{"id":"agentseal-awesome-mcp-security","name":"awesome-mcp-security","homepage":"https://agentseal.org/mcp","repo_url":"https://github.com/AgentSeal/awesome-mcp-security","category":"security","subcategories":[],"tags":["mcp","ai-security","trust-scores","awesome-list","prompt-injection","agent-risk-assessment"],"what_it_does":"awesome-mcp-security is a curated registry/listing of MCP servers along with a daily-updated “Trust Score” intended to help AI agents assess the safety of using particular MCP servers (i.e., attack-surface/prompt-injection/tool-poisoning risk), not the underlying code quality of those servers.","use_cases":["Selecting safer MCP servers for automated AI agent workflows","Filtering MCP tool integrations by trust/attack-surface risk","Guidance for adding guardrails/sandboxing around higher-risk MCP servers"],"not_for":["Security testing a specific MCP server implementation in your environment","Replacing runtime defenses (sandboxing, least privilege, output filtering)","Guaranteeing safety of any specific MCP server without independent verification"],"best_when":"You need a practical starting point to prioritize which MCP servers to integrate, and you will still enforce agent safety controls (sandbox, allowlists, strict permissions).","avoid_when":"You require authoritative or auditable security assurance for a specific MCP server release; this repo provides aggregated scores/curation rather than verifiable per-deployment security guarantees.","alternatives":["Run your own automated security scans/probing against MCP servers you intend to use","Use an MCP gateway/proxy with policy enforcement and allowlisted tools","Rely on vendor/provider security documentation and your own threat modeling for each MCP integration"],"af_score":23.8,"security_score":0.0,"reliability_score":5.0,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:34:43.142033+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":[],"oauth":false,"scopes":false,"notes":"No authentication interface described; this appears to be a registry/readme-driven listing rather than an API service."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing details provided in the provided content."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":23.8,"security_score":0.0,"reliability_score":5.0,"mcp_server_quality":0.0,"documentation_accuracy":60.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":100.0,"rate_limit_clarity":0.0,"tls_enforcement":0.0,"auth_strength":0.0,"scope_granularity":0.0,"dependency_hygiene":0.0,"secret_handling":0.0,"security_notes":"This repository content does not describe a service/API with transport/security controls; it primarily publishes curated security scoring information. As such, security scores here mostly reflect that there is no directly assessable authentication/transport/secret-handling surface in the provided material.","uptime_documented":0.0,"version_stability":20.0,"breaking_changes_history":0.0,"error_recovery":0.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Scores are intended as agent attack-surface guidance, not a guarantee of safety or correctness of the MCP server itself.","A daily-updated registry can lag behind new MCP server changes; reassess for the exact version/commit you deploy.","Trust scores can be impacted by how tools are used in an agent’s prompt/planning loop; runtime controls remain necessary."]}}