Open Registry Poc

Name: Open Registry Poc
Author: NOTTIBOY137

NOTTIBOY137/mcp-open-registry-poc

Study how unvetted MCP registry listings can affect supply chain trust—not to run production agent tooling.

Overview

open-registry-poc is an MCP server for the Ship phase that demonstrates unvetted Open Registry supply-chain listing risk for security research only.

What is this MCP server?

Explicit PoC: Open Registry supply chain with unvetted server listing
Security research focus from NOTTIBOY137/mcp-open-registry-poc
stdio npm package @nottiboy1337/mcp-open-registry-poc version 1.0.0
Intended for reproducing registry-risk scenarios, not product features
Contrast with curated directories that vet MCP entries before install
npm identifier @nottiboy1337/mcp-open-registry-poc
Transport: stdio

Compatible agents: Claude Code, Cursor, any compatible agent

What problem does it solve?

Agents can install MCP servers from open registries without understanding that listings may be unvetted or misleading.

Who is it for?

Security researchers and MCP maintainers documenting open-registry risks and education demos.

Skip if: Solo builders wiring everyday product integrations or anyone seeking vetted production MCP tools.

What do I get? / Deliverables

Researchers can reproduce supply-chain listing scenarios to reason about registry trust policies and safer install workflows.

Reproducible open-registry listing scenario for security writeups or demos
Evidence for why curated MCP directories and pinning matter

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

Supply-chain and registry trust issues belong in ship/security when you harden how agents install third-party servers. The PoC models risky open-registry listing behavior for research and awareness, not day-to-day integrations.

How it compares

Intentional supply-chain PoC, not a curated marketplace entry you should ship with.

Common Questions / FAQ

Who is open-registry-poc for?

Security researchers and developers studying MCP registry supply-chain risks, not indie builders looking for a normal integration.

When should I use open-registry-poc?

Use it in controlled lab setups when you explain or test how unvetted server listings affect agent install trust—not in production agent configs.

How do I add open-registry-poc to my agent?

Only in an isolated research environment: install @nottiboy1337/mcp-open-registry-poc via npm stdio per the GitHub repo, never alongside production secrets or customer data.

Open Registry Poc

NOTTIBOY137/mcp-open-registry-poc

Study how unvetted MCP registry listings can affect supply chain trust—not to run production agent tooling.

Overview

open-registry-poc is an MCP server for the Ship phase that demonstrates unvetted Open Registry supply-chain listing risk for security research only.

What is this MCP server?

Explicit PoC: Open Registry supply chain with unvetted server listing
Security research focus from NOTTIBOY137/mcp-open-registry-poc
stdio npm package @nottiboy1337/mcp-open-registry-poc version 1.0.0
Intended for reproducing registry-risk scenarios, not product features
Contrast with curated directories that vet MCP entries before install
npm identifier @nottiboy1337/mcp-open-registry-poc
Transport: stdio

Compatible agents: Claude Code, Cursor, any compatible agent

What problem does it solve?

Agents can install MCP servers from open registries without understanding that listings may be unvetted or misleading.

Who is it for?

Security researchers and MCP maintainers documenting open-registry risks and education demos.

Skip if: Solo builders wiring everyday product integrations or anyone seeking vetted production MCP tools.

What do I get? / Deliverables

Researchers can reproduce supply-chain listing scenarios to reason about registry trust policies and safer install workflows.

Reproducible open-registry listing scenario for security writeups or demos
Evidence for why curated MCP directories and pinning matter

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

1Claw Vault exposes a stdio MCP server (@1claw/mcp) that connects AI agents to HSM-backed secret storage with just-in-ti…2 stars

1passwordCakeRepository/1Password-MCP

The 1Password MCP server lets solo builders wire service-account access into Claude Code, Cursor, or other stdio MCP hos…16 stars

402sentinel Mcpkaditang/402sentinel-mcp

402 Sentinel MCP gives solo builders and agent authors a pre-flight check before honoring x402 payment flows on Base. In…1 stars

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

A2A Dependency Inspector MCP is a hosted Clauxel server for builders shipping agent-to-agent (A2A) workflows who must pr…

A2a Governance Bridge Mcp

A2A Governance Bridge is a Model Context Protocol server that exposes governance-oriented tools for multi-agent setups: …

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

A2A Identity Toll MCP is a Clauxel-hosted remote MCP server that acts as an identity and policy toll booth for agent-to-…

Journey fit

Primary fit

How it compares

Intentional supply-chain PoC, not a curated marketplace entry you should ship with.

Common Questions / FAQ

Who is open-registry-poc for?

Security researchers and developers studying MCP registry supply-chain risks, not indie builders looking for a normal integration.

When should I use open-registry-poc?

Use it in controlled lab setups when you explain or test how unvetted server listings affect agent install trust—not in production agent configs.

How do I add open-registry-poc to my agent?

Only in an isolated research environment: install @nottiboy1337/mcp-open-registry-poc via npm stdio per the GitHub repo, never alongside production secrets or customer data.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is open-registry-poc for?

When should I use open-registry-poc?

How do I add open-registry-poc to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is open-registry-poc for?

When should I use open-registry-poc?

How do I add open-registry-poc to my agent?