Remix.run Logo
mavzer an hour ago

https://index.canopii.dev

Part of my job is to approve / reject MCP servers based on how secure they are and whether they are suitable for use in an enterprise environment. I was tired of my team being called the bottleneck to AI adoption, so I set out to automate the whole process.

I periodically collect the MCP servers and every new version from the Official MCP registry and assign them a score based on 29 distinct criteria like runtime guardrails (e.g. destructive tools, over broad permissions, rug pulls), SAST scans and transport & trust model.

As a result of this exercise, I found that 1 in every 10 MCP servers is pretty much unusable (score 40/100 or below). 18% of the popular MCP servers with 1000+ GitHub stars contain one or more security issues. 184 servers to date have changed their tool definitions after publication, which may indicate a "rug pull" attack.

I built this for security minded people who also want to be at the forefront of AI adoption and for security teams who are tired to be called the bottleneck.

Browsing the index is completely free, you only have to request an API key if you want automated, programmatic lookups for any workflow.

Feedback is always welcome!