Score the quality, security
and context-cost of your MCP servers.
One unified audit → an explainable MCP Score /100, with causal attribution (“why this score”) and actionable fixes. No registry required — just paste a URL.
★ 37+ MCP servers already scored · OWASP MCP Top 10 · official spec 2025-11-25 · open-source CLI (MIT)
of context eaten by schema bloat — the #1 pain of 2026, that nobody scores + fixes.
security · tool design · schemas · reliability · context-cost · compliance · coverage.
tool poisoning, rug-pull, lethal-trifecta, exfiltration — detected and explained.
Auditing flags the risk. The gateway stops it reaching your agent.
A score is a snapshot — production needs more. Catch runtime tool-poisoning, watch for rug-pulls, and gate every MCP call in real time. Hosted, or self-hosted in your own VPC.
Behavioral evals
We actually invoke read-only tools with canary inputs and inspect the responses for tool-output prompt-injection, exfiltration and secret leakage — what static analysis can’t see.
Continuous monitoring
Tracked servers are re-checked and behaviorally re-evaluated on drift. Tool-pinning catches rug-pulls; you get drift & score-threshold alerts via webhook.
In-band gateway
Put CheckMCP between your agent and the MCP server. Passive observes & logs; active blocks policy violations and strips injected/exfiltrating tool responses before your agent ever sees them.
Audited servers
| 01 | exa-search-server mcp.exa.ai | ~555 tok | 89B |
| 02 | Microsoft Learn MCP Server learn.microsoft.com | ~1.3k tok | 88B |
| 03 | @huggingface/mcp-services huggingface.co | ~2.9k tok | 86B |
| 04 | Context7 mcp.context7.com | ~1.2k tok | 85B |
| 05 | GitMCP gitmcp.io | ~546 tok | 83B |
| 06 | Astro Docs server mcp.docs.astro.build | ~84 tok | 83B |
Browse by category
all collections ›Independently-audited rankings of the best and safest MCP servers by use case — and head-to-head comparisons.
How the MCP Score is computed
Six weighted pillars (reliability shown but not yet credited), hard floors (secret-in-schema → cap D, failed handshake → cap F), and a traceable attribution for every penalty.
Security
/20Tool design
/18Schemas / desc
/16Reliability
/14Context-cost
/12Compliance
/12Coverage
/8Calibrated on the real MCP ecosystem · official spec 2025-11-25 · annotations, OAuth 2.1/PKCE, cursor pagination, JSON-RPC errors.
MCP security & auditing — FAQ
Common questions about checking, scoring and protecting Model Context Protocol servers.