Show HN: Risk Analysis Database of Every MCP Server(mcp.armor1.ai)
17 pointsby razuba7 hours ago2 comments
  • sunilagrawal3 hours ago
    This is interesting. How does it compare with some open source tools that claim to do something similar, say mcp-scan?
    • razuba2 hours ago
      We focus on a holistic risk analysis of the risks that would matter to a security engineer. For example, all the signals analyzed to ensure the MCP server is official and provided by the vendor directly is something that is not found elsewhere. In addition, we have focused on ensuring false positives are minimal or non-existent so you can focus on the true risks.

      So with the mix of static and dynamic analysis, MCP protocol conformance, supply chain vulnerability analysis, and MCP specific risk factors we curate a relevant risk score allowing you decide if the usage of a given MCP server is introducing unnecessary risk or not.

    • cheerio_dev2 hours ago
      These two seem to be doing two different things - mcp-scan is good at dynamic monitoring of your mcp server usage (the proxy server) and nothing much beyond that. It lacks comprehensiveness which is what the armor1 catalog appears to be aiming at
  • curious_wasabi3 hours ago
    Cool stuff! When you say "for every MCP server on the internet" how many MCP servers have you analysed exactly?

    btw it'd be really cool if there was an MCP server to get the risk analysis for the MCP servers i've installed already lol

    • razuba2 hours ago
      We have just under 17k analyzed. Agreed on the need for an Armor1 MCP server to support this - stay tuned.
    • sunilagrawal3 hours ago
      Agreed, MCP interface for the MCP risk analysis sounds like a great idea.
      • v8deran hour ago
        MCPs are an inherently risk paradigm, with not so great standardizations or protocols. The real boost would be to get visibility into what these tools are doing on my system while I let the agents go build for me.