MCP ecosystem. Each server is assessed on a per-version basis, and a single security score is assigned before agents connect, helping users make informed decisions about which servers to trust. The platform maintains a continuously updated registry of MCP servers, with the evidence noting that over 12,000 servers have been scored. It offers a breakdown of security grades, including the proportion of servers rated from A (strong posture) to F (high risk). Users can browse the registry to view these scores and see the distribution of security postures across the ecosystem. Additionally, the service identifies endpoints that are live-verified and those that are unverifiable. Canopii Trust Index also features an API, allowing users to check the security score of any MCP server from their own tools. This API is key-authenticated and rate-limited, facilitating integration into workflows such as CI gates, procurement reviews, or agent allow-lists. The evidence highlights that the platform is suitable for scenarios where automated or programmatic access to security scores is required. The service is web-based, as indicated by the ability to browse the registry online and request API access. No specific pricing or licensing information is provided in the available evidence. The tool is positioned as a specialized registry and scoring system for MCP servers, focusing on security assessment and risk visibility within this ecosystem.
mcpscore is an open-source CLI tool that analyzes MCP servers for compliance, quality, and protocol validation. It generates comprehensive reports to help developers and administrators ensure their Model Context Protocol servers meet required standards.
MCPSafe is a security scanner designed specifically for Model Context Protocol (MCP) servers, offering pre-install audits to identify vulnerabilities and threats before deployment. The platform is aimed at developers who need to vet MCP servers prior to installation, as well as registry operators responsible for publishing secure catalogs. It provides both fast and deep scans, delivering a quick verdict in approximately three minutes and a more thorough consensus-based analysis in about twenty minutes. The tool combines static analysis with evaluations from five independent large language models (LLMs) to detect a wide range of issues. Its static analysis capabilities identify code-level vulnerabilities such as command injection, SQL injection, server-side request forgery (SSRF), path traversal, and hardcoded secrets. The LLM consensus approach uncovers more complex threats including tool poisoning, silent rug pulls, indirect prompt injection, and obfuscated intent that may evade traditional pattern matching. MCPSafe also performs typosquatting checks to flag lookalike package names, unverified publishers, and unpinned dependencies, helping to prevent supply chain attacks. A permission audit feature evaluates each tool’s real-world access, highlighting excessive permissions, weak authentication, and unintended network exposure. MCPSafe supports scanning a variety of sources, including GitHub repositories, npm and PyPI packages, Docker images, and MCP registry IDs. Users can specify a particular version for targeted analysis. The platform provides actionable score reports using the AIVSS (AI Vulnerability Scoring System), which extends traditional vulnerability scoring with factors relevant to agentic threats, and maps findings to CWE standards. Each scan generates a live SVG badge that can be embedded in documentation to display the current security grade. Results are kept up-to-date by fingerprinting the commit or version on every request, with rescans triggered automatically for new commits. The service is delivered as a web-based platform and is free to use, requiring no signup or credit card for public package scans. Signed-in users benefit from higher rate limits and access to scan history. MCPSafe is developed and operated from Germany.
mcp-mcts is an open-source CLI tool for local MCP security scanning, attack chain analysis, inventory management, and CI integration. It supports optional Semgrep and LLM analysis, making it suitable for security engineers and DevOps teams focused on codebase security.
MCPfinder is an open-source tool that helps AI agents discover and configure Model Context Protocol (MCP) servers. It inspects trust signals, manages environment variables, and generates install-ready configurations, streamlining integration for developers building AI agents that interact with external tools and data sources.
MCP Pre-Flight is a web-based submission auditing tool designed for developers preparing Model Context Protocol (MCP) servers for listing in the Claude and OpenAI directories. The platform addresses the challenge of ensuring that MCP server implementations meet directory requirements before undergoing formal review, aiming to catch common mismatches and issues that can lead to rejection. The tool performs a multi-layered audit process. At the wire level, it checks OAuth 2.1 with PKCE, dynamic client registration, authorization, token exchange, refresh flows, and MCP protocol endpoints such as initialize, tools/list, and tools/call. It also tests for resilience to malformed bodies and unknown methods. Each safe-to-invoke tool exposed by the MCP server is actually called with synthesized arguments to verify correct invocation. For tools that claim idempotency, the platform runs an idempotency probe by calling them twice and comparing the results. MCP Pre-Flight offers optional source-side analysis by accepting a GitHub repository URL. It uses the GitHub API to fetch the repository and runs an abstract syntax tree (AST) check, ensuring that handler implementations match their annotations. The tool also verifies that the README file mentions every tool declared in the source code. Additionally, it analyzes the language of responses for vocabulary that may contradict the tool's annotations. Each audit finding is tagged with the relevant directory—Claude or OpenAI—that the issue pertains to. The tool requires the HTTPS endpoint of a deployed MCP server, specifically one that responds to JSON-RPC tools/list. If OAuth is present, MCP Pre-Flight tests the full authentication flow. Authenticated checks can be unlocked by providing a test bearer token. For source analysis, public repositories can be used without authentication, while private repositories require a personal access token. MCP Pre-Flight is delivered as a free web tool. By simulating the directory review process and highlighting issues in advance, MCP Pre-Flight helps developers reduce the risk of delayed or rejected submissions when targeting the Claude and OpenAI directories.
