MCP Hub Documentation

Install CLI Run an MCP Create an MCP Security Analysis

Explore the Docs

Get Started

Install the CLI, run your first MCP server, and learn the core concepts in under 5 minutes.

Start here

Guides

Step-by-step walkthroughs for publishing MCPs, reading security reports, and managing your catalog.

Browse guides

Reference

Complete CLI command reference, package format specification, and security controls documentation.

View reference

What Can You Do?

MCP Hub gives you everything you need to find, run, and publish MCP servers with confidence.

Browse Certified MCP Servers

Explore the catalog at mcp-hub.info to find MCP servers that have been analyzed and certified. Filter by category, security score, and certification level.

Run MCPs Safely

Use the smcp run command to execute MCP servers with automatic sandboxing, policy enforcement, and resource isolation. No manual configuration needed.

Publish Your MCP Server

Submit your MCP server through the web dashboard. MCP Hub automatically analyzes it for vulnerabilities, assigns a security score, and publishes it to the catalog.

View Security Analysis

Every MCP server has a detailed security report showing vulnerability findings, security controls status, and a breakdown of the certification score.

Popular Topics

Run Your First MCP Server What is MCP Hub? Install the CLI Publish Your First MCP Server Understanding Security Reports CLI Command Reference

How It Works

MCP Hub takes MCP servers from source code to certified, sandboxed execution in five stages.

1

Publish

A developer submits their MCP server through the web dashboard by providing a Git repository URL or uploading source code directly.

2

Analyze

MCP Hub automatically scans the source code for security vulnerabilities across 14 vulnerability classes, including prompt injection, data exfiltration, and privilege escalation.

3

Certify

A security score from 0 to 100 is computed from the analysis results. The score determines the certification level (0 through 3), creating an immutable security snapshot.

4

Distribute

The certified package is published to the catalog and becomes available for anyone to browse, inspect, and download.

5

Execute

Users run smcp run org/name@version to download and execute the package inside a sandboxed environment with policy enforcement and resource limits.

Certification Levels

Every MCP server in the catalog is assigned a certification level based on automated security analysis.

0
Integrity Verified
Any Score

Digest validation and schema checks passed. The package is what the publisher claims it is.

1
Static Verified
Score >= 60

Basic static analysis completed. No critical vulnerabilities found in initial security scan.

2
Security Certified
Score >= 80

Full analysis with evidence artifacts. Security controls verified with attestation and SBOM.

3
Runtime Certified
Score >= 90

Dynamic analysis verified at runtime. The highest level of trust for production environments.

Ready to Get Started?

Install the CLI and run your first MCP server in under two minutes.

Install

Install the smcp CLI on macOS or Linux in one command.

Read more

Quickstart

Run your first MCP server and see the full pipeline in action.

Read more

Guides

Learn how to publish MCPs, read security reports, and manage your catalog.

Read more