registry
Verified Safeby modelcontextprotocol
Overview
The MCP Registry serves as a centralized metadata repository for publicly-available MCP servers, facilitating discovery and publishing of server information for clients and aggregators.
Installation
make dev-composeEnvironment Variables
- MCP_REGISTRY_DATABASE_URL
- MCP_REGISTRY_ENVIRONMENT
- MCP_REGISTRY_GITHUB_CLIENT_ID
- MCP_REGISTRY_GITHUB_CLIENT_SECRET
- MCP_REGISTRY_JWT_PRIVATE_KEY
- MCP_REGISTRY_ENABLE_ANONYMOUS_AUTH
- MCP_REGISTRY_SEED_FROM
- MCP_REGISTRY_OIDC_ENABLED
- MCP_REGISTRY_OIDC_ISSUER
- MCP_REGISTRY_OIDC_CLIENT_ID
- MCP_REGISTRY_OIDC_EXTRA_CLAIMS
- MCP_REGISTRY_OIDC_EDIT_PERMISSIONS
- MCP_REGISTRY_OIDC_PUBLISH_PERMISSIONS
- MCP_REGISTRY_ENABLE_REGISTRY_VALIDATION
- POSTGRES_DB
- POSTGRES_USER
- POSTGRES_PASSWORD
- PGDATA
Security Notes
The project demonstrates strong security awareness through features like package integrity verification (SHA-256), OIDC authentication, and domain verification (DNS/HTTP challenges). However, hardcoded development secrets (GitHub Client ID/Secret, JWT Private Key, OIDC Client ID) and anonymous authentication (`MCP_REGISTRY_ENABLE_ANONYMOUS_AUTH=true`) are present in `docker-compose.yml`. While these are intended for local development and mitigated by secure configuration in production (Pulumi), their presence in a configuration file used by `make dev-compose` is noted. The OpenAPI spec also explicitly warns clients about potential command injection risks when executing package arguments, which is a critical consideration for consumers of the registry data, though not a direct vulnerability in the registry itself.
Similar Servers
MCPJungle
MCPJungle is a self-hosted Model Context Protocol (MCP) Gateway that allows developers to register and manage various MCP servers and their tools from a central location, enabling AI agents to discover and consume these tools from a single gateway.
best-of-mcp-servers
This repository serves as a curated and ranked list of Model Context Protocol (MCP) servers, updated weekly, to help users discover relevant projects.
mcp-mcp
Discovers and suggests other Model Context Protocol (MCP) servers to AI assistants based on natural language queries, returning their full documentation.
registry
Registry for discovering Model Context Protocol (MCP) servers relevant to biomedical research, facilitating tool discovery and integration for AI assistants.