Command Palette

Search for a command to run...

UnylyUnyly
All posts
·guide·Fasad Salatov

How we security-scan 15,000 MCPs without AI

A catalog this size can't be reviewed by hand, and we don't trust an LLM to gate installs. Here is the deterministic scan that runs on every server.

Every MCP asks to run inside your assistant's session with your credentials. That's a lot of trust for a listing. So each server gets a scan — and it's boring on purpose.

Deterministic, not AI

We don't ask a model "is this safe?" — that's non-reproducible and gameable. The scan is static and rule-based:

  • Declared env / secrets — what the server reads, pulled from the package README and manifest.
  • A signal score — publish recency, repo presence, package size anomalies, dependency health.
  • Repo existence checks — dead GitHub repos get flagged so the catalog doesn't show broken install buttons.

Why boring is the point

A security gate has to be predictable. Rules give the same answer every run and you can explain exactly why something scored the way it did. An LLM judge can't promise that.

The Verified badge

Servers that also pass a manual review get a checkmark — no eval/exec, no credential mishandling, egress limited. Verified listings convert far better because users can see the diligence.

Browse the catalog at unyly.org/browse.

Read next