MCP Registry Server
Publish and discover MCP servers via the official MCP Registry. Powered by HAPI MCP server.
Installation
Claude Desktop config (remote)
{
"mcpServers": {
"ai-com-mcp-registry": {
"type": "streamable-http",
"url": "https://registry.run.mcp.com.ai/mcp"
}
}
}Cursor config
{
"mcpServers": {
"ai-com-mcp-registry": {
"url": "https://registry.run.mcp.com.ai/mcp"
}
}
}Security Report
Score Breakdown
Findings (5)
Remote HTTP Endpoint Without Visible Authentication
Server operates as a remote HTTP endpoint (streamable-http transport) accessible via the internet. No authentication mechanism is documented in the provided metadata.
Unclear Operational Scope
Description states 'Publish and discover MCP servers' but doesn't clarify what operations are permitted, what data is exposed, or what validation occurs on published servers.
Potential for Registry Poisoning
A registry server that allows publishing without clear validation could be abused to distribute malicious server configurations if access controls are insufficient.
No Tool Definitions Available for Analysis
Tool definitions were not fetched, preventing detailed analysis of actual capabilities and input validation.
Semantic Analysis Summary
The MCP Registry Server has moderate security concerns due to its remote HTTP exposure without documented authentication and vague operational scope regarding publishing permissions and validation. While it has legitimate trust signals (official repository, website, known author), the lack of tool definition details and unclear access controls for registry publishing warrant caution. A score of 6 reflects these moderate concerns balanced against its official status.
Last scanned 1h ago
Details
- Version
- 1.0.0
- Transport
- streamable-http
- Capabilities
- Repository
- modelcontextprotocol/registry
- Website
- run.mcp.com.ai