MCP Observatory
security

Security

Every MCP risk signal in one place — CVEs, tool safety, drift, naming, licenses. Heuristic: review signals, not verdicts.

License hygiene: servers missing a license or carrying a strong-copyleft, non-commercial, or unrecognized one — informational, not part of the composite risk score.

  1. missing / unlicensed supergateway— no license declared —
  2. missing / unlicensed chedong/phpman— no license declared —
  3. unrecognized rozetyp/vuln-intel-mcpNOASSERTION
  4. unrecognized sailquery/niche-mcpNOASSERTION
  5. unrecognized Dakera-AI/dakera-deployNOASSERTION
  6. unrecognized G-Schumacher44/strata-ossNOASSERTION
  7. strong copyleft churik5/bulwark-mcpAGPL-3.0
  8. missing / unlicensed second-brain-factory/data-mcp— no license declared —
  9. missing / unlicensed Paul-Orlando/pinecone-mcp-server— no license declared —
  10. missing / unlicensed 7blacky7/synapse— no license declared —
  11. unrecognized AndreaBonn/my-team-ai-config-hubNOASSERTION
  12. unrecognized vulny-app/vulny-agent-scanNOASSERTION
  13. missing / unlicensed lexwhiting/settlegrid— no license declared —
  14. missing / unlicensed BatElPeretz/api-b2m— no license declared —
  15. missing / unlicensed desper1do/obsidian-mcp-server— no license declared —
  16. strong copyleft cbcoutinho/nextcloud-mcp-serverAGPL-3.0
  17. unrecognized vvka-141/pgmiNOASSERTION
  18. missing / unlicensed amitsingh2003/Synapse— no license declared —
  19. strong copyleft jaingxyz/personal-outlook-mcpAGPL-3.0
  20. unrecognized SukramJ/openccu-loomNOASSERTION
  21. missing / unlicensed stelis-dev/agent-q— no license declared —
  22. strong copyleft mdzio/ccu-ai-mcpGPL-3.0
  23. strong copyleft laszlopere/mcp-abacusGPL-3.0
  24. unrecognized gautamvarmadatla/mcpsafetywardenNOASSERTION
  25. strong copyleft NDDev-it-com/rldyour-mimocodeAGPL-3.0