Scanning 17,000+ MCP servers every week

Two out of three MCP servers fail security checks

Pulrix runs every MCP server through 8 security layers: package malware scanning, supply chain behavioral analysis, CVE database checks, static code analysis, MCP-specific tool poisoning detection, prompt injection pattern matching, SAST vulnerability scanning, and tool schema analysis. One command. One grade. Before you install.

Free. No signup. Works right now.

terminal
$ npx pulrix search "postgres"

  Pulrix - results for "postgres"

  Grade   Score   Server                           Description
  ──────────────────────────────────────────────────────────────
   A     82/100  crystaldba/postgres-mcp          All-in-one MCP server for PostgreSQL
   B     71/100  neondatabase/mcp-server-neon     Nile’s Postgres platform connector
   C     54/100  pg-mcp-server                    Read-only PostgreSQL queries
   F     12/100  sketchy-postgres-tool            1 critical security finding

10 queries/day free. No account needed.

66%
of MCP servers flagged
30
CVEs filed in 60 days
5 of 7
top skills were malware
17K+
scored by Pulrix

9 quality signals. 8 security layers. One grade.

We check what humans check (tests, types, docs, activity) and what humans miss (malicious install scripts, obfuscated code, tool poisoning, hidden Unicode, CVEs in transitive deps).

40pts

Quality

Does it look like someone cared when they built this?

  • Actual MCP SDK in dependencies (not just "mcp" in keywords)
  • README over 200 characters. Tests that exist. Types that compile.
  • Stars, forks, commit frequency, issue response rate
  • npm advisory check against known vulnerable packages
60pts

Security

Is it trying to steal your SSH keys? We check.

  • Package binary scanned against 70+ antivirus engines via VirusTotal
  • Supply chain behavioral analysis: install scripts, data exfil, obfuscated code
  • Static code analysis with 20,000+ security rules (Semgrep)
  • MCP-specific: tool poisoning, rug pulls, toxic flow detection
  • OSV.dev + GitHub Advisories: known CVEs across npm, PyPI, Go, Rust
  • 50+ prompt injection patterns in tool descriptions + hidden Unicode

One critical finding caps the grade at D. VirusTotal malware detection = automatic F.

Works where you work

Terminal. HTTP. Or let your AI agent search for its own tools.

CLI

One command. Instant grades.

npx pulrix search "email"
npx pulrix info github:owner/repo
npx pulrix check https://github.com/...

REST API

Plug it into your CI pipeline.

curl "https://api.pulrix.dev/
  api/v1/search?q=postgres"

# Fail builds on F-grade deps
curl "https://api.pulrix.dev/
  api/v1/compare?ids=a,b"

MCP Server

Your agent picks its own tools.

{
  "mcpServers": {
    "pulrix": {
      "command": "npx",
      "args": ["-y", "pulrix", "mcp"]
    }
  }
}

"95% of MCP servers are utter garbage."

Reddit, r/MCP. We scanned them. The number is closer to 66%. Still bad.

You wouldn't npm install a package with 0 downloads and no README.

So why are you connecting MCP servers you found on a random GitHub list?

Check first. Install second.

npx pulrix search "postgres"