The MCP Server Inside the MCP Server
You know that scene in Inception where they go deeper β a dream within a dream within a dream β and at each level, the rules change but the mission stays the same?
We just did that with MCP.
MCPpedia is a catalog of 17,000+ MCP servers. We score them on security, maintenance, efficiency, documentation, and compatibility. We scan for CVEs, detect tool poisoning, flag injection risks. We've been doing this on a website.
But here's the problem: when you ask your AI "what's a good MCP server for databases?" β the AI can't check MCPpedia. It can't verify scores. It can't scan for CVEs on your behalf. It just... guesses. Based on whatever it remembers from training data that's already months old.
So we built an MCP server that gives your AI direct access to our entire catalog.
An MCP server that evaluates MCP servers. It's not recursion β it's the trust layer the ecosystem was missing.
Here's what's actually happening when you ask Claude "find me a safe database server":
Your AI uses an MCP server to evaluate other MCP servers before recommending them to you. The result isn't a guess β it's a ranked list with scores: Supabase MCP at 95/100, MongoDB at 91/100, each backed by real CVE scans and maintenance data. That's not a gimmick β that's the trust infrastructure the ecosystem needs.
The MCP ecosystem has a problem. There are 17,000+ servers and counting. Most of them are mediocre. Some are abandoned. A few are actively dangerous β with hidden instructions in tool descriptions designed to manipulate your AI.
Right now, when you ask an AI to recommend an MCP server, it's operating blind. It might recommend something with:
- Known CVEs it can't check
- Tool poisoning it can't detect
- 8,000 tokens of schema bloat eating your context window
- No commits in a year β effectively abandoned
The MCPpedia MCP Server changes this. Every recommendation is backed by real data:
We kept the surface area small on purpose. Top-scoring MCP servers don't ship 50 tools β they ship the right ones.
search_servers
The entry point. Search by keyword, filter by category, set a minimum quality score. Your AI asks "database server" and gets back scored, ranked results β not a random GitHub list.
get_server_details
The deep dive. Full scoring breakdown, every tool listed, install configs ready to paste, links to source code. Pass security: true and it becomes a full security audit β CVE count, tool poisoning flags, injection risk analysis, evidence trail.
compare_servers
Side-by-side. Drop in 2-5 server slugs and get a markdown table comparing them across all scoring dimensions. No more opening 5 tabs to compare READMEs.
get_install_config
"How do I install this in Cursor?" β answered instantly with a ready-to-paste JSON config. Supports Claude Desktop, Cursor, Claude Code, and Windsurf.
get_trending
What's hot. Top-rated, most-starred, or newest servers. Filter by category. This is how your AI stays current β not from training data, but from live rankings.
We score every MCP server on security. So we scored ourselves:
MCPpedia Scoring System
Total: 100 ptsOfficial score: 90/100 β with three perfect sub-scores (security, documentation, compatibility). The only room to grow is maintenance, which climbs naturally as the project gains stars and downloads.
What we explicitly cannot detect (and we say so in every security report):
- Runtime output injection attacks
- Undocumented tools not in the README
- Supply chain attacks in transitive dependencies
- Malicious code paths only triggered at runtime
Honesty about limitations is a security feature.
Claude Desktop
Add to your claude_desktop_config.json:
{
"mcpServers": {
"MCPpedia": {
"command": "npx",
"args": ["-y", "mcp-server-mcppedia"]
}
}
}
Claude Code
claude mcp add MCPpedia -- npx -y mcp-server-mcppedia
Cursor
Add to .cursor/mcp.json:
{
"mcpServers": {
"MCPpedia": {
"command": "npx",
"args": ["-y", "mcp-server-mcppedia"]
}
}
}
No API keys. No sign-up. No configuration. It just works.
Think about what happens next:
- Someone installs the MCPpedia MCP Server
- They ask their AI "what's the best database MCP server?"
- The AI uses MCPpedia (an MCP server) to search 17,000+ MCP servers
- It comes back with Supabase MCP β 95/100, 2,587 stars, Grade A efficiency, zero CVEs
- The user installs Supabase MCP with the config MCPpedia provided
- Their AI is now better because an MCP server helped it choose wisely
It's servers all the way down. And at every layer, the quality goes up because the trust data is real β not hallucinated, not from stale training data, but from daily automated scans.
The best way to find an MCP server is to ask an MCP server. The meta is the product.
MCPpedia MCP Server is open source and free. No API keys, no sign-up, 60 requests/minute.
MCPpedia page: mcp-server-mcppedia GitHub: BbekShr/mcp-server-mcppedia npm: mcp-server-mcppedia
Keep reading
This article was written by AI, powered by Claude and real-time MCPpedia data. All facts and figures are sourced from our database β but AI can make mistakes. If something looks off, let us know.