Start free. Scale when you ship.
Auditing any public MCP server is free, forever. Paid plans add private OAuth audits, more monitored servers and drift webhooks. Cancel anytime.
200+ public MCP servers already scored against the OWASP MCP Top 10 · open methodology · no lock-in
Free
currentAudit any public MCP server, forever.
- ✓Unlimited public audits & full reports
- ✓Public directory, badges & embeds
- ✓Up to 3 monitored servers
- ✓CLI & GitHub Action (50 API audits/day)
Pro
popularFor teams shipping their own MCP servers.
- ✓Everything in Free
- ✓Private OAuth-gated audits (never cached)
- ✓Up to 50 monitored servers
- ✓Drift & score-threshold webhook alerts
- ✓2,000 API audits/day (CLI & CI)
Team
For platforms auditing MCP at scale.
- ✓Everything in Pro
- ✓Up to 500 monitored servers
- ✓20,000 API audits/day
- ✓Multiple API keys & priority probing
- ✓Continuous rug-pull monitoring
Questions before you upgrade
The CLI is free — why pay?
The open-source CLI and GitHub Action audit one server on demand, free under MIT. Paid plans add continuous monitoring with drift & rug-pull alerts, private OAuth audits, more monitored servers and webhooks — the things you can’t run by hand.
My server is private / behind OAuth. Is it safe to audit?
Yes. Pro runs private audits that are never cached or published to the public directory. The self-hosted gateway processes tool traffic entirely inside your own infrastructure — that data never reaches us.
Can I cancel or change plans?
Anytime, from the self-serve billing portal. There’s no contract or lock-in; you keep access until the end of the period you’ve paid for.
How is the MCP Score calculated?
A live probe of your server plus an OWASP MCP Top 10 security pass, tool-design and schema checks, context-cost and protocol compliance — rolled into one explainable /100 with a “why” for every penalty. See the methodology.
Still unsure? Email [email protected] — a human will answer.
Prices in USD. The open-source CLI and GitHub Action are free under MIT — paid plans cover the hosted directory, private audits and continuous monitoring.