hyper-mcp

Fast, secure MCP server runtime that loads tools as WebAssembly plugins. Plugins can be written in any WASM-compatible language, distributed via OCI registries (Docker Hub, GHCR), and run sandboxed with configurable memory/network/filesystem constraints. Includes 19+ built-in plugins.

Evaluated Mar 06, 2026 (0d ago) vunknown
Homepage ↗ Repo ↗ Developer Tools mcp webassembly wasm rust extism plugin-system oci-registry sigstore sandboxing edge-computing
⚙ Agent Friendliness
74
/ 100
Can an agent use this?
🔒 Security
74
/ 100
Is it safe for agents?
⚡ Reliability
65
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
78
Documentation
72
Error Messages
60
Auth Simplicity
78
Rate Limits
68

🔒 Security

TLS Enforcement
88
Auth Strength
72
Scope Granularity
65
Dep. Hygiene
80
Secret Handling
68

MCP server framework/toolkit. Security depends on tools implemented. Input validation and auth are developer responsibility. TypeScript/Rust implementations available.

⚡ Reliability

Uptime/SLA
65
Version Stability
68
Breaking Changes
62
Error Recovery
65
AF Security Reliability

Best When

You want a secure, portable MCP server runtime with plugin isolation, OCI-based distribution, and the ability to write tools in any WASM-compatible language.

Avoid When

You need a simple single-purpose MCP server, require unrestricted system access from tools, or your team is not comfortable with WASM/OCI concepts.

Use Cases

  • Running MCP tools in sandboxed WASM environments for security
  • Distributing MCP plugins via OCI registries like Docker images
  • Deploying MCP servers on edge, IoT, or resource-constrained devices
  • Building custom MCP tools in any language that compiles to WASM
  • Composing multiple MCP tool plugins into a single server

Not For

  • Users who just need a single specific MCP tool
  • Projects requiring native system access without sandboxing
  • Teams unfamiliar with WebAssembly or container concepts
  • Simple MCP server needs where Python/Node suffice

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

Methods: basic token keyring
OAuth: No Scopes: No

Auth methods are for OCI registry access (pulling plugins). The MCP server itself has no auth. Supports platform-native keyring integration.

Pricing

Model: open_source
Free tier: Yes
Requires CC: No

Apache-2.0 license. Free and open source. Plugins distributed via public OCI registries.

Agent Metadata

Pagination
unknown
Idempotent
Unknown
Retry Guidance
Not documented

Known Gotchas

  • Plugin quality varies - built-in plugins are solid but third-party may not be
  • WASM sandbox limits may prevent some tools from working (no arbitrary filesystem/network)
  • OCI registry auth needed for private plugin registries
  • Tool name prefix configuration needed to avoid naming collisions across plugins
  • Sigstore verification requires cosign for OCI plugins

Alternatives

mcp-server-fetch (simple built-in MCP server) Custom Python/Node MCP servers Docker-based MCP server deployment fastmcp (Python MCP framework)

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for hyper-mcp.

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5215
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered