awesome-mcp-security

awesome-mcp-security is a curated registry/listing of MCP servers along with a daily-updated “Trust Score” intended to help AI agents assess the safety of using particular MCP servers (i.e., attack-surface/prompt-injection/tool-poisoning risk), not the underlying code quality of those servers.

Evaluated Mar 30, 2026 (0d ago)
Homepage ↗ Repo ↗ Security mcp ai-security trust-scores awesome-list prompt-injection agent-risk-assessment
⚙ Agent Friendliness
24
/ 100
Can an agent use this?
🔒 Security
0
/ 100
Is it safe for agents?
⚡ Reliability
5
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
0
Documentation
60
Error Messages
0
Auth Simplicity
100
Rate Limits
0

🔒 Security

TLS Enforcement
0
Auth Strength
0
Scope Granularity
0
Dep. Hygiene
0
Secret Handling
0

This repository content does not describe a service/API with transport/security controls; it primarily publishes curated security scoring information. As such, security scores here mostly reflect that there is no directly assessable authentication/transport/secret-handling surface in the provided material.

⚡ Reliability

Uptime/SLA
0
Version Stability
20
Breaking Changes
0
Error Recovery
0
AF Security Reliability

Best When

You need a practical starting point to prioritize which MCP servers to integrate, and you will still enforce agent safety controls (sandbox, allowlists, strict permissions).

Avoid When

You require authoritative or auditable security assurance for a specific MCP server release; this repo provides aggregated scores/curation rather than verifiable per-deployment security guarantees.

Use Cases

  • Selecting safer MCP servers for automated AI agent workflows
  • Filtering MCP tool integrations by trust/attack-surface risk
  • Guidance for adding guardrails/sandboxing around higher-risk MCP servers

Not For

  • Security testing a specific MCP server implementation in your environment
  • Replacing runtime defenses (sandboxing, least privilege, output filtering)
  • Guaranteeing safety of any specific MCP server without independent verification

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
No
SDK
No
Webhooks
No

Authentication

OAuth: No Scopes: No

No authentication interface described; this appears to be a registry/readme-driven listing rather than an API service.

Pricing

Free tier: No
Requires CC: No

No pricing details provided in the provided content.

Agent Metadata

Pagination
none
Idempotent
False
Retry Guidance
Not documented

Known Gotchas

  • Scores are intended as agent attack-surface guidance, not a guarantee of safety or correctness of the MCP server itself.
  • A daily-updated registry can lag behind new MCP server changes; reassess for the exact version/commit you deploy.
  • Trust scores can be impacted by how tools are used in an agent’s prompt/planning loop; runtime controls remain necessary.

Alternatives

Run your own automated security scans/probing against MCP servers you intend to use Use an MCP gateway/proxy with policy enforcement and allowlisted tools Rely on vendor/provider security documentation and your own threat modeling for each MCP integration

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for awesome-mcp-security.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-30.

6533
Packages Evaluated
19870
Need Evaluation
586
Need Re-evaluation
Community Powered