Catalog Management

Admin catalog view, managing public and private MCPs, categories, tags, featured MCPs, and revoking certifications.

  5 min read  

Platform administrators have full visibility and control over the MCP catalog. This includes managing public and private MCPs, organizing them with categories and tags, featuring high-quality MCPs, and handling problematic entries.

Admin MCP Listing

Platform administrators can view all MCPs across the platform, including both public and private entries:

GET /api/v1/admin/mcps

Available Filters

ParameterDescription
querySearch by name or description
visibilityFilter by PUBLIC or PRIVATE
statusFilter by ACTIVE, INACTIVE, or PENDING
category_idFilter by category UUID
owner_idFilter by owner user UUID

The listing returns comprehensive metadata for each MCP, including owner information, category, tags, featured status, latest version, and security scores.

Managing MCPs

Creating MCPs

Platform administrators can manually register MCPs:

POST /api/v1/admin/mcps

{
  "name": "example-mcp",
  "repo_url": "https://github.com/org/example-mcp",
  "repo_branch": "main",
  "visibility": "PUBLIC",
  "category_id": "category-uuid",
  "owner_id": "user-uuid"
}

This is useful for importing MCPs from external sources, manual registration during testing, or provisioning MCPs on behalf of users.

Updating MCP Metadata

Correct or enhance MCP metadata:

PUT /api/v1/admin/mcps/{mcpId}

Editable fields include name, description, and category assignment. This allows administrators to fix incorrect information, improve descriptions for discoverability, and recategorize MCPs.

Changing Visibility

Administrators can change an MCP’s visibility between public and private. Changing a public MCP to private removes it from the public catalog but preserves all version and snapshot data.

Deleting MCPs

DELETE /api/v1/admin/mcps/{mcpId}

Deleting an MCP is a permanent operation that cascade-deletes all associated versions, snapshots, and control results. This action cannot be undone. Use it only for MCPs that violate terms of service or contain harmful content.

Before deleting, consider:

  • Marking the MCP as INACTIVE instead, which preserves the data while hiding it from active use.
  • Documenting the reason in the audit log for compliance records.

Categories

Categories provide high-level organization for the MCP catalog. They group related MCPs into browsable sections and help users discover relevant tools.

Managing Categories

List categories:

GET /api/v1/admin/categories

Create a category:

POST /api/v1/admin/categories

{
  "name": "AI Tools",
  "slug": "ai-tools",
  "description": "Artificial intelligence and machine learning tools",
  "icon": "brain"
}

Update a category:

PUT /api/v1/admin/categories/{categoryId}

Delete a category:

DELETE /api/v1/admin/categories/{categoryId}

A category cannot be deleted while MCPs are assigned to it. Reassign affected MCPs to another category first.

Assigning Categories to MCPs

PATCH /api/v1/admin/mcps/{mcpId}/category

{
  "category_id": "category-uuid"
}

Best Practices for Categories

  • Keep the list broad and high-level (aim for 5-15 categories).
  • Use clear, descriptive names that users will understand.
  • Avoid overly specific categories that would contain only a few MCPs.
  • Example categories: AI Tools, Data Processing, Security, DevOps, APIs, Communication, Databases, File Management.

Tags

Tags provide flexible, granular metadata for MCPs. Unlike categories (which are singular and hierarchical), MCPs can have multiple tags.

Managing Tags

List tags:

GET /api/v1/admin/tags

Create a tag:

POST /api/v1/admin/tags

{
  "name": "TypeScript",
  "slug": "typescript",
  "color": "blue"
}

Update a tag:

PUT /api/v1/admin/tags/{tagId}

Delete a tag:

DELETE /api/v1/admin/tags/{tagId}

Deleting a tag removes all associations with MCPs (cascade delete). The MCPs themselves are not affected.

Assigning Tags to MCPs

PATCH /api/v1/admin/mcps/{mcpId}/tags

{
  "tag_ids": ["uuid1", "uuid2", "uuid3"]
}

This replaces all existing tag assignments for the MCP.

Best Practices for Tags

  • Use lowercase for consistency (python, not Python).
  • Keep the core tag set manageable (20-30 tags).
  • Use tags for language, framework, use case, and technology indicators.
  • Example tags: python, typescript, javascript, go, api, database, security, ai, nlp, devops, kubernetes, monitoring.

Platform administrators can feature high-quality MCPs to highlight them in the public catalog:

POST /api/v1/admin/mcps/{mcpId}/featured

{
  "featured": true
}

Featured MCPs appear prominently on the homepage and in catalog listings. When selecting MCPs to feature, consider:

  • Security score: Feature MCPs with consistently high certification levels.
  • Community value: Prioritize MCPs that solve common problems or are widely used.
  • Code quality: Favor well-documented, tested, and maintained projects.
  • Diversity: Feature MCPs across different categories and use cases.

To remove featured status, set featured to false.

Revoking Certifications

While MCP Hub does not provide a direct “revoke certification” endpoint, administrators can effectively revoke certification through several mechanisms:

Mark as KNOWN_VULNERABLE

If new vulnerability information emerges that affects a certified version, the version status can be changed to KNOWN_VULNERABLE. This preserves the certification history while clearly indicating the version should not be used.

Trigger Re-Evaluation

If the analysis toolchain or vulnerability feeds have been updated, trigger a re-evaluation of the affected version. The new analysis may produce a lower score, which could change the certification level.

Mark MCP as INACTIVE

Setting an MCP’s status to INACTIVE stops all monitoring and effectively removes it from active use. Existing versions and snapshots are preserved for audit purposes.

Delete the MCP

As a last resort, deleting the MCP permanently removes all versions, snapshots, and registry entries. This is irreversible and should only be used for terms-of-service violations or confirmed malicious content.

Platform-Wide Catalog Operations

Quarterly Catalog Review

Recommended periodic maintenance tasks:

  1. Review uncategorized MCPs: Check for MCPs without categories and assign appropriate ones.
  2. Audit featured MCPs: Ensure featured MCPs still maintain high quality and relevance.
  3. Clean up stale MCPs: Identify MCPs whose repositories no longer exist or have not been updated in a long time.
  4. Tag consistency: Review tags for duplicates or inconsistencies.
  5. Category balance: Check that categories contain a reasonable number of MCPs each.

Handling Terms of Service Violations

When an MCP is reported or discovered to violate the terms of service:

  1. Document the issue: Record the specific violation and evidence.
  2. Suspend the owner (if appropriate): Use the user management panel to suspend the publisher.
  3. Delete the MCP: Remove the offending MCP from the catalog.
  4. Review related MCPs: Check if the same publisher has other problematic MCPs.
  5. Audit log: All actions are automatically recorded in the platform audit log.