Verification for MCP servers.
AI agents now act through MCP servers that read files, call APIs, move data, and touch credentials. Almost none of them have been independently run before someone trusted them. Throne executes each one and seals the evidence.
Paste an MCP server. Throne runs it in a single-use Firecracker microVM, replays a nine-step protocol suite against client behaviour calibrated from recorded Claude Code 2.1.172 and Cursor 3.4.20 traffic, runs eight static security rules over the source, and seals a public evidence record. Two independent verdicts, never mixed: does it work (compatibility), and is it safe to review (security).
Nothing is asserted without the execution that proved it.
- 74 MCP servers executed in disposable microVMs
- 31 fit, 6 not fit, the rest need a key or could not launch far enough to judge
- Every verdict links to a sealed record with raw JSON-RPC traces and an evidence hash
See the live state of MCP: https://usethrone.dev/state-of-mcp
- Run a free scan: https://usethrone.dev
- Browse the public registry: https://usethrone.dev/registry
- Gate a server in CI: usethrone/throne-ci
- How the verdict is made: https://usethrone.dev/methodology
The free scan is live today. Continuous verification, the part that keeps a server proven on every release, we are building now with a small group of founding design partners. If you publish or depend on MCP servers and want one kept verified as clients and dependencies change, apply at https://usethrone.dev/pricing.