Evaluate install safety for any repository, npm package, or MCP server. Returns a go/no-go decision with reasoning using vulnerability intelligence.
MIT
215,558 tools. Last updated 2026-06-20 01:02
"smithery" matching MCP tools:
- Run a safety scan on AI skills or MCP servers to identify security threats like prompt injection, shell execution, network exfiltration, and credential theft. Accepts any input format.MIT
- Score the trustworthiness of any AI skill, MCP server, or GitHub repo across four dimensions: Alive, Legit, Solid, Usable. Accepts various input formats.MIT
- Search MCP Registry for servers matching a keyword. Rank results by project tech stack relevance and evaluate GitHub maturity signals.MIT
- Discover MCP servers across registries by capability. Returns ranked server IDs with description, source, and credential-readiness status to find the right server before mounting.MIT
- Compare 2-5 Git assets by license, popularity, risk score, pricing, and repository signals in one call.MIT
Matching MCP Servers
- Alicense-qualityDmaintenanceMulti-agent AI system for code development with orchestration, architecture planning, code analysis, semantic knowledge search, and intelligent debugging capabilities powered by SurrealDB and Groq.Last updatedMIT
- Alicense-qualityDmaintenanceA comprehensive Twitch MCP (Model Context Protocol) server providing chat moderation, stream management, and Twitch API integration for AI systems.Last updated54MIT
Matching MCP Connectors
Toolbox dynamically routes to all MCPs in the Smithery registry based on your agent's need. When a…
- smithery-notionOAuth
A Notion workspace is a collaborative environment where teams can organize work, manage projects,…
- Scan MCP servers to evaluate agent discoverability, generate scores from 0-100, and provide improvement recommendations for server configuration and documentation.
- Retrieve top MCP servers ranked by quality score, GitHub stars, or usage. Filter by category to find the best options quickly.MIT
- Mount any MCP server's tools at runtime without restarting. Unmount by omitting server_id, or mount only selected tools.MIT
- Discover and explore available collections and database structure in PocketBase to understand data organization and access points.
- Explore and analyze PocketBase database structures using Discovery to uncover schema details, relationships, and metadata for enhanced data management and optimization.MIT
- Scan a public GitHub MCP-server repository for security issues. Clones the repo (shallow, <60s, <200 MB), runs compuute-scan v0.6.2 in static analysis mode (no code execution from the target), and returns a structured report with severity counts, a 0-100 score, and the 10 most severe findings. WHEN TO USE: - Before connecting to an unknown MCP server discovered via Anthropic Registry, Smithery, mcp.so, or a Discord recommendation. - Before installing a third-party MCP-server package into a production pipeline. - As part of an agent's pre-commit / pre-deploy due-diligence step when adding new dependencies. - As one input to a multi-source trust evaluation (combine with publisher reputation, package install count, last-update recency). WHEN NOT TO USE: - For private repos. Use the on-prem CLI instead: `npx compuute-scan ./path-to-private-repo` - For deep exploitability assessment of a specific code path. This is pattern matching, not dataflow analysis. Book a manual L2-L4 audit at https://compuute.se/audit for that depth. - For non-GitHub hosts (GitLab, Bitbucket, self-hosted). v1 supports github.com only. - For repos > 200 MB or clone time > 60s. The endpoint returns a 413 or 504 in those cases — fall back to local CLI. EXPECTED RESPONSE TIME: - Median: ~1-2 seconds for small repos (<100 files). - p99: ~10 seconds for medium repos. - Hard timeout at clone=60s, scan=120s combined. EXPECTED COST: - Free tier in MVP. Future Pro tier may charge per-scan or per-month. DATA FRESHNESS: - Scanner version is reported in response.scanner.version. - L1 rule set freshness reflects compuute-scan releases — see github.com/Compuute/compuute-scan/CHANGELOG.md for the latest CVE and threat-intel response timeline. EXAMPLES: Example 1 — scan an MCP server you're evaluating: github_url = "https://github.com/modelcontextprotocol/servers" → score: 0, summary: {critical: 1, high: 94, medium: 22} → top_findings include SSRF, eval, etc. → recommendation: "AVOID — 1 critical and 94 high finding(s)..." Example 2 — scan a clean reference implementation: github_url = "https://github.com/microsoft/azure-devops-mcp" → score: 90+, summary: {critical: 0, high: 1} → recommendation: "REVIEW — 1 high finding(s)..." Example 3 — scan your own dev MCP-server before publishing: github_url = "https://github.com/yourorg/your-mcp" → audit your own surface before others install it OUTPUT FIELDS (stable schema): - repo_url (str): canonical URL of the scanned repo. - score (int): 0-100, higher safer. Coarse summary, not a precision claim. - summary (object): {critical, high, medium, low, info, files_scanned}. - recommendation (str): action guidance derived from severity counts. - findings_count (int): total raw findings (may include false positives). - top_findings (list): up to 10 most severe, each with {id, title, severity, file, line, owasp, cwe}. - l0_discovery (object): MCP transport, tool count, dependency pinning. - performance (object): clone_seconds, scan_seconds, repo_size_bytes. - scanner (object): {name, version, layers_covered}. - _disclaimer (str): MANDATORY triage disclaimer. Read it. Args: github_url: Public GitHub HTTPS URL (e.g. https://github.com/org/repo). Must be public and < 200 MB. v1 is github.com only. Returns: Structured scan result. On error, returns {"error": code, "message": ...} with HTTP-style code (invalid_url, clone_failed, scan_timeout, etc.).Connector
- Get active weather alerts, warnings, watches, and advisories for locations in the United States. Perfect for 'Are there any weather alerts in [US location]?' questions. Covers severe weather, winter storms, heat warnings, flood alerts, and more.Connector
- Get multi-day weather forecast for a location in the United States. Perfect for 'What's the forecast for [US location]?' questions. Provides detailed day/night forecasts for up to 7 days.Connector
- Cross-registry listing audit for any MCP server. Checks Coinbase Bazaar (x402 discovery), Smithery, Glama, the official MCP Registry, and the awesome-mcp-servers list. Returns per-registry status + coverage score 0-100 + remediation suggestions for unlisted registries. Free tier. (price: $0 USDC, tier: free)Connector
- Get hour-by-hour weather forecast for a location in the United States. Perfect for 'What's the hourly forecast?' or 'Will it rain this afternoon in [US location]?' questions. Provides detailed hourly conditions for up to 48 hours.Connector
- Is your x402 endpoint actually discoverable? Probes 6 indexers agents use (CDP discovery, Bazaar mirror, awesome-x402 README, awesome-mcp-servers README, x402scan, Smithery) and returns per-indexer presence + a single recommended action. Free tier — every paid-MCP-builder hits the same invisible-launch problem and this is the missing observability tool. (price: $0 USDC, tier: free)Connector
- Find weather observation stations near a location in the United States. Useful for getting station-specific data, finding data sources, or understanding which stations provide weather data for an area. Includes ASOS, AWOS, and other automated weather stations.Connector
- Get current weather conditions for a location in the United States. Perfect for 'What's the weather like in [US location]?' questions. Covers all US states, territories, and coastal waters.Connector
- Get the current local time for a US location. Shows what time it is right now at the specified location.Connector