Source-verified MCP tools and listings
MCP servers and tool listings with visible source metadata for teams that want reviewable install paths and attribution before adoption.
MCP servers and tool listings with visible source metadata for teams that want reviewable install paths and attribution before adoption.
Compared at a glance
The top 5 picks side by side on trust, install, platform support, and disclosed notes — full rationale for each below.
3 trust signals differ across this comparison (Package trust, Source provenance, Submitter).
| Field | Official GitHub MCP server providing comprehensive GitHub API access for repository management, file operations, and search functionality Open dossier | Build applications, analyze traffic, and manage security settings through Cloudflare Open dossier | Security analysis and vulnerability scanning for dependencies Open dossier | Configure and manage Stytch authentication services and workspace settings Open dossier | Remote MCP server that turns any GitHub repository or GitHub Pages site into a documentation and code context source for AI coding assistants. Open dossier |
|---|---|---|---|---|---|
| Next steps | |||||
| Trust | |||||
| Review status | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed | ReviewedMaintainer reviewed |
| Package trustDiffers | Package verified | Package verified | Package verified | Package verified | Package not verified |
| Source provenanceDiffers | No submission link | No submission link | No submission link | No submission link | Source-backed |
| SubmitterDiffers | — | — | — | — | oktofeesh1 |
| Install risk | Low risk | Low risk | Low risk | Low risk | Review first |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Brand | |||||
| Category | mcp | mcp | mcp | mcp | mcp |
| Source | First-party | First-party | First-party | First-party | Source-backed |
| Author | GitHub | Cloudflare | Socket | Stytch | idosal |
| Added | 2025-09-18 | 2025-09-18 | 2025-09-18 | 2025-09-18 | 2026-06-05 |
| Platforms | |||||
| Harness | |||||
| Source repo | — | — | — | — | — |
| Safety notes | ✓Use a least-privilege GitHub token because repository, issue, pull request, and file operations can modify public or private projects. | ✓Use a least-privilege Cloudflare token because DNS, security, Worker, and deployment actions can affect production services. | ✓Treat dependency risk findings as triage input and verify impact before blocking releases or changing package policy. | ✓Restrict Stytch workspace and admin permissions because auth configuration changes can affect sign-in and account security. | ✓Repository-specific endpoints reduce the chance of an agent querying the wrong project, while the dynamic endpoint relies on correct target selection. Verify generated code against the upstream project documentation and changelog before applying it to production systems. Use caution with private, unreleased, or embargoed repositories unless you self-host and have reviewed access controls. |
| Privacy notes | ✓Repository contents, issues, pull requests, comments, org metadata, and user details may be sent through model context. | ✓Zone settings, analytics, logs, account identifiers, deployment metadata, and security configuration may be sent through model context. | ✓Package names, manifests, dependency graphs, repository context, and security findings may be sent through tool calls. | ✓User identities, authentication logs, session details, workspace settings, and security configuration may be sent through tool calls. | ✓GitMCP may receive repository choices, documentation queries, tool calls, and surrounding prompts through the MCP client. The README states that the hosted service does not collect personal information or store queries, but teams should still review the current privacy posture before sending proprietary context. Self-hosting may be preferable for private repositories, regulated work, or sensitive customer projects. |
| Prerequisites |
|
|
|
|
|
| Install | | | | | |
| Config | | | | | |
| Citations | |||||
| Claim | Unclaimed | Unclaimed | Unclaimed | Unclaimed | Unclaimed |
- 01
GitHub MCP Server for Claude
Official GitHub MCP server providing comprehensive GitHub API access for repository management, file operations, and search functionality
Added 10mo agoSafety ✓ Privacy ✓by GitHubWhy it made the cutGitHub MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 02
Cloudflare MCP Server - MCP Servers
Build applications, analyze traffic, and manage security settings through Cloudflare
Added 10mo agoSafety ✓ Privacy ✓by CloudflareWhy it made the cutCloudflare MCP Server - MCP Servers is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 03
Socket MCP Server for Claude
Security analysis and vulnerability scanning for dependencies
Added 10mo agoSafety ✓ Privacy ✓by SocketWhy it made the cutSocket MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 04
Stytch MCP Server for Claude
Configure and manage Stytch authentication services and workspace settings
Added 10mo agoSafety ✓ Privacy ✓by StytchWhy it made the cutStytch MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 05
GitMCP Docs Server
Connect Claude, Cursor, VS Code, Windsurf, and other MCP clients to live GitHub project docs through GitMCP.
Added 1mo agoSafety ✓ Privacy ✓by idosal · submitted by oktofeesh1Why it made the cutGitMCP Docs Server is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 06
Octocode MCP
Add GitHub, local, LSP, and package research tools to Claude.
