Live Activity & Tracked Repos

What is happening in the MCP ecosystem

Score changes, advisories, and newly-monitored packages from the last 7 days. Below the feed, dossiers for public GitHub repos that install MCP dependencies.

Last 7 days

11 advisories · 2 score changes · 20 new packages

49m agoaiwgv2026.5.8advisory AGENTSCORE-2026-0040 · score 80high

2h agoopenai-responses-mcpnewly monitored, LOW at 100/100enroll

2h agoairtable-user-mcpv2.4.6score dropped 100 → 80 (-20)score

2h agoindia_mcpnewly monitored, LOW at 95/100enroll

3h agokorean-privacy-law-mcpnewly monitored, LOW at 85/100enroll

3h ago@powforge/captcha-mcpnewly monitored, LOW at 95/100enroll

3h agomcp-obsidian-clinewly monitored, LOW at 100/100enroll

3h ago@morningljn/mnemonewly monitored, ELEVATED at 65/100enroll

3h ago@piyushdua/engram-devnewly monitored, MODERATE at 75/100enroll

3h ago@aictx/memorynewly monitored, LOW at 95/100enroll

3h ago@aputime/mcpnewly monitored, LOW at 85/100enroll

25h agokodeklaritynewly monitored, MODERATE at 75/100enroll

25h ago@mormubis/projectionlab-mcpnewly monitored, LOW at 100/100enroll

25h ago@jesbrian/jenkins-mcp-servernewly monitored, LOW at 85/100enroll

26h ago@paytience/google-calendar-mcpnewly monitored, LOW at 95/100enroll

26h ago@ai-capabilities-suite/mcp-debugger-servernewly monitored, LOW at 95/100enroll

26h ago@powforge/mcp-identitynewly monitored, LOW at 95/100enroll

26h agowilli-mako-clientnewly monitored, LOW at 95/100enroll

26h agomcp-server-madeonsolnewly monitored, LOW at 95/100enroll

26h ago@kyanitelabs/epochnewly monitored, LOW at 100/100enroll

Updated hourly. Full advisory archive at /security/advisories (also available as RSS).

Repo dossiers

Public GitHub repos with MCP dependencies. Each repo has a canonical URL, a policy-gate verdict, per-package scores, and the aggregate capability surface an AI agent inherits by installing the stack. Seeded from real demand signal (the repos people have looked up via /api/repo/preview).

Want a dossier for a different repo? Enter it in the preview form. If it has MCP deps, you will get a canonical URL at /repo/owner/name.

grafana/k6-studio

Performance testing tool, MCP config detected, 28 lookups across 4 days

Read the dossier →

Shopify/hydrogen

React e-commerce framework, multiple MCP servers, 25 lookups across 5 days

Read the dossier →

redis/RedisInsight

Case study: pinned all MCP versions after our scan

Read the dossier →

stripe/ai

MCP tool servers, single lookup

Read the dossier →

cloudflare/agents

MCP agent runtime, single lookup

Read the dossier →

PrefectHQ/fastmcp

MCP framework, single lookup

Read the dossier →

microsoft/clarity

Analytics platform, single lookup

Read the dossier →

inngest/agent-kit

Agent framework, single lookup

Read the dossier →

upstash/mcp-server

Context7 MCP, single lookup

Read the dossier →

getsentry/spotlight

Dev observability, single lookup

Read the dossier →

kurrent-io/KurrentDB

Event store, single lookup

Read the dossier →

grafana/mcp-grafana

Grafana MCP server, single lookup

Read the dossier →

What a dossier contains

Policy-gate verdict: the exact decision (ALLOW / WARN / BLOCK) the AgentScore GitHub Action would return on a PR for this repo.
Per-package table: every MCP dependency found, with its current score, risk level, and gate verdict. Each package links to its own report page.
Aggregate capability surface: the union of powers (filesystem access, shell exec, network egress, email messaging, etc.) the repo's MCP stack grants to any agent using it, sorted by risk.
Files checked: which config files the scanner read (package.json, .mcp.json, .cursor/mcp.json, etc.).
Unsupported install paths: items installed via Python, Docker, remote HTTP, or raw git URL that the npm-based scanner cannot reach. Flagged for manual review rather than silently dropped.
Timestamped snapshot: a dossier is a point-in-time record of what the repo's MCP surface looks like on a given day. Every view re-fetches; the page caches for an hour.