How the quality score works
Every server gets a 0–100 score computed from public metadata. Every point is itemized on the server's page — nothing is editorial, nothing is pay-to-win. This page is generated from the same rubric constants the scorer runs on, so it can't drift from the implementation.
The four pillars (100 points total)
| Pillar | Weight | What it measures |
|---|---|---|
| Maintenance | 30 | How recently the repository was pushed; archived repos score zero |
| Adoption | 25 | GitHub stars (log scale) and package downloads over the last month |
| Documentation | 25 | README depth, install instructions, documented tools, working examples |
| Trust signals | 20 | License, first-party vendor status, verified registry namespace, org ownership |
Maintenance (30 pts)
Based on the most recent push to the default branch. Archived repositories score 0 regardless of history. Issue-response time is not yet measured (planned for v2).
| Last push | Window | Points |
|---|---|---|
| Pushed within 14 days | ≤ 14 days | 30 pts |
| Pushed within 45 days | ≤ 45 days | 26 pts |
| Pushed within 4 months | ≤ 120 days | 18 pts |
| Pushed within 8 months | ≤ 240 days | 11 pts |
| Pushed within 12 months | ≤ 365 days | 5 pts |
| No push for over a year | 365+ days | 2 pts |
Adoption (25 pts)
Stars are scored on a log scale — min(1, log10(stars+1) / log10(20001)) — worth up to 15 points, so 20k+ stars maxes out the scale and small-but-solid servers aren't buried. Package downloads over the last month (npm + PyPI, log scale up to 1M) are worth up to 10 points. Servers that don't publish a package (remote-only servers, for example) have their star score scaled to the full 25 points instead — missing download data is not penalized.
Documentation (25 pts)
We analyze the README as plain text (never rendered, never executed):
| Signal | Points |
|---|---|
| Comprehensive README (6,000+ chars) | 10 pts |
| Substantial README (2,500+ chars) | 8 pts |
| Basic README (1,000+ chars) | 5 pts |
| Minimal README (300+ chars) | 2 pts |
| README missing or trivial | 0 pts |
| Install / setup instructions present | 6 pts |
| Tools / capabilities documented | 5 pts |
| Code or client-config example present | 4 pts |
Trust signals (20 pts)
| Signal | Points |
|---|---|
| OSS license declared (any SPDX-recognized license) | 7 pts |
| First-party vendor implementation (e.g. modelcontextprotocol, cloudflare, stripe) | 5 pts |
| DNS-verified custom-domain namespace in the MCP Registry | 3 pts |
| Published to the official MCP Registry | 3 pts |
| Owned by a GitHub organization (vs. personal account) | 2 pts |
Grades
A ≥ 85 · B ≥ 70 · C ≥ 55 · D ≥ 40 · E < 40. Servers scoring 70+ carry the “Vetted” tag.
Data sources & cadence
GitHub Search API (top repositories tagged mcp-server, by stars), the official MCP Registry (packages, remotes, verified namespaces), npm and PyPI download statistics, and raw README text. Scores are recomputed on every crawl; the current dataset was audited on 2026-07-03.
Featured placement
Featured slots are paid, clearly labeled, and have zero effect on scores — the rubric above is the only thing that moves a score. Corrections or disputes: hello@mcp-vetted.com.