Added 1mo agoSafety ✓ Privacy ✓by Guy Bary · submitted by oktofeesh1Why it made the cutOctocode MCP is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 07
Git MCP Server for Claude
Official MCP server providing Git repository tools for reading, searching, and manipulating Git repositories
Added 10mo agoSafety ✓ Privacy ✓by AnthropicWhy it made the cutGit MCP Server for Claude is included because it has maintainer-built package, safety notes present, privacy notes present, first-party source posture.
- 08
Bifrost MCP Gateway
Aggregate MCP tools behind Bifrost's gateway, then expose them through a governed /mcp endpoint with virtual keys, auth, tool filtering, logs, and provider routing.
Added 1mo agoSafety ✓ Privacy ✓by maximhq · submitted by oktofeesh1Why it made the cutBifrost MCP Gateway is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 09
Codacy MCP Server
Official Codacy MCP server: inspect code-quality and security (SRM) findings, file/PR coverage and duplication, and run local Codacy CLI analysis.
Added 11d agoSafety ✓ Privacy ✓by codacy · submitted by davion-knightWhy it made the cutCodacy MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 10
ENScan_GO MCP Server
Connect Claude to ENScan_GO company, ICP, app, and public-data gathering tools.
Added 1mo agoSafety ✓ Privacy ✓by WgpSec · submitted by oktofeesh1Why it made the cutENScan_GO MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 11
Gitleaks
Open-source secret scanner for repositories and files.
Added 1mo agoSafety ✓ Privacy ✓by Gitleaks · submitted by oktofeesh1Why it made the cutGitleaks is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 12
MCP Proxy for AWS
Bridge Claude, Kiro, and Python agent frameworks to MCP servers on AWS with automatic SigV4 signing, AWS profile selection, read-only mode, retries, timeouts, and public ECR or PyPI installs.
Added 1mo agoSafety ✓ Privacy ✓by aws · submitted by oktofeesh1Why it made the cutMCP Proxy for AWS is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 13
Microsoft MCP Gateway
Deploy and manage MCP server adapters in Kubernetes, route clients through session-aware gateway endpoints, register tools, and control access with bearer auth and Entra ID app roles.
Added 1mo agoSafety ✓ Privacy ✓by microsoft · submitted by oktofeesh1Why it made the cutMicrosoft MCP Gateway is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 14
NVIDIA SkillSpector
Scan AI agent skills before installing them with NVIDIA SkillSpector: static checks, optional LLM review, MCP risk analyzers, OSV lookups, and SARIF.
Added 1mo agoSafety ✓ Privacy ✓by NVIDIAWhy it made the cutNVIDIA SkillSpector is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 15
Pentest AI MCP Server
Connect Claude to authorized pentest-ai engagements, tools, probes, and findings.
Added 1mo agoSafety ✓ Privacy ✓by 0xSteph · submitted by oktofeesh1Why it made the cutPentest AI MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 16
Searchcode MCP Server
Analyze and search public Git repositories through a remote code intelligence MCP server.
Added 1mo agoSafety ✓ Privacy ✓by searchcode.com · submitted by oktofeesh1Why it made the cutSearchcode MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 17
Semgrep
Static analysis, SAST, secrets, dependency checks, and custom code rules.
Added 1mo agoSafety ✓ Privacy ✓by Semgrep · submitted by oktofeesh1Why it made the cutSemgrep is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 18
Snyk MCP Server for Claude
Connect Claude to Snyk Studio security scans for source code, dependencies, IaC, containers, SBOMs, AI-BOMs, and package-health checks.
Added 1mo agoSafety ✓ Privacy ✓by Snyk · submitted by oktofeesh1Why it made the cutSnyk MCP Server for Claude is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 19
SonarQube MCP Server
Connect Claude to SonarQube Server or Cloud for code quality, security, issues, hotspots, measures, quality gates, branches, and snippets.
Added 1mo agoSafety ✓ Privacy ✓by SonarSource · submitted by oktofeesh1Why it made the cutSonarQube MCP Server is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
- 20
ToolHive MCP Platform
Run and manage MCP servers with the `thv` CLI, container isolation, registries, secrets, client setup, gateway controls, and Kubernetes operator support.
Added 1mo agoSafety ✓ Privacy ✓by stacklok · submitted by oktofeesh1Why it made the cutToolHive MCP Platform is included because it has safety notes present, privacy notes present, source-backed source posture.
Reach for insteadIf this will touch credentials, local files, or production systems, inspect the upstream source first.
Missing a pick? Propose an edit to this list — every change goes through the same review queue as new entries.
Suggest a pickGet the weekly brief
One calm read on Claude workflows. Sundays. No tracking pixels.
Unsubscribe any time. No tracking pixels. No partner blasts.