Making AI Tooling Trustworthy

MCP-Hub is the trust layer for the Model Context Protocol ecosystem. We analyze, certify, and govern MCP servers so teams can adopt AI tooling with confidence.

The Problem

AI agents are rapidly adopting the Model Context Protocol to interact with external tools and data. But most MCP servers run with full system access, no security review, and no governance.

A single compromised tool can exfiltrate credentials, inject prompts, or escalate privileges — all without the user ever knowing.

The MCP ecosystem needs a trust layer. That's why we built MCP-Hub.

Our Approach

A three-step pipeline from code to trust

Analyze

每个MCP服务器均通过专有深度学习模型、高级污点分析和多轮模式匹配进行14类漏洞扫描

Certify

Deterministic scoring produces certification levels 0-3, backed by immutable snapshots and reproducible evidence

Govern

Organizations enforce policies on what can run, with audit trails, RBAC, and compliance reporting

Our Values

Transparency

Every score is deterministic and reproducible. Every finding is backed by evidence. No black boxes.

Security First

Every design decision starts with security. Immutable snapshots, content-addressed artifacts, and deterministic scoring leave no room for ambiguity.

Developer Experience

Security tools should empower developers, not slow them down. We prioritize clean APIs, fast feedback, and seamless CI/CD integration.

Open Source

Our analyzer and client are open source. Audit the tools that audit your tools.

European Data Residency

Infrastructure hosted in European datacenters (Hetzner, Germany). Your data stays in the EU, compliant with GDPR and European data sovereignty requirements.

EU Hosted GDPR Compliant

我们的创始人

由拥有数十年关键基础设施保护经验的网络安全老兵打造

Daniel García

Daniel García

@cr0hn

联合创始人

20年以上网络安全经验。100多个开源项目(3500多个GitHub星标)。工具已纳入Kali Linux和BlackArch。RSA Conference、RootedCON和OWASP马德里演讲嘉宾。全球最具影响力DevSecOps专家Top 50。前42Crunch。

LinkedIn
Alfonso Muñoz 博士

Alfonso Muñoz 博士

@mindcrypt

联合创始人

马德里理工大学电信博士。20年以上网络安全经验。60多篇论文、6本书籍、2项专利。BlackHat USA/EU/Asia、DEF CON、HITB演讲嘉宾。Powerglot和StegoWiper创建者。Google Bug Hunter。欧洲刑警EC3专家。前SandboxAQ和IOActive。

LinkedIn

Open Source at the Core

Core components of MCP-Hub are open source. We believe transparency is essential to building trust in security tooling.

MCP Cage — CLI launcher with sandboxing and policy enforcement

解析、下载、验证并执行经过认证的MCP包,内置安全策略、资源限制和平台特定的沙箱隔离。

mcp-scan — Static security analyzer for MCP servers

通过基于数十万真实样本训练的专有深度学习模型、污点分析和多轮模式匹配,在Python、TypeScript、JavaScript和Go中检测14类漏洞。

在GitHub上查看

Ready to Get Started?

Join the growing community building trustworthy AI tooling

Get in Touch GitHub