Glossary

This glossary defines the key terms used throughout MCP Hub documentation.

Bundle

The packaged artifact containing an MCP server’s code and dependencies, distributed via the registry. Bundles are content-addressed by their SHA-256 digest to ensure integrity.

Catalog

The public directory of all certified MCP servers, browsable at mcp-hub.info/catalog. The catalog displays each package’s name, description, security score, certification level, and origin.

Certification Level

A trust tier (0-3) assigned to an MCP package based on its security score. Level 0: Integrity Verified. Level 1: Static Verified. Level 2: Security Certified. Level 3: Runtime Certified. See Certification Levels.

Content Addressing

Identifying artifacts by their SHA-256 cryptographic hash rather than by name and version. This ensures immutability (the content behind a digest never changes) and tamper detection (any modification changes the digest).

Findings

Security issues discovered during automated analysis of an MCP server. Findings are categorized by severity: Critical, High, Medium, and Low. The number and severity of findings directly affect the security score.

Manifest

Metadata describing an MCP package. Includes the package name, version, runtime, entry point, declared permissions, security score, certification level, and SHA-256 digest of the bundle. The manifest is what the client resolves before downloading a bundle.

MCP (Model Context Protocol)

An open standard for connecting AI assistants to external tools, data sources, and services. MCP defines how AI models discover and invoke capabilities provided by MCP servers.

MCP Cage (The MCP Sandbox)

The CLI tool (smcp) that resolves, downloads, validates, and executes MCP servers from the registry. It enforces security policies, applies resource limits, and sandboxes processes. See CLI Commands.

MCP Hub

The web platform at mcp-hub.info where MCP servers are cataloged, analyzed, and certified. The hub manages the certification pipeline, publisher accounts, organizations, and governance.

MCP Server

A program that implements the MCP protocol, providing tools, resources, or prompts to AI assistants. Examples include database connectors, API wrappers, file system tools, and code analysis utilities.

Origin

The publisher type of an MCP package, indicating the level of publisher identity verification:

• Official – Maintained by the MCP Hub team.

• Verified – Publisher with a confirmed identity.

• Community – Any publisher; no identity guarantees.

Policy

A set of rules that control which MCP servers are allowed to run. Policies can enforce minimum certification levels, minimum security scores, and allowed origin types. See Security Policies.

Registry

The artifact distribution service that stores and serves certified MCP bundles and manifests. The public registry is hosted at registry.mcp-hub.info. The registry implements a publish/resolve/download protocol with JWT authentication and scope-based authorization.

Sandbox

Process-level isolation applied when running MCP servers locally. Sandboxing includes resource limits (CPU, memory, PIDs, file descriptors), network isolation (on supported platforms), and filesystem restrictions. The sandbox prevents a misbehaving MCP server from affecting the host system.

SBOM (Software Bill of Materials)

A machine-readable inventory of all components and dependencies in an MCP package. Generated as part of the Level 2 certification process. SBOMs enable downstream consumers to audit the supply chain of packages they use.

Security Score

A number from 0 to 100 representing the overall security posture of an MCP server. Computed from three weighted components: Security (50%), Supply Chain (30%), and Maturity (20%). See Security Scores.