🛡️ ToolTrust Directory

This repo hosts tooltrust.dev — the website and pre-scanned report data. If you want to scan your own MCP servers, go to tooltrust-scanner.

A public registry of AI agent tools, continuously scanned for prompt injection, data exfiltration, and privilege escalation by ToolTrust Scanner.

🚨 Supply-Chain Incident Coverage (March 2026) ToolTrust now detects and blocks confirmed supply-chain incidents including the LiteLLM / TeamPCP compromise and the malicious axios npm publish (axios@1.14.1, axios@0.30.4). For npm-backed MCP servers, ToolTrust also scores dependency visibility, transitive lockfile evidence, lifecycle scripts, and IOC indicators such as plain-crypto-js.

---

📊 Security Registry

Top 50 by popularity. View all 1189 tools → Full Directory · data/reports/ · docs/tools/

Tool	Version	Popularity	Grade	Key Findings	Scanned
playwright-mcp	0.0.75	12.2M/mo	D	📦 AS-004 ×23, 🔑 AS-002 ×15, ⚡ AS-006 ×2, ⚡ AS-011 ×6	May 29
chrome-devtools-mcp	chrome-dev…	8.7M/mo	D	📦 AS-004 ×29, 🔑 AS-002 ×16, ⚡ AS-011 ×4, ⚡ AS-006	May 29
upstash-context7-mcp	1.0.30	5.4M/mo	B	AS-014 ×2, 🔑 AS-002, ⚡ AS-011	May 29
context7	1.0.30	5.4M/mo	B	AS-014 ×2, 🔑 AS-002, ⚡ AS-011	May 29
gemini-cli	0.45.0-pre…	3.2M/mo	C	AS-014 ×56, 🔑 AS-002 ×35, ⚡ AS-011 ×11	May 29
cloudflare-containers	0.3.2	1.3M/mo	A	🔑 AS-002 ×5, ⚡ AS-011, AS-014 ×7	May 17
mcp-server-filesystem	typescript…	1.3M/mo	C	🔑 AS-002 ×15, 📦 AS-004 ×14, ⚡ AS-011	May 29
n8n-mcp	2.56.0	552.6k/mo	C	📦 AS-004 ×7, 🔑 AS-002 ×7, ⚡ AS-011 ×2	May 29
mcp-server-github	typescript…	535.6k/mo	C	🔑 AS-002 ×35, 📦 AS-004 ×26, ⚡ AS-011 ×18	May 29
mcp-server-sequential-thinking	typescript…	431.3k/mo	B	📦 AS-004	May 29
xcodebuildmcp	2.5.2	324.2k/mo	B	AS-014 ×71, 🔑 AS-002 ×35, ⚡ AS-011 ×3	May 29
cameroncooke-xcodebuildmcp	2.3.2	313.1k/mo	B	AS-014 ×71, 🔑 `AS

... View full README on GitHub