npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

mcp-server-mcpindex

v0.3.3

Published

An MCP server for finding MCP servers, plus advisory trust verdicts (check_tool_trust, assess_server) for agent frameworks. Drop-in for Claude Desktop, Cursor, Cline, Zed.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mcp-indexmcp-index

Keywords

mcpmodel-context-protocolclaudecursoragentdiscoverytrusttool-safetygovernance

Readme

mcp-server-mcpindex

An MCP server for finding MCP servers, plus advisory trust verdicts agent frameworks can call before invoking a tool.

A drop-in MCP server that lets your agent discover, compare, install, and pre-flight other MCP servers from inside the agent loop. Backed by mcpindex.ai - the agent-native index of 3,500+ MCP servers indexed daily from the official registry.

Install

npm install -g mcp-server-mcpindex

Use it from Claude Desktop

Add to ~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "mcpindex": {
      "command": "npx",
      "args": ["-y", "mcp-server-mcpindex@latest"]
    }
  }
}

@latest keeps you current: this is the advisory discovery server (not the in-path drift gate), so it carries no version pin — npx fetches the newest on your next host restart, no manual upgrade step.

Restart Claude Desktop. Then ask:

"Find me an MCP server that can read PDFs and write the contents to S3."

Claude calls recommend_mcp_for_task and returns the top 3 ranked servers with install commands.

Use it from Cursor

Add to .cursor/mcp.json:

{
  "mcpServers": {
    "mcpindex": {
      "command": "npx",
      "args": ["-y", "mcp-server-mcpindex@latest"]
    }
  }
}

Use it from Cline

Add to your Cline settings:

npx -y mcp-server-mcpindex@latest

Tools exposed

| Tool | What it does | | --- | --- | | recommend_mcp_for_task | Pass a natural-language task. Returns top 3 servers with reasoning, install commands, quality scores. | | search_mcp_servers | Keyword + semantic search across the full registry. Optional category filter. | | get_install_command | Get the exact install JSON for a server + a target client (Claude Desktop, Cursor, Cline, Zed). | | compare_servers | Side-by-side comparison of 2-5 servers - quality scores, install paths, env vars. | | check_tool_trust | Pre-invocation advisory verdict for a specific tool on a server. Fail-CLOSED: returns UNVERIFIED when no verdict on file. | | assess_server | Aggregated pre-flight verdict across all tools on a server. Same shape as check_tool_trust. |

Agent-framework integration: pre-invocation trust gate

check_tool_trust is the integration surface that lets agent frameworks (Composio, Mastra, LangChain, DSPy, raw LLM-tool-call loops) ask "is this tool safe to invoke right now?" before dispatching the call.

Verdict contract (v1)

{
  "directive": "ALLOW" | "DENY" | "REVIEW" | "UNVERIFIED",
  "status":    "EVALUATED" | "STALE" | "ERROR",
  "dimensions": [
    { "id": "tool_safety", "verdict": "PASS", "severity": "INFO" }
  ],
  "expires_at": "2026-06-30T00:00:00Z",
  "honest_limits": [
    "conformance_monitored_not_enforced",
    "calibrated_false_v1",
    "advisory_deployment"
  ],
  "verdict_contract_version": "1.0.0",
  "server_id": "github",
  "tool_name": "create_pull_request",
  "source_url": "https://mcpindex.ai/api/v1/trust/tool/github/create_pull_request",
  "fetched_at": "2026-05-28T18:42:11.118Z"
}

The free-tier verdict ships directives + dimensions + freshness. Evidence quotes, LLM rationale, and chain history are paid-tier surfaces and intentionally omitted here.

Honest limits (pin these to your gate UI)

Every v1 verdict ships with these three caveats, and your gate SHOULD surface them on every dispatch decision:

  1. conformance_monitored_not_enforced - publishers self-declare; mcpindex monitors drift but does not block at the network layer.
  2. calibrated_false_v1 - dimension severities are not yet calibrated against real-world incident data.
  3. advisory_deployment - the verdict is advisory; the agent (or human reviewing the agent) is the decision-maker.

History anchoring: OTS Bitcoin-anchored history; Bitcoin-finalized at N=6 confirmations (~1 hr); pending in ~10 min. Sub-window precision asserted, not proven.

Integration pattern (LangChain-style, direct LLM-tool-call convention)

import { Client } from '@modelcontextprotocol/sdk/client/index.js';
import { StdioClientTransport } from '@modelcontextprotocol/sdk/client/stdio.js';

const mcpindex = new Client({ name: 'gate', version: '1.0.0' }, { capabilities: {} });
await mcpindex.connect(new StdioClientTransport({
  command: 'npx', args: ['-y', 'mcp-server-mcpindex@latest'],
}));

// gateToolCall wraps any agent tool dispatch. Plug it in front of
// the LangChain / DSPy / Mastra / Composio tool-call hook.
async function gateToolCall({ serverId, toolName, invoke, askHuman }) {
  const res = await mcpindex.callTool({
    name: 'check_tool_trust',
    arguments: { server_id: serverId, tool_name: toolName },
  });
  const verdict = JSON.parse(res.content[0].text);

  // Pin the v1 caveats in the audit log no matter what.
  audit.log({ verdict, caveats: verdict.honest_limits });

  switch (verdict.directive) {
    case 'ALLOW':
      return invoke();

    case 'DENY':
      throw new Error(
        `mcpindex denied ${serverId}/${toolName}: ${JSON.stringify(verdict.dimensions)}`,
      );

    case 'REVIEW':
      // Fail-CLOSED to human. Do NOT auto-execute on REVIEW.
      return askHuman({ verdict, action: `${serverId}/${toolName}` });

    case 'UNVERIFIED':
      // No verdict on file (or upstream unreachable). Fail-CLOSED.
      // Recommend human review. Do NOT fail-open to invoke().
      return askHuman({
        verdict,
        action: `${serverId}/${toolName}`,
        note: 'No trust verdict on file. Human review required before first use.',
      });

    default:
      // Unknown directive. Fail-CLOSED.
      return askHuman({ verdict, action: `${serverId}/${toolName}` });
  }
}

The load-bearing rule: never fail-open

If the verdict endpoint is unreachable, returns 404, times out, or returns malformed JSON, check_tool_trust returns directive: "UNVERIFIED" + status: "ERROR". It never silently coerces to ALLOW. Your gate code SHOULD treat UNVERIFIED as "human review required", never as "looks fine, ship it."

This is tested. See test/trust.test.mjs.

Using the library directly (without MCP)

The trust client is also exported as a plain ES module:

import { checkToolTrust, assessServer } from 'mcp-server-mcpindex/src/trust.mjs';

const verdict = await checkToolTrust({
  serverId: 'github',
  toolName: 'create_pull_request',
});

if (verdict.directive !== 'ALLOW') {
  // Hand to a human, log, or block.
}

Backend

By default, calls go to https://mcpindex.ai. Override with MCPINDEX_API_BASE=... if you self-host.

The free tier is rate-limited to 60 req/min/IP. Paid keys are coming for higher throughput and the full evidence-bearing verdict (evidence quotes, LLM rationale, chain history).

License

MIT.

Project

Unofficial. Not affiliated with Anthropic.