ToolProof Trust Profile

ai-com-mcp-registry

Meaningful risk signals. Review before team or production use.

36risk score
Review Firstconnection signal
destructive_capabilityrisk type
57evidence score
Source: https://github.com/modelcontextprotocol/registry
Registry: ai.com.mcp/registry 1.0.0

Connection signal

Meaningful risk signals. Review before team or production use.

Observed tools

  • None observed in this static profile.

Top findings

  • References credential or secret pattern: DATABASE_URL — .env.example:8
  • Detected capability: wallet_payment — .env.example:22
  • References credential or secret pattern: API_KEY_GENERIC — .env.example:19

Recommended controls

  • Install in a sandbox before team or production use.
  • Pin the exact package/repository version.
  • Review install scripts, Dockerfile behavior, and dependency pins.

Static analysis can miss behavior. This profile is an connection review signal, not production approval.