There are over 40,000 MCP server repositories on GitHub right now. That number was 5,000 six months ago.
The Model Context Protocol is eating the AI tooling world — but nobody is checking whether these servers are safe to run. We built Protodex to fix that.
The Problem
When you install an MCP server, you're giving it access to your filesystem, your APIs, your databases, and your shell. The @modelcontextprotocol/sdk makes it trivially easy to build a server. The result: thousands of servers published by developers who never thought about security.
We know this because we've been scanning them. Out of the 2,013 servers we've indexed, we found vulnerabilities serious enough to file bounty reports — and $4,725 has been confirmed for payout.
What Protodex Does
Protodex.io is a searchable directory of 2,013 MCP servers across 13 categories:
| Category | Servers | Examples |
|---|---|---|
| AI/LLM | 974 | Claude integrations, embedding servers, agent frameworks |
| Code/Dev Tools | 224 | GitHub, GitLab, Jira, IDE integrations |
| API Integration | 116 | Slack, Discord, Stripe, Twilio connectors |
| Memory/Knowledge | 111 | RAG servers, knowledge graphs, note-taking |
| Database | 87 | Postgres, MongoDB, Redis, Supabase MCP |
| Security | 67 | Vulnerability scanners, auth servers |
| Browser/Web | 58 | Playwright, puppeteer, web scrapers |
Every server listing shows:
- Source repository and stars
- Language and last update
- Category and description
- Security indicators (this is what makes us different)
How We Built It
The architecture is simple by design:
- Scraper — 25 GitHub search queries run weekly, catching new MCP servers across Python, TypeScript, Go, Rust, Java, and C#
- Categorizer — keyword-based classification into 13 categories
- Static site generator — builds 2,000+ HTML pages with per-server detail pages
- Auto-deploy — git push to GitHub Pages every Monday at 6 AM
- Security scanner — runs mcp-security-audit on indexed servers
The entire pipeline runs unattended. Zero manual work after setup.
What We Found Scanning MCP Servers
When we audited servers from the official Anthropic and community collections, we found:
- SSRF vulnerabilities in servers that fetch URLs without validation
- Path traversal in file-serving MCP servers
- SQL injection in database MCP servers that pass user input to queries
- Command injection in servers that shell out to system commands
- Pickle deserialization in ML model servers
These aren't theoretical. We filed reports with Huntr and MSRC. $4,725 has been confirmed for the first batch, with 74+ additional findings in the pipeline.
The typical pattern: a developer builds an MCP server to solve their problem, publishes it to GitHub, and never thinks about what happens when the input comes from an untrusted source. But MCP servers receive prompts that could contain anything — including attack payloads.
Why Not Just Use mcp.so or Smithery?
Fair question. Here's the honest comparison:
| Feature | mcp.so | Smithery | Protodex |
|---|---|---|---|
| Backed by | Anthropic | VC-funded | Independent |
| Server count | ~200 curated | ~500 | 2,013 |
| Security scores | No | No | Yes |
| Open source | No | No | Yes |
| Auto-updates | Unknown | Unknown | Weekly (GitHub scraper) |
| Vulnerability research | No | No | $4,725 in bounties |
Our moat is security. Nobody else scans MCP servers for vulnerabilities and publishes the results. We use our own tools (ai-injection-guard, mcp-security-audit) to do the analysis.
The Auto-Refresh Pipeline
Every Monday at 6 AM, a launchd job:
- Runs 25 GitHub search queries for new MCP servers
- Indexes new servers into a SQLite database
- Categorizes them by keyword matching
- Exports to JSON
- Builds 2,000+ static HTML pages
- Git pushes to GitHub Pages
- Sends a Telegram notification with the count
The pipeline has been running since March. We went from 1,629 servers to 2,013 in the last refresh — 384 new servers discovered in one week.
Use Protodex
- Browse: protodex.io — search by keyword, filter by category
- Contribute: GitHub repo — open source, PRs welcome
- Security: Found a vulnerable MCP server? Email LuciferForge@proton.me
We also maintain a Polymarket historical dataset (8.9M data points) and AI security tools on PyPI.
Protodex is built by LuciferForge — an independent security research lab focused on AI agent safety.
Top comments (0)