Methodology
ToolPin publishes observed facts about public MCP servers. Every statement on this site is mechanically checkable. We do not publish scores, ratings, or safety judgments.
What we observe
- Catalog — every server in the official MCP registry, re-crawled daily (all versions; the latest version defines the canonical record).
- Reachability — for servers with remote (HTTP) endpoints we perform a standard MCP handshake (initialize + tools/list) daily and record the outcome: reachable, auth required, unreachable, or protocol error — plus latency and the protocol version the server reports.
- Tool-definition integrity — when a server hands us its tool list, we compute a SHA-256 hash of each tool's canonical JSON and of the sorted set. When a hash changes between probes, we record exactly which tools were added, removed, or changed, and which fields differed. These are the “tools changed” events you see on server pages.
- Repository vitality — for servers that link a GitHub repository: date of last push, star count, archived flag, fork flag. Refreshed on a rolling basis.
How we probe
- Probes are read-only: we never invoke a server's tools, never send credentials, and never execute anything a server returns.
- We only probe remote HTTP endpoints listed in the public registry. We do not run stdio server packages.
- Probes are rate-limited and identified by a User-Agent with a contact address. Server operators can reach us any time at [email protected].
What we will never claim
A green badge means the server responded to a standard handshake — not that it is safe, well-designed, or trustworthy. A “tools changed” event means the definitions differ — many changes are perfectly legitimate releases. ToolPin gives you the facts and the diff; the judgment stays with you.
Corrections
If a fact on this site is wrong — a misattributed repository, a stale status, a mis-linked endpoint — email [email protected] and we will investigate and correct it promptly.