Skip to main content
Security · mcp · 16 picks

Security-reviewed MCP servers and agent tools

MCP and agent resources that deserve extra scrutiny for credentials, file access, network access, and operational trust.

Curated by @heyclaude-editors Updated 2026-07-18

MCP and agent resources that deserve extra scrutiny for credentials, file access, network access, and operational trust.

Compared at a glance

The top 5 picks side by side on trust, install, platform support, and disclosed notes — full rationale for each below.

3 trust signals differ across this comparison (Package trust, Source provenance, Submitter).

Next steps differ across picks — use the actions in the table below to copy install commands and source links per resource.

Field

Build applications, analyze traffic, and manage security settings through Cloudflare

Open dossier

Security analysis and vulnerability scanning for dependencies

Open dossier

Configure and manage Stytch authentication services and workspace settings

Open dossier

Official AWS Labs MCP server for AWS CloudTrail that lets AI assistants query account activity for security investigations, compliance auditing, and operational troubleshooting via Event History and CloudTrail Lake SQL.

Open dossier

A Stop hook that runs npm audit, pip-audit, safety, or bundler-audit automatically at the end of every Claude Code session, detecting CVEs and outdated packages across Node.js, Python, and Ruby projects.

Open dossier
Next stepsDiffers
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustDiffersPackage verifiedPackage verifiedPackage verifiedPackage not verifiedPackage not verified
Source provenanceDiffersNo submission linkNo submission linkNo submission linkSource-backedSource-backed
SubmitterDiffersjaso0n0818
Install riskLow riskLow riskLow riskReview firstReview first
Notes Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓ Safety ✓ Privacy ✓
BrandCloudflare logoCloudflareSocket logoSocketStytch logoStytchAWS Labs logoAWS Labs
Categorymcpmcpmcpmcphooks
SourceFirst-partyFirst-partyFirst-partySource-backedSource-backed
AuthorCloudflareSocketStytchAWS LabsJSONbored
Added2025-09-182025-09-182025-09-182026-06-212025-09-19
Platforms
Harness
Source repo
Safety notesUse a least-privilege Cloudflare token because DNS, security, Worker, and deployment actions can affect production services.Treat dependency risk findings as triage input and verify impact before blocking releases or changing package policy.Restrict Stytch workspace and admin permissions because auth configuration changes can affect sign-in and account security.The provided tools are read-only — they look up CloudTrail events and run Lake queries, and do not modify infrastructure. Grant only the CloudTrail read permissions listed in the documentation (least privilege). This server reads audit data with your AWS credentials; scope the profile to the intended account and run it only on a trusted host. CloudTrail Lake SQL queries against large event data stores can incur AWS query/scan costs; review query scope before running broad analyses.Runs automatically at session end and invokes local package-manager audit tools when dependency lockfiles are present. May contact package registries or vulnerability advisory services through npm, yarn, safety, pip, or bundler-audit. Writes a timestamped security-audit log in the current working directory.
Privacy notesZone settings, analytics, logs, account identifiers, deployment metadata, and security configuration may be sent through model context.Package names, manifests, dependency graphs, repository context, and security findings may be sent through tool calls.User identities, authentication logs, session details, workspace settings, and security configuration may be sent through tool calls.CloudTrail events expose account activity: usernames, access key IDs, source IPs, ARNs, and API call details can be returned to the model. Keep account identifiers, credentials, and returned event contents out of public prompts, issues, and screenshots, since audit data is sensitive.Reads dependency manifests and lockfiles to identify package managers and audit targets. The generated audit log may include package names, versions, vulnerability identifiers, and remediation output. External audit tools may send package metadata to their configured registries or advisory services.
Prerequisites
  • Cloudflare account with active zones
  • Cloudflare API Token from https://dash.cloudflare.com/profile/api-tokens
  • Cloudflare Account ID (found in Cloudflare dashboard)
  • Node.js and npm/npx available for running the @cloudflare/mcp-server-cloudflare package
  • Socket account (free or paid plan)
  • OAuth authentication setup (for mcp.socket.dev MCP connection)
  • Socket API key (for Socket API access, available in Socket Dashboard)
  • Network access to mcp.socket.dev (HTTPS required)
  • Stytch account (free or paid plan)
  • Stytch API key authentication (for mcp.stytch.dev MCP connection)
  • Stytch project_id and secret from Dashboard (test or live environment)
  • Network access to mcp.stytch.dev (HTTP transport, not HTTPS)
  • An AWS account with CloudTrail enabled (Event History is on by default; CloudTrail Lake is needed for SQL queries).
  • Python 3.10 or newer and `uv` / `uvx` installed (Astral) to run the package.
  • AWS credentials configured locally (for example via `aws configure` or `AWS_PROFILE`) with CloudTrail read permissions (`cloudtrail:LookupEvents`, `cloudtrail:StartQuery`, `cloudtrail:GetQueryResults`, and related).
  • An MCP client that supports stdio servers; the server runs locally on the same host as the client.
— none listed
Install
claude mcp add cloudflare --env CLOUDFLARE_API_TOKEN=YOUR_TOKEN --env CLOUDFLARE_ACCOUNT_ID=YOUR_ACCOUNT_ID && claude mcp list
claude mcp add --transport http socket https://mcp.socket.dev/ && claude mcp list
claude mcp add --transport http stytch http://mcp.stytch.dev/mcp && claude mcp list
uvx awslabs.cloudtrail-mcp-server@latest
mkdir -p .claude/hooks && touch .claude/hooks/dependency-security-audit-on-stop.sh && chmod +x .claude/hooks/dependency-security-audit-on-stop.sh
Config
{
  "mcpServers": {
    "cloudflare": {
      "env": {
        "CLOUDFLARE_API_TOKEN": "${CLOUDFLARE_API_TOKEN}",
        "CLOUDFLARE_ACCOUNT_ID": "${CLOUDFLARE_ACCOUNT_ID}"
      },
      "args": [
        "-y",
        "@cloudflare/mcp-server-cloudflare"
      ],
      "command": "npx",
      "type": "stdio"
    }
  }
}
{
  "mcpServers": {
    "socket": {
      "url": "https://mcp.socket.dev/",
      "type": "http"
    }
  }
}
{
  "mcpServers": {
    "stytch": {
      "url": "http://mcp.stytch.dev/mcp",
      "type": "http"
    }
  }
}
{
  "mcpServers": {
    "awslabs.cloudtrail-mcp-server": {
      "command": "uvx",
      "args": ["awslabs.cloudtrail-mcp-server@latest"],
      "env": {
        "AWS_PROFILE": "${AWS_PROFILE}",
        "FASTMCP_LOG_LEVEL": "ERROR"
      },
      "type": "stdio"
    }
  }
}
{
  "hooks": {
    "stop": {
      "script": "./.claude/hooks/dependency-security-audit-on-stop.sh"
    }
  }
}
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimedUnclaimed
Open 4 picks in the interactive comparison tool
  1. 01
    Why it made the cut

