MCP Marketplace Launches Security-Scanned Directory of 1,900+ MCP Tool Plugins
Security-First MCP Plugin Directory
MCP Marketplace addresses trust issues in the growing MCP ecosystem by providing a security-scanned directory of over 1,900 MCP tool plugins. The platform was created in response to concerns about giving unvetted servers access to files, databases, and API keys.
Security Features
Every plugin listed on mcp-marketplace.io undergoes multi-layer security analysis before being included in the directory. The platform provides:
- Risk scores (0-10 scale) with detailed reports covering data exfiltration, obfuscated code, excessive permissions, and known vulnerabilities
- Endpoint probing for remote servers to check authentication and transport security
- Full transparency with security reports visible on every listing
Directory Contents and Installation
The marketplace currently includes:
- 1,900+ MCP servers
- Community reviews
- Creator reputation grades and profiles
- One-click installation for Claude Desktop, Cursor, ChatGPT, VS Code, and other platforms
The creator is soliciting feedback about security concerns with MCP servers and what would make developers trust a plugin enough to install it.
📖 Read the full source: r/LocalLLaMA
👀 See Also
Curated List of 260+ AI Agent Tools with Claude Ecosystem Highlights
A GitHub repository contains a curated list of 260+ AI agent tools, including specific Claude-related entries like Claude Code (80.9% SWE-bench), Claude Computer Use, and Claude in Chrome, plus tools that work well with Claude such as Cline and Cursor.
Developer shares hybrid AI coding workflow: Claude for planning, local models for execution
A developer built a pipeline using Claude 3.5 Sonnet for task planning and local Qwen2.5-Coder models via Ollama for code generation, achieving 85% token reduction compared to using Claude alone.
Pretticlaw: A Lighter Alternative to OpenClaw with Faster Setup
Pretticlaw is a lightweight alternative to OpenClaw that requires only 2 commands for setup, has a 30MB footprint, and responds in 2-3 seconds with an inbuilt dashboard on port 6767.
Reverse-engineering UniFi inform protocol for multi-tenant routing
The UniFi inform protocol sends device data to controllers via HTTP POST on port 8080 every 10 seconds. The first 40 bytes of each packet contain unencrypted device MAC addresses, enabling routing without decryption.