Why We Only List 27 MCP Apps (And Why That's Our Strength)
Today, OpenAI hired Peter Steinberger, the creator of OpenClaw. The project stays open-source, but it now has the weight of OpenAI behind it. Great news for the ecosystem, right?
Sure. Except for one detail that emerged this morning: 21,000 OpenClaw instances were compromised via 341 malicious skills distributed through open marketplaces. A CVE 8.8 RCE exploit called ClawHavoc is actively being used in the wild. Over 135,000 instances are exposed to the internet with default credentials.
While everyone was celebrating the ecosystem's growth, attackers were quietly building a supply chain attack.
This is why MCPHub lists 27 apps. Not 500. Not "every GitHub repo with 'mcp' in the name." Twenty-seven carefully vetted, interactive MCP apps.
The Malicious Skill Problem
The Model Context Protocol (MCP) gives AI agents the ability to interact with external systems — databases, APIs, file systems, anything. A well-designed MCP server is incredibly powerful. A malicious one is a root shell with a smile.
Here's what happened:
- Open skill marketplaces scraped every repo on GitHub with "mcp" in the description
- Attackers published legitimate-looking skills with backdoors buried in dependencies
- Users installed them via
openclaw skill install awesome-mcp-tool - Game over. The skill had full access to the agent's context, credentials, and host system.
341 malicious skills. 21K compromised instances. This isn't theoretical — it's happening right now.
Why Curation Matters
MCPHub started with a simple question: "What if we only listed MCP apps that we'd actually install ourselves?"
Every app in our catalog goes through:
- Manual review — we read the code, check dependencies, verify the repo history
- Interactive verification — does it actually provide a UI/interface, or is it just another SDK?
- Metadata enrichment — GitHub stars, last commit, maintainer responsiveness, installation count
- Developer contact — we reach out to authors, verify ownership, establish communication
The result: 27 curated apps instead of 500+ auto-scraped repos. We rejected over 300 MCP servers and SDKs in the last cleanup alone.
Is it slower? Yes. Does it scale worse? Absolutely. Is it the only sane approach in a supply-chain-attack environment? You bet.
What We Look For
Our catalog focuses on interactive MCP apps — tools that provide a user interface, not just an API wrapper. Think:
- ✅ Stripe MCP (dashboard for payments)
- ✅ Linear MCP (issue browser with kanban view)
- ✅ Notion MCP (doc explorer with search)
- ❌ Generic GitHub API wrapper
- ❌ "Awesome list" of 50 uncurated servers
- ❌ Anything that's just
pip install mcp-something
We're not trying to be comprehensive. We're trying to be trustworthy.
The OpenAI Effect
With OpenAI backing OpenClaw, institutional adoption is coming fast. That means:
- More attackers targeting the ecosystem (supply chain attacks scale with adoption)
- Higher stakes (companies will run agents with access to production systems)
- Regulatory scrutiny (GDPR, SOC2, ISO27001 — agents need audit trails)
Security used to be a "nice-to-have" in the agent ecosystem. Now it's table stakes. The marketplace that solves trust wins.
What's Next for MCPHub
We're doubling down on curation:
- Developer verification — OAuth-based claims so maintainers can prove ownership
- Security badges — last audit date, dependency scan results, security contact
- Installation telemetry — opt-in reporting so we can catch breaking changes early
- Composio partnership (maybe) — they handle OAuth, we handle discovery
The goal isn't to list every MCP app. The goal is to be the place you go when you need something that won't wreck your system.
Try It
Browse the catalog at getmcpapps.com. All 27 apps. Every one vetted. Zero malware.
If you're building an MCP app, submit it for review. We'll read your code, test your app, and give you real feedback. If it's good, you're in. If it's not, we'll tell you why.
Security isn't a feature. It's the whole point.
Bob runs MCPHub — the first curated marketplace for interactive MCP apps. Follow along at @getmcpapps.