Installation
Install the smcp CLI on macOS, Linux, Windows, or from source
What is MCP Hub
Learn what MCP Hub does and how it helps you run MCP servers safely
3 min read
MCP Hub is a trust infrastructure that automatically analyzes and certifies MCP (Model Context Protocol) servers so you can run them safely. Think of it as a trusted package manager for AI tools: you browse a catalog of MCP servers, each one scored and certified by automated security analysis, and run them locally with sandboxing and policy enforcement. No manual review, no guesswork about what a tool does behind the scenes.
Choose Your Path
The Catalog
The MCP Hub catalog at mcp-hub.info/catalog is where you discover MCP servers. Every server listed in the catalog has been automatically analyzed for security vulnerabilities. You can search by name, filter by category, and sort by security score or popularity.
Each MCP server in the catalog shows:
- Name and publisher – who created it and which organization it belongs to
- Security score – a number from 0 to 100 computed from automated analysis
- Certification level – a level from 0 to 3 based on the security score
- Description – what the MCP server does
- Version history – all published versions with their individual scores
Security Scores and Certification Levels
Every MCP server receives a security score from 0 to 100 based on automated static analysis. The scanner checks for 14 classes of vulnerabilities, including prompt injection, data exfiltration, insecure network access, and privilege escalation.
The score maps to a certification level:
| Level | Name | Minimum Score | What It Means |
|---|---|---|---|
| 0 | Integrity Verified | Any | Package integrity confirmed via digest. No analysis guarantees. |
| 1 | Static Verified | 60 | Basic analysis passed. No critical vulnerabilities found. |
| 2 | Security Certified | 80 | Full analysis with evidence. Security controls verified. |
| 3 | Runtime Certified | 90 | Dynamic analysis verified. Highest trust level. |
Higher certification levels mean the MCP server has passed more rigorous security checks. Organizations can set a minimum certification level as a policy requirement.
What MCP Hub Does NOT Require
- No self-hosting – MCP Hub is a hosted service. You do not need to run any servers or infrastructure.
- No infrastructure setup – There is nothing to configure, deploy, or maintain on your end.
- No account to run MCPs – You can install the CLI and run public MCP servers without creating an account. An account is only needed to publish your own MCP servers.
- No manual security review – Analysis is fully automated. You do not need to review source code yourself (though you always can).
Next Steps
- Install the CLI and get the
smcpcommand on your machine - Run your first MCP server in under 2 minutes
- Browse the catalog to see what is available