Show HN: I scanned 87 MCP servers for agent-authority hygiene – leaderboard
A developer scanned 87 MCP (Model Context Protocol) servers to evaluate their agent-authority hygiene, ranking them on a leaderboard based on security and permission practices.
Background
- MCP (Model Context Protocol) is an open standard created by Anthropic in late 2024. It lets AI assistants (agents) call external tools, databases, and APIs — behaving less like chatbots and more like autonomous workers.
- "Agent authority" or "agent-authority hygiene" means limiting how much power a server gives an AI agent. A server that grants unlimited file read/write, shell access, or admin privileges is low-hygiene; one that uses scoped, read-only, or user-confirmed operations is high-hygiene.
- The CapFrame leaderboard scans 87 publicly listed MCP servers and ranks them by how safely they expose capabilities. It flags servers that allow arbitrary code execution, unrestricted file access, or credential theft — common risks as AI agents become more widely deployed.
- Why it matters: Developers are rushing to hook AI agents up to everything (databases, file systems, email). Without hygiene ratings, a popular server could silently give any agent full control of a user's machine or cloud account. This leaderboard is an early attempt at accountability for that emerging ecosystem.