Safe MCP install checklist resources
MCP servers and install resources that help teams review source, credentials, file access, network behavior, and package trust.
MCP servers and install resources that help teams review source, credentials, file access, network behavior, and package trust.
Compared at a glance
The top 5 picks side by side on trust, install, platform support, and disclosed notes — full rationale for each below.
3 trust signals differ across this comparison (Package trust, Source provenance, Submitter).
| Field | Build applications, analyze traffic, and manage security settings through Cloudflare Open dossier | Security analysis and vulnerability scanning for dependencies Open dossier | Configure and manage Stytch authentication services and workspace settings Open dossier | AWS-maintained proxy and Python library that lets MCP clients and agent frameworks connect to IAM-secured MCP servers on AWS by signing requests with AWS SigV4 credentials. Open dossier | Official Snyk Studio MCP Server for connecting Claude Code, Codex CLI, Cursor, Gemini CLI, and other local MCP clients to Snyk Code, Open Source, IaC, container, SBOM, AI-BOM, package-health, authentication, and secure-at-inception workflows. Open dossier |
|---|---|---|---|---|---|
| Next steps | |||||
| Trust | |||||
| Review status | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed |
| Package trustDiffers | Package verified | Package verified | Package verified | Package not verified | Package not verified |
| Source provenanceDiffers | No submission link | No submission link | No submission link | Source-backed | Source-backed |
| SubmitterDiffers | — | — | — | oktofeesh1 | oktofeesh1 |
| Install risk | Low risk | Low risk | Low risk | Review first | Review first |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Brand | — | ||||
| Category | mcp | mcp | mcp | mcp | mcp |
| Source | First-party | First-party | First-party | Source-backed | Source-backed |
| Author | Cloudflare | Socket | Stytch | aws | Snyk |
| Added | 2025-09-18 | 2025-09-18 | 2025-09-18 | 2026-06-06 | 2026-06-04 |
| Platforms | |||||
| Harness | |||||
| Source repo | — | — | — | — | — |
| Safety notes | ✓Use a least-privilege Cloudflare token because DNS, security, Worker, and deployment actions can affect production services. | ✓Treat dependency risk findings as triage input and verify impact before blocking releases or changing package policy. | ✓Restrict Stytch workspace and admin permissions because auth configuration changes can affect sign-in and account security. | ✓MCP Proxy for AWS signs MCP requests with local AWS credentials, so tool calls can inherit the AWS permissions of the selected profile or role. Multi-profile mode injects an `aws_profile` parameter into auth-requiring tools; restrict the profile list to accounts and roles an agent may safely use. The `--read-only` flag disables tools that require write permissions when the upstream tool annotations identify them, but it is not a substitute for IAM least privilege. The `--skip-auth` option can bypass request signing when credentials are unavailable; avoid it unless the endpoint is intentionally unauthenticated. Docker examples mount AWS credential directories read-only; keep mounts scoped and avoid sharing long-lived credentials with untrusted containers. | ✓Snyk documents this as a local MCP server that runs through the Snyk CLI so it can access local project files. Do not treat it like a hosted remote endpoint or expose it to untrusted clients. The official examples use `snyk@latest`; this listing pins the currently observed npm package version for reproducibility. Re-check Snyk's docs and npm package metadata before updating the pinned runner. Authenticate with the least-privilege Snyk account that can inspect the target project. Do not commit Snyk tokens, generated MCP configs, CLI auth state, Claude configs, Codex configs, or copied scan output that contains sensitive findings. Snyk requires trusting the current project directory before scanning. Treat that trust step as a real access decision, especially for monorepos, regulated codebases, customer projects, and worktrees containing secrets. The `snyk_sca_scan` tool can execute third-party ecosystem tools such as Gradle or Maven to build dependency trees. Run scans only in projects where dependency resolution commands are acceptable. Container, IaC, SBOM, AI-BOM, and package-health tools may require extra local files, network access, preview feature access, or container image references. Review each tool call before letting the assistant expand the scan surface. Treat generated remediation guidance as advisory. A human should review code changes, dependency upgrades, IaC edits, Dockerfile changes, and suppressions before they are committed or deployed. |
| Privacy notes | ✓Zone settings, analytics, logs, account identifiers, deployment metadata, and security configuration may be sent through model context. | ✓Package names, manifests, dependency graphs, repository context, and security findings may be sent through tool calls. | ✓User identities, authentication logs, session details, workspace settings, and security configuration may be sent through tool calls. | ✓The proxy may process AWS access keys, session tokens, profile names, regions, SigV4 headers, MCP endpoint URLs, metadata, prompts, tool names, tool arguments, tool results, logs, telemetry, and framework session data. AWS profile names and metadata can reveal account structure, environment names, regions, and service ownership. Logs from clients, containers, or frameworks can expose endpoint URLs, selected profiles, tool arguments, and AWS error details. Store AWS credentials through standard credential providers or IAM roles, rotate temporary sessions, and avoid committing MCP client configs with real endpoints or profile names. | ✓Snyk MCP can read local source code, dependency manifests, package lock files, IaC definitions, Dockerfiles, container image references, SBOM files, AI project metadata, and scanner results from the connected project. Scans can send project metadata, dependency information, vulnerability context, code-analysis data, organization identifiers, authentication state, and package-health requests to Snyk services according to the configured product and account. Claude, Codex, IDE logs, MCP client transcripts, screenshots, shell history, and tickets can retain Snyk findings outside Snyk's normal access controls and retention settings. Security findings may reveal vulnerable dependencies, vulnerable code paths, internal package names, container base images, cloud resources, application structure, and remediation priorities. Avoid pasting raw findings into public issues or unaudited chat systems. The `snyk_send_feedback` tool can send issue-fix feedback to Snyk. Use it only when that feedback path is approved for the project and organization. |
| Prerequisites |
|
|
|
|
|
| Install | | | | | |
| Config | | | | | |
| Citations | |||||
| Claim | Unclaimed | Unclaimed | Unclaimed | Unclaimed | Unclaimed |
- 01
Cloudflare MCP Server - MCP Servers
Build applications, analyze traffic, and manage security settings through Cloudflare
Added 10mo agoSafety ✓ Privacy ✓by CloudflareWhy it made the cutCloudflare MCP Server - MCP Servers is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 02
Socket MCP Server for Claude
Security analysis and vulnerability scanning for dependencies
Added 10mo agoSafety ✓ Privacy ✓by SocketWhy it made the cutSocket MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 03
Stytch MCP Server for Claude
Configure and manage Stytch authentication services and workspace settings
Added 10mo agoSafety ✓ Privacy ✓by StytchWhy it made the cutStytch MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 04
MCP Proxy for AWS
Bridge Claude, Kiro, and Python agent frameworks to MCP servers on AWS with automatic SigV4 signing, AWS profile selection, read-only mode, retries, timeouts, and public ECR or PyPI installs.
