MCP Registry Metadata Reviewer Agent
Community reusable agent prompt for pre-publish review of MCP Registry server.json metadata using official quickstart and authentication documentation: namespace checks, package pointers, field validation, and duplicate listing detection.
Open the source and read safety notes before installing.
Safety notes
- Incorrect package coordinates can misdirect installers—verify artifact hashes or tags when possible.
- Private-only servers are out of registry scope; reject metadata pointing at private registries.
- Metadata review does not certify tool safety—note security scanning limitations explicitly.
- Publisher OAuth credentials must not appear in review logs or public tickets.
Privacy notes
- Draft metadata may include private repo URLs—redact before sharing review summaries.
- Authentication debug output can expose tenant identifiers—keep reports internal.
- Public approve/reject summaries should list field-level fixes, not full server.json secrets.
Prerequisites
- Draft server.json metadata prepared per MCP Registry quickstart steps.
- Namespace authentication completed via documented GitHub, DNS, or HTTP challenges.
- Reachability checks for npm, PyPI, Docker, GitHub, or remote URLs in metadata.
- Search results across registry listings for duplicate names or domains.
Schema details
- Install type
- copy
- Troubleshooting
- No
- Scope
- Source repo
Full copyable content
## Content
MCP Registry Metadata Reviewer Agent is a community-authored reusable prompt for pre-publish
validation of MCP Registry server.json files. It applies official quickstart and authentication
documentation—not an official MCP Registry reviewer service.
## Scope Note
This prompt maps review steps to documented quickstart publish requirements on
modelcontextprotocol.io. Ongoing curation after publish is covered by mcp-registry-curator-agent.
## Agent Prompt
You are an MCP Registry metadata reviewer. Validate server.json drafts before submission using
official quickstart and authentication documentation.
Workflow:
1. **Quickstart alignment.** Confirm draft follows publish steps documented in the registry quickstart.
2. **Namespace auth.** Verify reverse-DNS namespace ownership evidence matches authentication docs.
3. **Package pointers.** Ensure public npm/PyPI/Docker/remote URLs resolve and match described versions.
4. **Field validation.** Check required discovery fields, execution instructions, and validation limits.
5. **Scope rules.** Reject private-only installation paths per registry scope documentation.
6. **Duplicates.** Search existing listings for conflicting names, repos, or domains.
7. **Decision.** Approve submission, request fixes, or reject with explicit required changes.
Output contract:
- Quickstart checklist with pass/fail per documented requirement.
- Namespace and URL reachability summary.
- Duplicate findings.
- Approve / revise / reject recommendation.
## Features
- Applies registry quickstart publish requirements to review checklists.
- Validates namespace authentication before submission.
- Flags out-of-scope private server metadata early.
- Produces publisher-ready fix lists.
## Use Cases
- Publisher QA before first registry submission.
- Maintainer review of community registry pull requests.
- CI gate validating server.json before automated publish jobs.
- Security team pre-flight before marketplace ingestion.
## Source Notes
Verified against MCP Registry quickstart and authentication documentation on **2026-06-16**:
- Quickstart documentation lists concrete publish steps including preparing server.json,
authenticating publishers, and submitting metadata to the registry API.
- Authentication docs describe namespace verification through GitHub, DNS, or HTTP challenges
required before claiming reverse-DNS server names.
- Registry about documentation defines public accessibility requirements and metadata fields
stored in standardized server.json format.
## Duplicate Check
Checked content/agents and content/skills for registry review workflows.
mcp-registry-curator-agent covers post-publish curation and deprecations.
mcp-registry-publishing-capability-pack is a skills checklist for authors.
No agents entry applies quickstart publish requirements to pre-submission server.json review.
## Editorial Disclosure
Submitted as an independent community agent entry by kiannidev, based on public MCP Registry
quickstart and authentication documentation. No paid placement, referral, or affiliate relationship.
## Sources
- MCP Registry quickstart - https://modelcontextprotocol.io/registry/quickstart
- MCP Registry authentication - https://modelcontextprotocol.io/registry/authentication
- MCP Registry repository - https://github.com/modelcontextprotocol/registryAbout this resource
Content
MCP Registry Metadata Reviewer Agent is a community-authored reusable prompt for pre-publish validation of MCP Registry server.json files. It applies official quickstart and authentication documentation—not an official MCP Registry reviewer service.
Scope Note
This prompt maps review steps to documented quickstart publish requirements on modelcontextprotocol.io. Ongoing curation after publish is covered by mcp-registry-curator-agent.
Agent Prompt
You are an MCP Registry metadata reviewer. Validate server.json drafts before submission using official quickstart and authentication documentation.
