Evaluate install safety for any repository, npm package, or MCP server. Returns a go/no-go decision with reasoning using vulnerability intelligence.
MIT
204,685 tools. Last updated 2026-06-15 00:34
"Smithery" matching MCP tools:
- Score the trustworthiness of any AI skill, MCP server, or GitHub repo across four dimensions: Alive, Legit, Solid, Usable. Accepts various input formats.MIT
- Run a safety scan on AI skills or MCP servers to identify security threats like prompt injection, shell execution, network exfiltration, and credential theft. Accepts any input format.MIT
- Find MCP servers across registries by describing capabilities or keywords. Returns ranked candidates with details and optional token-cost comparison.MIT
- Compare 2-5 Git assets by license, popularity, risk score, pricing, and repository signals in one call.MIT
- Scan MCP servers to evaluate agent discoverability, generate scores from 0-100, and provide improvement recommendations for server configuration and documentation.
Matching MCP Servers
- Alicense-qualityCmaintenanceA comprehensive Twitch MCP (Model Context Protocol) server providing chat moderation, stream management, and Twitch API integration for AI systems.Last updated114MIT
- Alicense-qualityDmaintenanceMulti-agent AI system for code development with orchestration, architecture planning, code analysis, semantic knowledge search, and intelligent debugging capabilities powered by SurrealDB and Groq.Last updatedMIT
Matching MCP Connectors
- smithery-notionOAuth
A Notion workspace is a collaborative environment where teams can organize work, manage projects,…
A choose your own adventure game where you play as a startup founder trying to build a unicorn again
- Retrieve top MCP servers ranked by quality score, GitHub stars, or usage. Filter by category to find the best options quickly.MIT
- Mount MCP server tools at runtime without restarting. Filter tools to mount only those needed, and unmount to kill process. Supports multiple registries.MIT
- Explore and analyze PocketBase database structures using Discovery to uncover schema details, relationships, and metadata for enhanced data management and optimization.MIT
- Discover and explore available collections and database structure in PocketBase to understand data organization and access points.
- Scan a public GitHub MCP-server repository for security issues. Clones the repo (shallow, <60s, <200 MB), runs compuute-scan v0.6.2 in static analysis mode (no code execution from the target), and returns a structured report with severity counts, a 0-100 score, and the 10 most severe findings. WHEN TO USE: - Before connecting to an unknown MCP server discovered via Anthropic Registry, Smithery, mcp.so, or a Discord recommendation. - Before installing a third-party MCP-server package into a production pipeline. - As part of an agent's pre-commit / pre-deploy due-diligence step when adding new dependencies. - As one input to a multi-source trust evaluation (combine with publisher reputation, package install count, last-update recency). WHEN NOT TO USE: - For private repos. Use the on-prem CLI instead: `npx compuute-scan ./path-to-private-repo` - For deep exploitability assessment of a specific code path. This is pattern matching, not dataflow analysis. Book a manual L2-L4 audit at https://compuute.se/audit for that depth. - For non-GitHub hosts (GitLab, Bitbucket, self-hosted). v1 supports github.com only. - For repos > 200 MB or clone time > 60s. The endpoint returns a 413 or 504 in those cases — fall back to local CLI. EXPECTED RESPONSE TIME: - Median: ~1-2 seconds for small repos (<100 files). - p99: ~10 seconds for medium repos. - Hard timeout at clone=60s, scan=120s combined. EXPECTED COST: - Free tier in MVP. Future Pro tier may charge per-scan or per-month. DATA FRESHNESS: - Scanner version is reported in response.scanner.version. - L1 rule set freshness reflects compuute-scan releases — see github.com/Compuute/compuute-scan/CHANGELOG.md for the latest CVE and threat-intel response timeline. EXAMPLES: Example 1 — scan an MCP server you're evaluating: github_url = "https://github.com/modelcontextprotocol/servers" → score: 0, summary: {critical: 1, high: 94, medium: 22} → top_findings include SSRF, eval, etc. → recommendation: "AVOID — 1 critical and 94 high finding(s)..." Example 2 — scan a clean reference implementation: github_url = "https://github.com/microsoft/azure-devops-mcp" → score: 90+, summary: {critical: 0, high: 1} → recommendation: "REVIEW — 1 high finding(s)..." Example 3 — scan your own dev MCP-server before publishing: github_url = "https://github.com/yourorg/your-mcp" → audit your own surface before others install it OUTPUT FIELDS (stable schema): - repo_url (str): canonical URL of the scanned repo. - score (int): 0-100, higher safer. Coarse summary, not a precision claim. - summary (object): {critical, high, medium, low, info, files_scanned}. - recommendation (str): action guidance derived from severity counts. - findings_count (int): total raw findings (may include false positives). - top_findings (list): up to 10 most severe, each with {id, title, severity, file, line, owasp, cwe}. - l0_discovery (object): MCP transport, tool count, dependency pinning. - performance (object): clone_seconds, scan_seconds, repo_size_bytes. - scanner (object): {name, version, layers_covered}. - _disclaimer (str): MANDATORY triage disclaimer. Read it. Args: github_url: Public GitHub HTTPS URL (e.g. https://github.com/org/repo). Must be public and < 200 MB. v1 is github.com only. Returns: Structured scan result. On error, returns {"error": code, "message": ...} with HTTP-style code (invalid_url, clone_failed, scan_timeout, etc.).Connector
- Analyze an MCP tool definition for instruction-injection and malicious patterns. Performs semantic fingerprinting of the tool's description, parameter schemas, and error templates — detecting credential exfiltration vectors, C2 callbacks, base64 payloads, authority spoofing, and injection phrase patterns. Also checks the tool hash against the SKILL IOC feed and the description against the PROMPT IOC feed for known-malicious matches. If track=True (default), the tool definition is compared against a stored baseline and semantic drift is detected on subsequent calls for the same tool. Args: tool_def: MCP tool definition dict. Expected keys: name, description, inputSchema (optional), annotations (optional). registry: Registry this tool came from ("mcp.so", "clawhub", "smithery", "npm", "pypi", "github", or "unknown"). track: If True, maintain baseline and detect drift across calls. Returns: tool_name: Tool name tool_hash: SHA256 of canonical tool definition risk: "clean" | "low" | "suspicious" | "malicious" risk_score: 0.0–1.0 should_block: True if risk == malicious should_warn: True if risk >= suspicious signals: List of detected signals with field, pattern, excerpt prompt_ioc_matched: True if description matched PROMPT IOC feed skill_ioc_matched: True if tool hash matched SKILL IOC feed latency_ms: Analysis latency drift: Drift result (if track=True and tool was seen before)Connector
- Cross-registry listing audit for any MCP server. Checks Coinbase Bazaar (x402 discovery), Smithery, Glama, the official MCP Registry, and the awesome-mcp-servers list. Returns per-registry status + coverage score 0-100 + remediation suggestions for unlisted registries. Free tier. (price: $0 USDC, tier: free)Connector
- Get active weather alerts, warnings, watches, and advisories for locations in the United States. Perfect for 'Are there any weather alerts in [US location]?' questions. Covers severe weather, winter storms, heat warnings, flood alerts, and more.Connector
- Get hour-by-hour weather forecast for a location in the United States. Perfect for 'What's the hourly forecast?' or 'Will it rain this afternoon in [US location]?' questions. Provides detailed hourly conditions for up to 48 hours.Connector
- Get multi-day weather forecast for a location in the United States. Perfect for 'What's the forecast for [US location]?' questions. Provides detailed day/night forecasts for up to 7 days.Connector
- Is your x402 endpoint actually discoverable? Probes 6 indexers agents use (CDP discovery, Bazaar mirror, awesome-x402 README, awesome-mcp-servers README, x402scan, Smithery) and returns per-indexer presence + a single recommended action. Free tier — every paid-MCP-builder hits the same invisible-launch problem and this is the missing observability tool. (price: $0 USDC, tier: free)Connector
- Find weather observation stations near a location in the United States. Useful for getting station-specific data, finding data sources, or understanding which stations provide weather data for an area. Includes ASOS, AWOS, and other automated weather stations.Connector
- Get current weather conditions for a location in the United States. Perfect for 'What's the weather like in [US location]?' questions. Covers all US states, territories, and coastal waters.Connector
- Validate whether an MCP server is publishable on real directories (MCP Registry, Smithery, npm). Provide raw artifact contents. Returns evidence-backed findings with source-linked directory rules.Connector