Added 1mo agoSafety ✓ Privacy ✓by aws · submitted by oktofeesh1Why it made the cutMCP Proxy for AWS is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 05
Snyk MCP Server for Claude
Connect Claude to Snyk Studio security scans for source code, dependencies, IaC, containers, SBOMs, AI-BOMs, and package-health checks.
Added 1mo agoSafety ✓ Privacy ✓by Snyk · submitted by oktofeesh1Why it made the cutSnyk MCP Server for Claude is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 06
AWS IAM MCP Server
Connect Claude to AWS IAM to inspect users, roles, groups, and policies, simulate permissions, and (opt-in) manage IAM — read-only mode supported.
Added 28d agoSafety ✓ Privacy ✓by AWS Labs · submitted by jaso0n0818Why it made the cutAWS IAM MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 07
Bifrost MCP Gateway
Aggregate MCP tools behind Bifrost's gateway, then expose them through a governed /mcp endpoint with virtual keys, auth, tool filtering, logs, and provider routing.
Added 1mo agoSafety ✓ Privacy ✓by maximhq · submitted by oktofeesh1Why it made the cutBifrost MCP Gateway is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 08
CVE MCP Server
Connect Claude to CVE, vulnerability, exploit, and threat-intelligence lookup tools.
Added 1mo agoSafety ✓ Privacy ✓by Mahipal Jangra · submitted by oktofeesh1Why it made the cutCVE MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 09
ENScan_GO MCP Server
Connect Claude to ENScan_GO company, ICP, app, and public-data gathering tools.
Added 1mo agoSafety ✓ Privacy ✓by WgpSec · submitted by oktofeesh1Why it made the cutENScan_GO MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 10
Microsoft MCP Gateway
Deploy and manage MCP server adapters in Kubernetes, route clients through session-aware gateway endpoints, register tools, and control access with bearer auth and Entra ID app roles.
Added 1mo agoSafety ✓ Privacy ✓by microsoft · submitted by oktofeesh1Why it made the cutMicrosoft MCP Gateway is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 11
Pentest AI MCP Server
Connect Claude to authorized pentest-ai engagements, tools, probes, and findings.
Added 1mo agoSafety ✓ Privacy ✓by 0xSteph · submitted by oktofeesh1Why it made the cutPentest AI MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 12
SonarQube MCP Server
Connect Claude to SonarQube Server or Cloud for code quality, security, issues, hotspots, measures, quality gates, branches, and snippets.
Added 1mo agoSafety ✓ Privacy ✓by SonarSource · submitted by oktofeesh1Why it made the cutSonarQube MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 13
ToolHive MCP Platform
Run and manage MCP servers with the `thv` CLI, container isolation, registries, secrets, client setup, gateway controls, and Kubernetes operator support.
Added 1mo agoSafety ✓ Privacy ✓by stacklok · submitted by oktofeesh1Why it made the cutToolHive MCP Platform is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 14
Wassette MCP Server
Run sandboxed WebAssembly component tools from Claude through the Wassette MCP server.
Added 1mo agoSafety ✓ Privacy ✓by Microsoft · submitted by oktofeesh1Why it made the cutWassette MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 15
Airtable MCP Server for Claude
Read and write records, manage bases and tables in Airtable directly from Claude
Added 10mo agoSafety ✓ Privacy ✓by domdomeggWhy it made the cutAirtable MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 16
Asana MCP Server for Claude
Interact with Asana workspaces to manage projects and tasks
Added 10mo agoSafety ✓ Privacy ✓by AsanaWhy it made the cutAsana MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 17
AWS Services MCP Server - MCP Servers
Comprehensive AWS cloud services integration for infrastructure management, deployment, and monitoring
Added 10mo agoSafety ✓ Privacy ✓by AWS LabsWhy it made the cutAWS Services MCP Server - MCP Servers is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 18
Box MCP Server for Claude
Access enterprise content, analyze unstructured data, and automate workflows
Added 10mo agoSafety ✓ Privacy ✓by BoxWhy it made the cutBox MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
Missing a pick? Propose an edit to this list — every change goes through the same review queue as new entries.
Suggest a pickGet the weekly brief
One calm read on Claude workflows. Sundays. No tracking pixels.
Unsubscribe any time. No tracking pixels. No partner blasts.