What is the MCP Trust Registry?

The MCP Trust Registry provides security ratings and vulnerability data for public Model Context Protocol (MCP) servers. Each profile includes risk ratings, code-level findings, and tool inventories to help teams decide which servers are safe to connect to their AI agents.

How many MCP servers have been scanned?

We've scanned over 7,100 public MCP servers and found that 9.2% have critical vulnerabilities. The registry is updated daily as new servers are published.

Is the MCP Trust Registry free to use?

Yes, the MCP Trust Registry is a free community initiative by BlueRock. No login is required to access security ratings and vulnerability data for public MCP servers.

MCP Trust Registry

Agent Sandbox 2.0

Agentic Visibility

MCP Server Protection

For Developers

For Security

Threat Research

Blog

Docs

Free community initiative by BlueRock

MCP Trust Registry

Name: MCP Trust Registry
Creator: BlueRock

Security Ratings for MCP Servers

Security ratings and tool classification for public MCP servers.
Know what's safe before you connect.

Access the Registry — Free

Request Scan for Private Repo

[ Takes a second to load… ]

Free community initiative by BlueRock

MCP Trust Registry

Security Ratings for MCP Servers

Security ratings and tool classification for public MCP servers.
Know what's safe before you connect.

Access the Registry — Free

Request Scan for Private Repo

[ Takes a second to load… ]

How to Use

1

Search
MCP Servers

2

Review
MCP Server Scan Results

3

Leverage Security Findings and Tool Inventory

Building your own MCP server? Submit your build for a security scan.

The MCP Trust Registry scanned 9,000+ MCP servers.

Here's what we found:

9.2%

of MCP servers have critical vulnerabilities

Nearly 1 in 10 servers your agents touch are compromised.

43%

of MCP servers have command injection flaws

Happens below the gateway layer.

36.7%

MCP servers are vulnerable to SSRF

One request to reach your internal network.

Access the Registry — Free

Scan any MCP server. Public or yours.

Browse the Public Registry

Search 8,000+ public MCP server builds. See risk ratings, vulnerability details, and remediation guidance before you connect a server to your agent.

Submit Your Own Build

Most enterprise MCP adoption is internal. Submit your private repo for the same 22-rule analysis. Get a full security report with code-level findings your team can act on immediately.

Browse the Public Registry

Search 9,000+ public MCP server builds. See risk ratings, vulnerability details, and remediation guidance before you connect a server to your agent.

Submit Your Own Build

Most enterprise MCP adoption is internal. Submit your private repo for the same 22-rule analysis. Get a full security report with code-level findings your team can act on immediately.

Same analysis. Same rules. Same remediation guidance — whether the repo is public or yours.

Request Private MCP Server Repository Scan

What You Get in Every MCP Trust Scan Result

Risk rating: Low, Medium, High, or Critical with severity rationale.

Deep findings: Impacted rules and vulnerability explanations.

Tool inventory: Every tool exposed by the server, including destructive operations.

Rescan on release changes, full trend view.

Developer + admin steps.

Why the MCP Trust Registry Exists

MCP servers are rapidly becoming the default way to connect AI agents to tools, files, and SaaS systems. But the ecosystem is exploding with unofficial, third‑party servers — many with hidden security risks. Teams lack a standardized, trusted way to evaluate whether an MCP server is safe to run in sensitive environments.

The MCP Registry provides code-level evaluations mapped to OWASP, MCP best practices, and Maestro so security teams can quickly assess, harden, or block risky connectors.

Access the Registry — Free

MCP Trust Registry

Security Ratings for MCP Servers

Security ratings and tool classification for public MCP servers.Know what's safe before you connect.

MCP Trust Registry

Security Ratings for MCP Servers

Security ratings and tool classification for public MCP servers.Know what's safe before you connect.

How to Use

1

1

Search MCP Servers

2

2

Review MCP Server Scan Results

3

3

3

Leverage Security Findings and Tool Inventory

The MCP Trust Registry scanned 9,000+ MCP servers.

Here's what we found:

9.2%

9.2%

9.2%

43%

43%

43%

36.7%

36.7%

36.7%

Scan any MCP server. Public or yours.

Browse the Public Registry

Submit Your Own Build

Browse the Public Registry

Browse the Public Registry

Submit Your Own Build

Submit Your Own Build

Same analysis. Same rules. Same remediation guidance — whether the repo is public or yours.

Same analysis. Same rules. Same remediation guidance — whether the repo is public or yours.

Request Private MCP Server Repository Scan

What You Get in Every MCP Trust Scan Result

Risk rating: Low, Medium, High, or Critical with severity rationale.

Deep findings: Impacted rules and vulnerability explanations.

Tool inventory: Every tool exposed by the server, including destructive operations.

Rescan on release changes, full trend view.

Developer + admin steps.

Why the MCP Trust Registry Exists

The MCP Registry provides code-level evaluations mapped to OWASP, MCP best practices, and Maestro so security teams can quickly assess, harden, or block risky connectors.

Security ratings and tool classification for public MCP servers.
Know what's safe before you connect.

Security ratings and tool classification for public MCP servers.
Know what's safe before you connect.

Search
MCP Servers

Review
MCP Server Scan Results