MCP.so is a third-party marketplace for discovering, searching, and integrating MCP servers and clients. It provides a large collection of MCP servers, supports AI and agent integrations, and offers installation via API, CLI, and Docker. Designed for developers building AI-powered applications.
mcp-audits is an open-source CLI tool that scans, enumerates, and risk-scores permissions on locally configured MCP servers. It is designed for security engineers and AI infrastructure operators to ensure safe and compliant access control in AI systems.
mcp-checkup is an open-source CLI utility that audits MCP server setups, measuring context tax and hygiene. It helps AI infrastructure engineers and developers ensure their Model Context Protocol servers are efficient and healthy by providing detailed health checks and token analysis.
mcp-risk-linter is an open-source CLI tool that analyzes MCP server tools for readiness and security risks, including authentication, filesystem, shell, and network vulnerabilities. It helps developers and DevOps teams ensure safer deployments.
MCP Playground is an interactive web-based toolkit designed for working with Model Context Protocol (MCP) servers. It enables users to connect to any remote MCP server directly from their browser, browse available tools, resources, and prompts, and execute them live without requiring installation or setup. The platform is built on the official MCP Registry and SDK, and is open source under the AGPL v3 license. Key features include the ability to explore and interact with over 850 MCP servers listed in the official registry, inspect server-exposed tools and resources with full JSON Schema visibility, and run tools in real time using auto-generated forms. Users can connect to servers via Streamable HTTP, Server-Sent Events (SSE), or WebSocket transports, with the system auto-detecting the appropriate protocol. For servers requiring authentication, users can supply their own API keys and authorization headers. The platform also offers an in-browser sandbox that allows running stdio-based npm MCP servers without a backend, leveraging WebContainers technology. MCP Playground provides a schema linter that grades MCP servers from A to F based on over 15 lint rules, checking aspects such as tool descriptions, JSON Schema completeness, and token cost estimates. A quality dashboard presents a registry-wide leaderboard for server quality, with sortable and filterable results and CSV export functionality. A public REST API is available for programmatic inspection, linting, and health-checking of MCP servers, supporting CORS for integration into other tools. Developers can also use the associated CLI and CI tools (mcpx) to enforce quality thresholds and catch regressions in their CI pipelines, with compatibility for GitHub Actions and GitLab CI. The platform is intended for developers, server authors, and anyone working within the MCP ecosystem who needs to test, inspect, or validate MCP server implementations. It also offers embeddable badges for server authors to let users launch live playground sessions directly from documentation. MCP Playground operates entirely in the browser and does not require users to create an account or install software.
ShieldMCP is a security scanner designed to assess MCP (Model Context Protocol) configuration files for vulnerabilities and risks. The platform addresses security concerns by scanning uploaded or pasted MCP configuration files and checking for issues across all categories defined in the OWASP MCP Top 10. It flags permission risks, exposed secrets, supply chain threats, and other security weaknesses in MCP setups, providing users with a rapid assessment in about 60 seconds without requiring an account. json, among others. After a configuration file is uploaded, ShieldMCP conducts an instant scan that covers categories such as token mismanagement, privilege escalation, tool poisoning, software supply chain attacks, command injection, insufficient authentication, lack of audit, shadow MCP servers, and context injection. For each identified issue, the tool offers plain English explanations and, with a paid report, provides detailed fix steps and copy-paste JSON configuration examples. ShieldMCP is delivered as a web-based service, allowing users to upload or paste their configuration files directly on the platform. No account is necessary for the basic scan, and results are available immediately. The service is intended for users managing or securing MCP deployments who want to proactively identify and address security vulnerabilities before they can be exploited. The platform offers a simple pricing structure: a free tier provides risk scores, category flags, issue titles, and server ratings, while a one-time $49 payment per scan unlocks a full report with detailed fixes, configuration examples, and a shareable PDF. A Pro plan, listed as coming soon, will offer additional features such as API access, auto-rescan alerts, scan history, team configuration management, and Slack alerts for $19 per month. ShieldMCP positions itself as a specialized tool for MCP security, focusing on comprehensive coverage of the OWASP MCP Top 10.
Security scanner for MCP (Model Context Protocol) servers - pentest your AI agent's tool connections