Security

We take the security of MCPStore seriously. This page describes our practices and how to report a vulnerability.

Responsible disclosure

If you discover a security vulnerability, please report it privately so we can fix it before it is disclosed publicly. Do not exploit the issue or access data that is not yours.

Our controls

  • • Strict Content-Security-Policy with per-request nonces.
  • • Zod input validation on every API endpoint.
  • • Layered rate limiting on all read and write routes.
  • • Parameterised database queries (no raw SQL from user input).
  • • OAuth + single-use magic links; no stored passwords.
  • • Append-only audit logging on privileged actions.
  • • Honeypot and bot mitigation on all forms.
MCPStore

The definitive directory of verified Model Context Protocol servers.

Product

  • Directory
  • Collections
  • Pricing
  • API Docs

Company

  • About
  • Changelog
  • Security

Resources

  • MCP Spec
  • Registry

© 2026 MCPStore. Not affiliated with Anthropic.

MCPStore
DirectoryCollectionsPricing
2.9k servers