MCP Safety Index
An independent ranking of official B2B SaaS MCP servers — scored on security, compliance, and protocol fidelity — so you know what you're really plugging your agents into before you connect it.
Security
Token handling, scope creep, authz enforcement, audit, and data over-sharing — how much damage a single tool call can do.
✓ OWASP MCP Top 10 · 5 items measured live, 5 LLM-assessed with a cited rationale per score
Authentication
Bearer vs OAuth, PKCE, resource indicators, metadata discovery, dynamic client registration, and issuer binding.
✓ OAuth 2.1 + RFC 8707 · 9728 · 7591 · 7636 · 9207 · measured live by walking the OAuth flow
Protocol fidelity
How faithfully the server implements the spec — capabilities, tool schemas, errors, transport — judged for today and for the July release.
✓ MCP 2025-06-18 & the 2026-07-28 RC · run as an authorized client against the official conformance suite
Get an MCP scored
Drop the server URL and your email — we'll run it through the rubric and send you the results.
Ranking
| Server | Security | Auth | Protocol · 2025-06-18 | Overall |
|---|---|---|---|---|
1 Productboard https://mcp.productboard.com/mcp | 82 | 88 | 91 | 87B |
2 Honeycomb https://mcp.honeycomb.io/mcp | 75 | 79 | 94 | 83B |
3 Airtable https://mcp.airtable.com/mcp | 76 | 81 | 88 | 82B |
4 Apify https://mcp.apify.com | 72 | 75 | 97 | 81B |
5 Mixpanel https://mcp.mixpanel.com/mcp | 75 | 78 | 91 | 81B |
6 Stripe https://mcp.stripe.com | 75 | 75 | 94 | 81B |
7 Attio https://mcp.attio.com/mcp | 81 | 82 | 77 | 80B |
8 Calendly https://mcp.calendly.com | 76 | 76 | 88 | 80B |
9 ClickHouse https://mcp.clickhouse.cloud/mcp | 78 | 81 | 77 | 79C |
10 PostHog https://mcp.posthog.com/mcp | 67 | 75 | 91 | 78C |
