MCP Security Index
Before you install an MCP server, see what it can do. AxioRank enumerates the tools each server declares (read-only, it never calls one) and grades the blast radius of what it can do: write, delete, execute, credential, and wildcard-scope capabilities. Scan a server not listed here.
59 servers · 16 with flagged capabilities
- AFetch Anthropic (MCP reference)Search & web · 1 tool · no flagged capabilities
- ATime Anthropic (MCP reference)Reference · 2 tools · no flagged capabilities
- AEverything (reference test server) Anthropic (MCP reference)Reference · 13 tools · no flagged capabilities
- AE2B Code Interpreter E2BDev tools · 1 tool · no flagged capabilities
- ACloudflare Documentation CloudflareCloud · 2 tools · no flagged capabilities
- AAWS Documentation (AWS Labs) AWS (awslabs)Reference · 4 tools · no flagged capabilities
- AQdrant QdrantData · 2 tools · no flagged capabilities
- APinecone Developer PineconeData · 1 tool · no flagged capabilities
- AHugging Face Hugging FaceData · 8 tools · no flagged capabilities
- AContext7 UpstashDev tools · 2 tools · no flagged capabilities
- AExa Search ExaSearch & web · 2 tools · no flagged capabilities
- ATavily Search TavilySearch & web · 5 tools · no flagged capabilities
- AKagi Search KagiSearch & web · 2 tools · no flagged capabilities
- ADuckDuckGo Search nickclydeSearch & web · 2 tools · no flagged capabilities
- AWikipedia rudra-raviReference · 22 tools · no flagged capabilities
- AarXiv blazickjpReference · 10 tools · no flagged capabilities
- AGit Anthropic (MCP reference)Dev tools · 12 tools · Tool declares a high-privilege capability
- ASequential Thinking Anthropic (MCP reference)Reference · 1 tool · Wildcard scope / permission
- BSquare Square (Block)Commerce · 3 tools · Code-execution capability
- BFilesystem Anthropic (MCP reference)Dev tools · 14 tools · Tool declares a high-privilege capability
- CClickHouse ClickHouseData · 3 tools · Code-execution capability
- CPuppeteer Anthropic (MCP reference, archived)Dev tools · 7 tools · Code-execution capability
- CRedis RedisData · 47 tools · Tool declares a high-privilege capability
- DNotion NotionProductivity · 24 tools · Tool declares a high-privilege capability
- DPlaywright MicrosoftDev tools · 23 tools · Tool declares a high-privilege capability
- DChroma ChromaData · 13 tools · Tool declares a high-privilege capability
- DMemory (Knowledge Graph) Anthropic (MCP reference)Data · 9 tools · Tool declares a high-privilege capability
- FMongoDB MongoDBData · 25 tools · Tool declares a high-privilege capability
- FShopify Dev ShopifyCommerce · 5 tools · Code-execution capability
- FHeroku Heroku (Salesforce)Cloud · 33 tools · Code-execution capability
- FKubernetes Flux159Dev tools · 23 tools · Code-execution capability
- FFirecrawl FirecrawlSearch & web · 26 tools · Code-execution capability
- –GitHub GitHubDev tools · scan pending
- –Linear LinearProductivity · scan pending
- –Stripe StripeCommerce · scan pending
- –Sentry SentryDev tools · scan pending
- –Atlassian (Jira & Confluence) AtlassianProductivity · scan pending
- –Supabase SupabaseData · scan pending
- –PostgreSQL Anthropic (MCP reference, archived)Data · scan pending
- –Perplexity Ask PerplexitySearch & web · scan pending
- –AWS Core (AWS Labs) AWS (awslabs)Cloud · scan pending
- –Brave Search BraveSearch & web · scan pending
- –Browserbase BrowserbaseDev tools · scan pending
- –Apify Actors ApifyDev tools · scan pending
- –Figma Context (community) GLipsDev tools · scan pending
- –Grafana Grafana LabsDev tools · scan pending
- –Vercel VercelCloud · scan pending
- –Slack Anthropic (MCP reference, archived)Communication · scan pending
- –Cloudflare Workers Bindings CloudflareCloud · scan pending
- –Neon NeonData · scan pending
- –Google Maps Anthropic (MCP reference, archived)Reference · scan pending
- –GitLab Anthropic (MCP reference, archived)Dev tools · scan pending
- –Cloudflare Observability CloudflareCloud · scan pending
- –Elasticsearch ElasticData · scan pending
- –Google Drive Anthropic (MCP reference, archived)Productivity · scan pending
- –PayPal PayPalCommerce · scan pending
- –Airtable domdomeggProductivity · scan pending
- –Obsidian MarkusPfundsteinProductivity · scan pending
- –Sanity SanityProductivity · scan pending
How the grades work
A grade measures blast radius: how much a server could do if it were compromised or misinstructed, based on the capabilities it declares (write, delete, execute, credential access, wildcard scope). It is not a vulnerability assessment and not a judgment of the vendor. Lower is better: A is 0 to 19, up to F at 80 and above. The scan is read-only. It lists tools and never calls one.
Run a server? You can scan it yourself and embed your grade. See something off? Every server page links a re-scan.
Govern the MCP servers your agents use
AxioRank is the security gateway for AI agents: allowlist servers, block risky tool calls, and get an audit trail of every action.
Start free