MCP Observatory
security

Security

Every MCP risk signal in one place — CVEs, tool safety, drift, naming, licenses. Heuristic: review signals, not verdicts.

License hygiene: servers missing a license or carrying a strong-copyleft, non-commercial, or unrecognized one — informational, not part of the composite risk score.

  1. unrecognized borgmcpSEE LICENSE IN LICENSE
  2. unrecognized @visa/cliSEE LICENSE IN LICENSE
  3. unrecognized @testsprite/testsprite-mcpBUSL-1.1
  4. unrecognized @microsoft/github-copilot-app-modernization-mcp-serverSEE LICENSE IN LICENSE.txt
  5. unrecognized ue-mcpBUSL-1.1
  6. missing / unlicensed @atlassian-dc-mcp/common— no license declared —
  7. strong copyleft @kernlang/mcp-serverAGPL-3.0
  8. unrecognized @ironbee-ai/devtoolsElastic-2.0
  9. missing / unlicensed @automattic/mcp-wordpress-remote— no license declared —
  10. unrecognized local-mcpSEE LICENSE IN LICENSE
  11. missing / unlicensed clavue— no license declared —
  12. missing / unlicensed @wcag-checkr/mcpUNLICENSED
  13. unrecognized @askexenow/exe-osSEE LICENSE IN LICENSE
  14. missing / unlicensed playwright-mcp— no license declared —
  15. missing / unlicensed agnost— no license declared —
  16. unrecognized browser-devtools-mcpElastic-2.0
  17. strong copyleft @aikidosec/mcpAGPL
  18. unrecognized @microsoft/workiqSEE EULA
  19. strong copyleft skillfishAGPL-3.0
  20. unrecognized @ironbee-ai/cliElastic-2.0
  21. unrecognized context-modeElastic-2.0
  22. missing / unlicensed @bike4mind/cliUNLICENSED
  23. non-commercial / non-OSI @taazkareem/clickup-mcp-serverProprietary
  24. missing / unlicensed @claude-flow/mcp— no license declared —
  25. unrecognized @sentry/mcp-serverFSL-1.1-ALv2