Throne | Verification for MCP servers
Skip to live scan
See report<br>Verify server
verification for MCP servers
Govern the MCP servers your AI agents depend on.
Throne verifies MCP servers before they enter production: isolated execution, real client behavior, security review, policy decision, and sealed evidence.
See sealed report<br>How Throne works
isolated execution · compatibility verdicts · sealed evidence receipts
Open public registry
sealed replay
live evidence
microVM created Isolated · Ephemeral · Reproducible
Claude Code passed Protocol checks passed
Cursor passed Protocol checks passed
security review clean 0 findings from security ruleset v1
evidence sealed Immutable · Verifiable · Shareable
sha256d3f5b6a9c0f8e4a1b7d2c9f4e0a1d8b9c6f3e2a1b7c0d9e8f6a1b2c3d4e5f678
timestamp2025-05-14T20:42:17Z
scan idscan_01JWE7KQ5CG5F8Z6M8P7T2D9QX4
verdictFIT
· SEALED BY THRONE · VERIFIED EVIDENCE
public evidence layer<br>79 servers executed<br>31 fit<br>2 calibrated clients<br>8 static security rules<br>today registry live
For teams deciding which MCP servers can be<br>allowed<br>reviewed<br>blocked<br>put on record
public ecosystem observed
Throne executes public MCP servers from the ecosystem and records what actually happened. Independent public records, not endorsements.
GitHub MCP Server<br>Google MCP Toolbox<br>Grafana MCP<br>Azure DevOps MCP<br>Notion MCP<br>Cloudflare MCP<br>Stripe Agent Toolkit<br>Supabase MCP<br>Sentry MCP<br>Heroku MCP<br>HubSpot MCP<br>Linear MCP<br>Figma Developer MCP<br>Exa MCP Server<br>Tavily MCP<br>Firecrawl MCP<br>Neon MCP<br>Pinecone MCP<br>GitHub MCP Server<br>Google MCP Toolbox<br>Grafana MCP<br>Azure DevOps MCP<br>Notion MCP<br>Cloudflare MCP<br>Stripe Agent Toolkit<br>Supabase MCP<br>Sentry MCP<br>Heroku MCP<br>HubSpot MCP<br>Linear MCP<br>Figma Developer MCP<br>Exa MCP Server<br>Tavily MCP<br>Firecrawl MCP<br>Neon MCP<br>Pinecone MCP
how it works
Execute. Decide. Seal.
Throne turns an MCP package, repo, or config into an approval record your team can act on.
01<br>Execute
Boot the target inside a disposable microVM, install it from source, and observe what it does before an agent ever touches it.
02<br>Decide
Compare real client behavior, inspect security findings, and classify the server as allow, review, or block.
03<br>Seal
Publish or keep a record with the scan id, timestamp, raw evidence, client verdicts, and evidence hash.
why the obvious fix is not enough
A passing CI badge does not fix this.
An MCP server can have green checks, a clean lint pass, and a maintainer who swears it works, and still hang Cursor on the third tool call or expose a filesystem write no one reviewed because it sat three layers inside a dependency. Code review checks the code. It does not execute the protocol against the clients your agents actually run.
why this becomes mandatory
Agents are about to call tools your company never vetted.
Every MCP server is a supply-chain decision. It can read files, move data, call APIs, and shape model context. Throne gives engineering and security one shared release signal.
01<br>Client behavior diverges
A server can pass locally and still fail when Cursor streams, Claude Code reconnects, or a desktop client validates names differently.
02<br>Security sits inside the tool
MCP tools often touch files, secrets, shells, browsers, tickets, and databases. A README badge is not a security review.
03<br>Procurement needs evidence
Companies will not approve agent tools because a maintainer says they work. They need a repeatable record with traces.
live from /api/stats
State of MCP, measured by execution.
Live registry totals, top failure reasons, and security review split. No vanity numbers.
Fit31
Needs key24
Inconclusive18
Not fit6
needs credentials16<br>needs arguments8<br>no handshake4
clean12<br>review59<br>not run4
the cost of not knowing
11 of the servers we executed never complete the MCP handshake.
Before they speak a word of the protocol. Public packages can sit live for weeks without anyone seeing the failure path. Your agents would find it in production on the first call.
11 fail before the MCP handshake
2 live client profiles measured today
0 self-reported listings we take on trust
who Throne is for
One record, four teams that need it.
platformPlatform engineers<br>Ship MCP servers without hand-testing every client before each release. Gate the merge on a real verdict.
securitySecurity teams<br>See what a server can actually do, file access, network, shell, before it is approved for internal use.
maintainersOSS maintainers<br>A public record that your server works, with a badge that re-earns itself on every release.
leadsEngineering leads<br>Approve agent tools on evidence, not on "it worked when I tried it locally."
create evidence
Create a verification record.
Use the public verifier when you need proof for one server. The same evidence model becomes private allowlists, CI gates, scheduled rescans, and audit exports for teams.
npm<br>GitHub URL<br>uvx<br>MCP config
Verify server
published npm package · no signup · no card<br>try...