Workflow:
- Quickstart alignment. Confirm draft follows publish steps documented in the registry quickstart.
- Namespace auth. Verify reverse-DNS namespace ownership evidence matches authentication docs.
- Package pointers. Ensure public npm/PyPI/Docker/remote URLs resolve and match described versions.
- Field validation. Check required discovery fields, execution instructions, and validation limits.
- Scope rules. Reject private-only installation paths per registry scope documentation.
- Duplicates. Search existing listings for conflicting names, repos, or domains.
- Decision. Approve submission, request fixes, or reject with explicit required changes.
Output contract:
- Quickstart checklist with pass/fail per documented requirement.
- Namespace and URL reachability summary.
- Duplicate findings.
- Approve / revise / reject recommendation.
Features
- Applies registry quickstart publish requirements to review checklists.
- Validates namespace authentication before submission.
- Flags out-of-scope private server metadata early.
- Produces publisher-ready fix lists.
Use Cases
- Publisher QA before first registry submission.
- Maintainer review of community registry pull requests.
- CI gate validating server.json before automated publish jobs.
- Security team pre-flight before marketplace ingestion.
Source Notes
Verified against MCP Registry quickstart and authentication documentation on 2026-06-16:
- Quickstart documentation lists concrete publish steps including preparing server.json, authenticating publishers, and submitting metadata to the registry API.
- Authentication docs describe namespace verification through GitHub, DNS, or HTTP challenges required before claiming reverse-DNS server names.
- Registry about documentation defines public accessibility requirements and metadata fields stored in standardized server.json format.
Duplicate Check
Checked content/agents and content/skills for registry review workflows. mcp-registry-curator-agent covers post-publish curation and deprecations. mcp-registry-publishing-capability-pack is a skills checklist for authors. No agents entry applies quickstart publish requirements to pre-submission server.json review.
Editorial Disclosure
Submitted as an independent community agent entry by kiannidev, based on public MCP Registry quickstart and authentication documentation. No paid placement, referral, or affiliate relationship.
Sources
- MCP Registry quickstart - https://modelcontextprotocol.io/registry/quickstart
- MCP Registry authentication - https://modelcontextprotocol.io/registry/authentication
- MCP Registry repository - https://github.com/modelcontextprotocol/registry
Source citations
Add this badge to your README
Show that MCP Registry Metadata Reviewer Agent is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.
[](https://heyclau.de/entry/agents/mcp-registry-metadata-reviewer-agent)How it compares
MCP Registry Metadata Reviewer Agent side by side with its closest alternative on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.
| Field | MCP Registry Metadata Reviewer Agent Community reusable agent prompt for pre-publish review of MCP Registry server.json metadata using official quickstart and authentication documentation: namespace checks, package pointers, field validation, and duplicate listing detection. Open dossier | MCP Authorization Boundary Review Agent Source-backed specialist agent for reviewing remote MCP authorization boundaries, protected resource metadata, resource indicators, token audience validation, token passthrough risk, and least-privilege scopes. Open dossier |
|---|---|---|
| Trust | ||
| Install risk | Review first | Review first |
| Notes | Safety ✓ Privacy ✓ | Safety ✓ Privacy ✓ |
| Category | agents | agents |
| Source | source-backed | source-backed |
| Author | kiannidev | JSONbored |
| Added | 2026-06-16 | 2026-06-05 |
| Platforms | Claude Code | Claude Code |
| Source repo | — | — |
| Safety notes | ✓Incorrect package coordinates can misdirect installers—verify artifact hashes or tags when possible. Private-only servers are out of registry scope; reject metadata pointing at private registries. Metadata review does not certify tool safety—note security scanning limitations explicitly. Publisher OAuth credentials must not appear in review logs or public tickets. | ✓A remote MCP server can expose tools backed by user accounts, tenant data, third-party APIs, or write-capable integrations. Block approval when a server accepts wrong-audience tokens, forwards incoming tokens, or cannot show protected resource metadata. |
| Privacy notes | ✓Draft metadata may include private repo URLs—redact before sharing review summaries. Authentication debug output can expose tenant identifiers—keep reports internal. Public approve/reject summaries should list field-level fixes, not full server.json secrets. | ✓OAuth metadata, redirect URLs, scopes, tenant IDs, token claims, and tool results may contain private account structure. Public reports should summarize authorization behavior without pasting tokens, claims, or internal identity-provider details. |
| Prerequisites |
|
|
| Install | — | — |
| Config | — | — |
| Citations | ||
| Claim | Unclaimed | Unclaimed |
Signals
Loading live community signals…
A short, calm digest of reviewed Claude resources. Unsubscribe any time.