Open-source trust scores for MCP server packages. Updated daily. rubric source · live API
Packages with at least one hard-block signal (typosquat, hardcoded credentials, etc.). Names redacted pending responsible disclosure.
| # | Verdict | Reason | Status |
|---|---|---|---|
| 1 | BLOCK | Hard-coded Anthropic API key in published source | Maintainer privately notified, 7-day disclosure window |
| 2 | BLOCK | Typosquat of official @modelcontextprotocol/server-puppeteer | Public |
| 3 | BLOCK | Typosquat (similar pattern) | Public |
| Score | Package | Reason |
|---|---|---|
| 50 | [email protected] | 2,299 days since last release · 1 known CVE |
| 53 | [email protected] | 390 days stale + no repo URL |
| 53 | [email protected] | 442 days stale + no repo URL |
| 53 | [email protected] | 451 days stale + no repo URL |
| 53 | [email protected] | 392 days stale + no repo URL |
| 53 | [email protected] | 494 days stale + no repo URL |
| 55 | [email protected] | deprecated, 1 OSV CVE |
| 57 | @jsonresume/[email protected] | 451 days stale, no license |
| 57 | @jsonresume/[email protected] | 422 days stale, no license |
| 62 | @google/[email protected] | Google has archived the repo · 395 days stale |
| 64 | @modelcontextprotocol/server-github | "official" — 416 days stale, no repo URL |
| 64 | @modelcontextprotocol/create-server | "official" — 550 days stale, no repo URL |
| 67 | @modelcontextprotocol/server-postgres | "official" — 541 days stale, no repo URL |
| 67 | @modelcontextprotocol/server-slack | "official" — 399 days stale, no repo URL |
| 67 | @modelcontextprotocol/server-gdrive | "official" — 501 days stale, no repo URL |
Six "official" @modelcontextprotocol/server-* packages have been published over a year ago with no repository URL in their package.json. If you depend on these, mirror the source.
We score our own packages with the same rubric. Here is what came out:
| Package | Verdict | Score | Suppressed signals (self-disclosed) |
|---|---|---|---|
@weiseer/llm-oracle-mcp | PASS | 100 | B2 single-maintainer, B3 new-repo |
@weiseer/bounty-mcp | PASS | 100 | B2, B3 |
@weiseer/status-aggregator-mcp | PASS | 100 | B2, B3 |
@weiseer/api-changelog-mcp | PASS | 100 | B2, B3 |
@weiseer/cve-cache-mcp | PASS | 100 | B2, B3 |
@weiseer/dns-cache-mcp | PASS | 100 | B2, B3 |
@weiseer/package-meta-mcp | PASS | 100 | B2, B3 |
@weiseer/regulatory-deadline-mcp | PASS | 100 | B2, B3 |
@weiseer/license-checker-mcp | PASS | 100 | B2, B3 |
All 9 packages PASS. Two signals are suppressed on packages flagged as self_disclosure: true in the rubric: single-maintainer and new-repo — both expected on packages published the same day. The rubric file is open-source; argue with the methodology if you disagree.