    Cloudflare MCP Server - MCP Servers is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  2. 02
    Why it made the cut

    Socket MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  3. 03
    Why it made the cut

    Stytch MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  4. 04
    Why it made the cut

    AWS CloudTrail MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  5. 05
    Why it made the cut

    Dependency Security Audit is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  6. 06
    Why it made the cut

    Prompt-Injection Content Scanner - Claude Code Hook is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  7. 07
    Why it made the cut

    Security Auditor Expert - CLAUDE.md Rules for Claude Code is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  8. 08
    Why it made the cut

    Lakera Guard is included because it has privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  9. 09
    Why it made the cut

    ContrastAPI Security Tools is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  10. 10
    Why it made the cut

    Searchcode MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.

    Reach for instead

    If this will touch credentials, local files, or production systems, inspect the upstream source first.

  11. 11
    Why it made the cut

    Airtable MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  12. 12
    Why it made the cut

    Asana MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  13. 13
    Why it made the cut

    AWS Services MCP Server - MCP Servers is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  14. 14
    Why it made the cut

    Box MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  15. 15
    Why it made the cut

    Canva MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

  16. 16
    Why it made the cut

    Claude Desktop MCP Setup is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.

Missing a pick? Propose an edit to this list — every change goes through the same review queue as new entries.

Suggest a pick
Weekly · Sundays

Get the weekly brief

One calm read on Claude workflows. Sundays. No tracking pixels.

Unsubscribe any time. No tracking pixels. No partner blasts.