io.github.CSOAI-ORG/mcp-spec-compliance-mcpai

mcp-spec-compliance-mcp

Flagged

MCP Spec Compliance MCP — audits any MCP server.json against the official Model Context Protocol

Our take

Part of a 300+ listing flood from a single operator (MEOK AI Labs / CSOAI): templated repos mass-published across every category, each README decorated with an "MCP Scorecard 86/100" badge from proofof.ai — a domain the same operator owns, a self-issued trust signal dressed up as independent review. The listing presents as "MCP Spec Compliance MCP — audits any MCP server.json against the official Model Context Protocol". Spot-checks across the catalog show the same paid-tier meter: audited packages phone home to the operator's proofof.ai endpoint on every tool call (some ship the meter unwired and enforce limits locally), while tool docstrings claim no data leaves the machine. Working code doesn't offset manufactured trust signals at this scale.

reviewed by hand · 2026-07-05

Something wrong or dead here? Report it

Verification record

in registry since
2026-06-13

github.com/CSOAI-ORG/mcp-spec-compliance-mcp