# How to find safe MCP servers for your AI coding assistant (and why most directories lie)

> Source: <https://dev.to/edison_flores_6d2cd381b13/how-to-find-safe-mcp-servers-for-your-ai-coding-assistant-and-why-most-directories-lie-3967>
> Published: 2026-07-18 03:27:34+00:00

If you use Claude Desktop, Cursor, Cline, or Continue, you've probably installed MCP servers from a "curated list" or directory. Here's the uncomfortable truth: most of those directories don't actually audit the servers they list. They're curated lists, not security audits.

I built an MCP marketplace that actually audits every server. Here's what I learned about MCP security — and how you can protect yourself.

Most "awesome-mcp-servers" lists work like this:

This means:

**This actually happened.** Two weeks ago, a typosquatting repo (`JuanquiFortuny/prospector-mcp-email-finder`

) slipped a Windows trojan (`Trojan:Win64/Lazy.PGPK!MTB`

) into a competing MCP directory via a fake "Download Latest Release" badge.

At [MarketNow](https://marketnow.site), every MCP server goes through 8 audit layers before entering the catalog:

Opens the actual package zip (recursively — zips inside zips) and scans for:

`.exe`

, `.dll`

, `.scr`

)`.bat`

, `.cmd`

, `.vbs`

, `.ps1`

)17 YARA-equivalent rules for known malware families: Emotet, Cobalt Strike, Mimikatz, RedLine, Vidar, Raccoon, LummaC2, AsyncRAT, njRAT, Remcos, and more.

When you browse [marketnow.site](https://marketnow.site), every skill has:

Go to [marketnow.site](https://marketnow.site), search for what you need, check the Sentinel score, and copy the install command.

Add MarketNow as an MCP server in your assistant:

```
{
  "mcpServers": {
    "marketnow": {
      "command": "npx",
      "args": ["-y", "marketnow-mcp"]
    }
  }
}
```

Now you can ask Claude/Cursor/Cline: "Find me a filesystem MCP server with a high security score" — and it'll search MarketNow, filter by Sentinel score, and return only audited servers.

```
# Search for skills
curl "https://marketnow.site/api/search?q=filesystem" | jq

# Get a skill's security certificate
curl "https://marketnow.site/api/audit-skill?skillId=mn-mcp-filesystem" | jq
```

For agent-to-agent trust, we also built **ATC (Agent Trust Card)** — SSL certificates for AI agents:

```
# Verify any agent's trust card
curl "https://marketnow.site/api/atc?action=verify&card_id=ATC-2026-XXXXXXX"
```

Returns: valid/invalid, Sentinel score, risk level, signature verification, revocation status.

`marketnow.site/verify`

before trusting a skill.MCP is becoming the standard for how AI assistants call external tools. But the trust infrastructure doesn't exist yet. Anyone can publish an MCP server, and most directories don't check anything.

MarketNow is trying to fix this: every server audited, every certificate signed, every incident public. The marketplace is free. The security infrastructure is the product.

**Try it:** [https://marketnow.site](https://marketnow.site)

**Install:** `npx -y marketnow-mcp`

**GitHub:** [https://github.com/edgarfloresguerra2011-a11y/marketnow](https://github.com/edgarfloresguerra2011-a11y/marketnow)

— *Edison Flores, AliceLabs LLC*
