score

MCP Radar

Think of it as: The trust index for MCP servers

Trust scores for MCP servers.

A public registry of MCP servers scored on permissions, maintenance, install method, package quality, docs, and security risk. Compare alternatives before installing.

previewMITlocal-onlyno telemetry

Install github.com/AgentOpsSec/mcp-radar Docs

quickstart · mcp-radar

1# install
2npm install -g @agentopssec/mcp-radar
3 
4# look up a server by repo
5mcp-radar score modelcontext/github-mcp
6 
7# compare two alternatives
8mcp-radar compare github-mcp filesystem-mcp
9 
10# grab a badge for your README
11mcp-radar badge owner/repo

Why this exists

MCP servers are becoming a new supply chain for AI agents. Some are great. Some are abandoned. Some are openly dangerous.

MCP Radar is a public registry that scores servers on permissions, maintenance, install method, package quality, docs, and security risk — so you can evaluate one before plugging it into Claude Desktop or Cursor.

The model is open. Every score links to the signals that produced it.

Who maintains this MCP server?
What permissions does it require?
Is the package pinned and released responsibly?
Are there known vulnerabilities?
How does it compare to alternatives in the same category?

Quickstart

One command. No account. No telemetry.

quickstart · mcp-radar

1# install
2npm install -g @agentopssec/mcp-radar
3 
4# look up a server by repo
5mcp-radar score modelcontext/github-mcp
6 
7# compare two alternatives
8mcp-radar compare github-mcp filesystem-mcp
9 
10# grab a badge for your README
11mcp-radar badge owner/repo

Two real servers, side by side

Identical category, very different signals.

Official GitHub MCP

Powerful repo access, but actively maintained and well documented.

A-

maintainer activityhigh

last release4d ago

permissionsgithub.write

package pinnedyes

docsthorough

install methodnpx

Random Database MCP

Broad DB access, low maintainer activity, no version pinning, weak docs.

maintainer activitylow

last release184d ago

permissionsdatabase.write · shell

package pinnedno

docssparse

install methodcurl | sh

Score JSON

Public, transparent, consumable by local tools.

GET /api/score/owner/repo

1{ "name": "example-mcp-server",
2  "score": "B-", "risk": "medium",
3  "categories": ["github", "filesystem"],
4  "findings": [
5    { "type": "permission", "severity": "medium", "message": "Requires repository write access" },
6    { "type": "maintenance", "severity": "low", "message": "Last release was 22 days ago" }
7  ] }

CLI reference

search <query>	Search the registry.
score <owner/repo>	Get the trust score and findings.
compare <a> <b>	Side-by-side comparison.
badge <owner/repo>	Generate a SVG / Markdown badge.
submit <profile.json>	Submit your own server to the registry.