Mcpcan
Repository: mcpcan
Author: Kymo-MCP · Source status: Clear source
Score 81Clear source
MCPCAN is a centralized management platform for MCP services.
Score basis:Clear source · High risk signals · Universal
Repository: mcp-context-forge
Author: IBM·Source status: Clear source
An AI Gateway, registry, and proxy that sits in front of any MCP, A2A, or REST/gRPC APIs, exposing a unified endpoint with centralized discovery, guardrails and management.
Score basis:Clear source · Low risk signals · Universal
Trust level
79 · Review first
Usable, but inspect source, install method, and risk hints before adoption.
Risk decision
No explicit risk signals
No explicit risk signal is available.
Install readiness
script-backed · copy-only command
SkillTrust only shows install guidance and copy actions; it never executes installs.
Before you install
Review source, permissions, and execution risk first, then alternatives. Scores prioritize review; they do not replace manual judgment.
Review weakest dimensions and next actions before copying commands.
Evidence or risk signals are incomplete; compare alternatives first.
Audit grade
C · Review first
Execution risk
High
Evidence confidence
67%
SAS-v2.1 radar
SAS-v2.1
Audit grade
C · Review first
Execution risk
High
Top threats
unexpected code execution, data exfiltration
Control gaps
missing license, broad permissions
Evidence confidence
67%
Repository
IBM/mcp-context-forge
Author
IBM
Community signal
3.5K stars · 615 forks
Last updated
2026-04-08
Primary source
IBM/mcp-context-forge
Source status
Clear source
Install method
script-backed
Command & code execution
34Focus: Whether it runs commands or scripts
Next action: Manually confirm command-running skills in an isolated directory.
High-risk action confirmation
38Focus: Whether destructive or external actions require confirmation
Next action: Avoid directly installing high-risk skills without confirmation controls.
Network & data egress
43Focus: Whether it may send data out
Next action: If unsure, restrict network access or allow only known domains.
Supported tools can change install steps; Universal entries need source review.
Explicitly supported
Candidate support (inferred)
Candidate tools are inferred signals, not official compatibility certifications.
git clone https://github.com/IBM/mcp-context-forge.gitNo explicit risk signals recorded
Review source and permissions before copying install commands.
Evidence or risk signals are incomplete; compare alternatives first.
Focus: Who published it and whether it is traceable
Next action: Review repository, author, and README first; do not install directly when source is pending.
Focus: Whether install steps can be reviewed
Next action: Prefer candidates with install docs and repository evidence.
Focus: Whether tool descriptions may hide instructions
Next action: Read README, rules, and tool descriptions before install.
Focus: What it can access
Next action: Grant only task-required permissions and prefer Ask/manual confirmation.
Focus: Whether it runs commands or scripts
Next action: Manually confirm command-running skills in an isolated directory.
Focus: Whether file reads/writes can escape scope
Next action: Check working directory and file access scope before running.
Focus: Whether it may send data out
Next action: If unsure, restrict network access or allow only known domains.
Focus: Whether it handles tokens, private keys, or agent identity
Next action: Do not provide long-lived tokens or private keys to source-pending skills.
Focus: Whether external content can steer behavior
Next action: For browser/RAG/rules skills, review permissions and confirmation controls first.
Focus: Whether memory or retrieved context can be poisoned
Next action: Try RAG/memory skills in a low-privilege environment first.
Focus: Whether external tools and MCP access are clearly bounded
Next action: Confirm which external tools it will connect to before install, and start with the smallest possible set.
Focus: Whether destructive or external actions require confirmation
Next action: Avoid directly installing high-risk skills without confirmation controls.
Focus: How far impact can spread when something goes wrong
Next action: If unsure, test in an isolated project first.
Focus: Whether actions can be traced
Next action: Prefer candidates with logs or previews.
Focus: Whether it is maintained and reusable
Next action: Check license and maintenance before organizational use.
Usable, but inspect source, install method, and risk hints before adoption.
Phase 1 only shows installation-aware, source-backed signals. SkillTrust does not execute install scripts for users.
Risk factors
No explicit risk signals.
Permission hints
repository clone, local runtime dependencies
Why related: Same task category, Keyword overlap...
Why related: Same task category, Keyword overlap, Similar install method
Repository: kubeshark
Author: kubeshark · Source status: Clear source
eBPF-powered network observability for Kubernetes.
Score basis:Clear source · High risk signals · Universal
Why related: Same task category, Keyword overlap...
Why related: Same task category, Keyword overlap, Similar install method
Repository: skillhub
Author: iflytek · Source status: Clear source
Self-hosted, open-source agent skill registry for enterprises.
Score basis:Clear source · Low risk signals · Universal
Why related: Same task category, Keyword overlap...
Why related: Same task category, Keyword overlap, Similar install method
Repository: watson-online-store
Author: IBM · Source status: Clear source
Learn how to use Watson Assistant and Watson Discovery.
Score basis:Clear source · Risk needs review · Universal
Why related: Keyword overlap, Same repository ecosystem...
Why related: Keyword overlap, Same repository ecosystem, Same author
Repository: eval-assist
Author: IBM · Source status: Clear source
EvalAssist is an open-source project that simplifies using large language models as evaluators (LLM-as-a-Judge) of the output of other large language models by supporting users in iteratively refining evaluation criteri…
Score basis:Clear source · Risk needs review · Universal
Why related: Keyword overlap, Same repository ecosystem...
Why related: Keyword overlap, Same repository ecosystem, Same author
Repository: ELM-Python-Client
Author: IBM · Source status: Clear source
Python client for IBM Enterprise Lifecycle Management applications with example commandline applications for OSLC Query export to CSV from DOORS Next (DN/DNG), Enterprise Workflow Management (EWM/RTC) and Enterprise Tes…
Score basis:Clear source · Risk needs review · Universal
Why related: Keyword overlap, Same repository ecosystem...
Why related: Keyword overlap, Same repository ecosystem, Same author
Repository: Dromedary
Author: IBM · Source status: Clear source
Dromedary: towards helpful, ethical and reliable LLMs.
Score basis:Clear source · Risk needs review · Universal
Repository: mac-ibm-notifications
Author: IBM · Source status: Clear source
macOS agent used to display custom notifications and alerts to the end user.
Score basis:Clear source · Risk needs review · Universal
Repository: watson-online-store
Author: IBM · Source status: Clear source
Learn how to use Watson Assistant and Watson Discovery.
Score basis:Clear source · Risk needs review · Universal
Repository: cloud-pak-deployer
Author: IBM · Source status: Clear source
Configuration-based installation of OpenShift and Cloud Pak for Data/Integration/Watson AIOps/Business Automation on various private and public cloud infrastructure providers.
Score basis:Clear source · Risk needs review · Universal