Show HN: We ran 79 MCP servers in microVMs, only 31 passed

imtaimoorkhan1 pts0 comments

Throne | Verification for MCP servers

Skip to live scan

See report<br>Verify server

verification for MCP servers

Govern the MCP servers your AI agents depend on.

Throne verifies MCP servers before they enter production: isolated execution, real client behavior, security review, policy decision, and sealed evidence.

See sealed report<br>How Throne works

isolated execution · compatibility verdicts · sealed evidence receipts

Open public registry

sealed replay

live evidence

microVM created Isolated · Ephemeral · Reproducible

Claude Code passed Protocol checks passed

Cursor passed Protocol checks passed

security review clean 0 findings from security ruleset v1

evidence sealed Immutable · Verifiable · Shareable

sha256d3f5b6a9c0f8e4a1b7d2c9f4e0a1d8b9c6f3e2a1b7c0d9e8f6a1b2c3d4e5f678

timestamp2025-05-14T20:42:17Z

scan idscan_01JWE7KQ5CG5F8Z6M8P7T2D9QX4

verdictFIT

· SEALED BY THRONE · VERIFIED EVIDENCE

public evidence layer<br>79 servers executed<br>31 fit<br>2 calibrated clients<br>8 static security rules<br>today registry live

For teams deciding which MCP servers can be<br>allowed<br>reviewed<br>blocked<br>put on record

public ecosystem observed

Throne executes public MCP servers from the ecosystem and records what actually happened. Independent public records, not endorsements.

GitHub MCP Server<br>Google MCP Toolbox<br>Grafana MCP<br>Azure DevOps MCP<br>Notion MCP<br>Cloudflare MCP<br>Stripe Agent Toolkit<br>Supabase MCP<br>Sentry MCP<br>Heroku MCP<br>HubSpot MCP<br>Linear MCP<br>Figma Developer MCP<br>Exa MCP Server<br>Tavily MCP<br>Firecrawl MCP<br>Neon MCP<br>Pinecone MCP<br>GitHub MCP Server<br>Google MCP Toolbox<br>Grafana MCP<br>Azure DevOps MCP<br>Notion MCP<br>Cloudflare MCP<br>Stripe Agent Toolkit<br>Supabase MCP<br>Sentry MCP<br>Heroku MCP<br>HubSpot MCP<br>Linear MCP<br>Figma Developer MCP<br>Exa MCP Server<br>Tavily MCP<br>Firecrawl MCP<br>Neon MCP<br>Pinecone MCP

how it works

Execute. Decide. Seal.

Throne turns an MCP package, repo, or config into an approval record your team can act on.

01<br>Execute

Boot the target inside a disposable microVM, install it from source, and observe what it does before an agent ever touches it.

02<br>Decide

Compare real client behavior, inspect security findings, and classify the server as allow, review, or block.

03<br>Seal

Publish or keep a record with the scan id, timestamp, raw evidence, client verdicts, and evidence hash.

why the obvious fix is not enough

A passing CI badge does not fix this.

An MCP server can have green checks, a clean lint pass, and a maintainer who swears it works, and still hang Cursor on the third tool call or expose a filesystem write no one reviewed because it sat three layers inside a dependency. Code review checks the code. It does not execute the protocol against the clients your agents actually run.

why this becomes mandatory

Agents are about to call tools your company never vetted.

Every MCP server is a supply-chain decision. It can read files, move data, call APIs, and shape model context. Throne gives engineering and security one shared release signal.

01<br>Client behavior diverges

A server can pass locally and still fail when Cursor streams, Claude Code reconnects, or a desktop client validates names differently.

02<br>Security sits inside the tool

MCP tools often touch files, secrets, shells, browsers, tickets, and databases. A README badge is not a security review.

03<br>Procurement needs evidence

Companies will not approve agent tools because a maintainer says they work. They need a repeatable record with traces.

live from /api/stats

State of MCP, measured by execution.

Live registry totals, top failure reasons, and security review split. No vanity numbers.

Fit31

Needs key24

Inconclusive18

Not fit6

needs credentials16<br>needs arguments8<br>no handshake4

clean12<br>review59<br>not run4

the cost of not knowing

11 of the servers we executed never complete the MCP handshake.

Before they speak a word of the protocol. Public packages can sit live for weeks without anyone seeing the failure path. Your agents would find it in production on the first call.

11 fail before the MCP handshake

2 live client profiles measured today

0 self-reported listings we take on trust

who Throne is for

One record, four teams that need it.

platformPlatform engineers<br>Ship MCP servers without hand-testing every client before each release. Gate the merge on a real verdict.

securitySecurity teams<br>See what a server can actually do, file access, network, shell, before it is approved for internal use.

maintainersOSS maintainers<br>A public record that your server works, with a badge that re-earns itself on every release.

leadsEngineering leads<br>Approve agent tools on evidence, not on "it worked when I tried it locally."

create evidence

Create a verification record.

Use the public verifier when you need proof for one server. The same evidence model becomes private allowlists, CI gates, scheduled rescans, and audit exports for teams.

npm<br>GitHub URL<br>uvx<br>MCP config

Verify server

published npm package · no signup · no card<br>try...

server evidence servers security throne public

Related Articles