Certification Levels

MCP Hub assigns a certification level to every certified version of an MCP server. Certification levels range from 0 to 3 and represent increasing degrees of security assurance. The level is derived from the Global Score computed during the certification pipeline.

Level Overview

Level 0: Integrity Verified

Minimum Global Score: 0

Level 0 is the baseline certification. It confirms that the MCP server’s source code was successfully ingested and that the fundamental integrity checks passed.

What Is Verified

• The source code was successfully cloned from the repository at the specified commit hash.
• The commit hash was verified against the repository.
• A content-addressed digest (SHA-256) was generated for the source tarball.
• The MCP server schema is valid.
• The source code could be processed by the analysis pipeline without errors.

What Level 0 Does Not Guarantee

Level 0 does not indicate that the MCP server is secure. It only confirms that the certification pipeline was able to process it. An MCP with many critical vulnerabilities may still receive Level 0 if the Global Score is below 60.

Typical MCPs at Level 0

• Newly registered MCPs that have not been optimized for security.
• MCPs with significant vulnerabilities or missing security practices.
• Projects with exposed secrets, unpinned dependencies, or critical CVEs.

Level 1: Static Verified

Minimum Global Score: 60

Level 1 indicates that the MCP server has undergone static analysis and achieved an acceptable baseline score. It means the MCP has no critical unaddressed security issues and follows basic security practices.

Requirements

• Global Score of 60 or higher.
• Static analysis completed by the MCP-Scan toolchain.
• No unresolved critical-severity findings that alone would drop the score below 60.
• Basic metadata is present (name, description, valid repository).

What Level 1 Indicates

• The MCP server has been analyzed for common vulnerability classes.
• The most severe issues have been addressed or are absent.
• The dependency chain has been evaluated at a basic level.
• The project shows some indicators of maturity.

Typical MCPs at Level 1

• Community-contributed MCPs that follow basic security hygiene.
• Projects that have addressed critical and most high-severity findings.
• MCPs with reasonable dependency management but room for improvement.

Level 2: Security Certified

Minimum Global Score: 80

Level 2 represents a strong security posture. It indicates that the MCP server has undergone full security analysis and that the results – including evidence – demonstrate a high degree of security assurance.

Requirements

• Global Score of 80 or higher.
• Full analysis completed, including all 14 vulnerability classes in MCP-Scan.
• No critical-severity findings.
• Evidence references attached to all control results.
• Supply Chain Score of at least 70 (healthy dependencies, approved licenses, lockfile present).

What Level 2 Indicates

• The MCP server has strong security controls in place.
• Dependencies are well-managed with lockfiles and version pinning.
• No critical vulnerabilities or exposed secrets.
• The project demonstrates maturity through documentation, tests, or CI/CD.
• Full evidence trail is available for audit review.

Typical MCPs at Level 2

• Official or verified MCPs maintained by established publishers.
• Enterprise-quality projects with comprehensive security practices.
• MCPs that organizations typically approve for production use via governance policies.

Level 3: Runtime Certified

Minimum Global Score: 90

Level 3 is the highest certification level, reserved for MCPs that demonstrate exceptional security posture. It is planned to include dynamic (runtime) analysis in future releases.

Current Requirements

• Global Score of 90 or higher.
• All Level 2 requirements met.
• Security Score of at least 90.
• Supply Chain Score of at least 80.
• Minimal findings overall, with none above medium severity.

Planned Future Requirements

• Dynamic analysis results (sandbox execution testing).
• Runtime behavior verification (network access patterns, filesystem usage).
• Resource consumption profiling.
• SBOM completeness verification.

What Level 3 Indicates

• The MCP server represents best-in-class security practices.
• It has been thoroughly analyzed with all available tools.
• The codebase is clean, well-maintained, and actively monitored.
• It is suitable for the most security-sensitive environments.

Typical MCPs at Level 3

• MCP servers maintained by the MCP Hub team (Official origin).
• Security-focused tools and utilities.
• Projects with dedicated security teams and regular audits.

How to Improve Your Score

If your MCP server is not achieving the certification level you need, the following actions can help improve your scores:

Improve Security Score

1. Fix critical and high vulnerabilities: These carry the largest penalties (-40 and -20 respectively). Prioritize addressing them first.
2. Remove exposed secrets: Ensure no API keys, passwords, or tokens appear in the source code. Use environment variables or secret management tools.
3. Address insecure patterns: Review MCP-Scan findings for unrestricted filesystem access, command injection risks, or unvalidated network requests.
4. Update vulnerable dependencies: Upgrade dependencies with known CVEs to patched versions.

Improve Supply Chain Score

1. Add a lockfile: Include a package-lock.json, yarn.lock, go.sum, or equivalent lockfile for your ecosystem.
2. Pin dependency versions: Use exact version specifiers instead of ranges (e.g., 1.2.3 instead of ^1.2.3).
3. Review licenses: Ensure all dependencies use recognized open-source licenses.
4. Minimize dependencies: Remove unused dependencies to reduce the attack surface.
5. Update outdated dependencies: Keep dependencies up to date to avoid known vulnerabilities.

Improve Maturity Score

1. Add documentation: Include a README with usage instructions, API documentation, or a user guide.
2. Add tests: Include a test suite or at least a test configuration file.
3. Add CI/CD configuration: Include a GitHub Actions, GitLab CI, or similar pipeline configuration.
4. Use version tags: Tag releases in your Git repository.
5. Maintain a changelog: Keep a CHANGELOG file documenting changes between versions.

General Best Practices

• Iterate and re-analyze: After making improvements, push a new commit to trigger a new version and certification pass. Each new version gets a fresh analysis.
• Review the snapshot details: The snapshot detail page shows exactly which controls failed and why. Use this information to target your improvements.
• Monitor trends: Track your scores over time to ensure they are trending upward.

Certification Levels in Governance Policies

Enterprise organizations can use certification levels in their governance policies:

• Require minimum certification level: For example, “Only Level 2 or higher MCPs may be downloaded in production environments.”
• Score-based policies: Set minimum Global Score, Security Score, or Supply Chain Score thresholds.
• CI/CD integration: Use the evaluate endpoint to fail pipelines when MCPs do not meet certification requirements.

These policies are enforced at download time through the organization’s dedicated registry subdomain, ensuring that only approved MCPs reach production environments.

Origin Types and Certification

In addition to certification levels, each MCP has an origin type that indicates who maintains it:

Origin type and certification level together provide a complete picture of an MCP’s trustworthiness: who published it, and how thoroughly it has been analyzed.