The Model Context Protocol (MCP) Registry Moderation Policy

This article outlines the moderation policy for the MCP Registry, a community-supported directory of servers. It explains what types of content are removed from the registry and what is allowed to remain. Additionally, the article describes the appeals process for those who believe a server was incorrectly removed.

The MCP Registry is currently in preview. Breaking changes or data resets may occur before general availability. If you encounter any issues, please report them on GitHub.

Scope

This policy applies to the official MCP Registry at registry.modelcontextprotocol.io.

Subregistries may have their own moderation policies. If you have questions about content on a specific subregistry, please contact them directly.

Disclaimer

The MCP Registry does not make guarantees about moderation, and consumers should assume minimal-to-no moderation.

The MCP Registry is a community supported project, and we have limited active moderation capabilities. We largely rely on upstream package registries (like NPM, PyPI, and Docker) or downstream subregistries (like the GitHub MCP Registry) to do more in-depth moderation.

This means there may be content in the MCP Registry that should be removed under this policy, but which we haven't yet removed. Consumers should treat scraped data accordingly.

What We Remove

We will remove servers that contain:

  • Illegal content, which includes obscene content, copyright violations, and hacking tools
  • Malware, regardless of intentions
  • Spam, especially mass-created servers that disrupt the registry. Examples:
    • The same server being submitted multiple times under different names
    • A server that doesn't do anything but provide a fixed response with some marketing copy
    • A server with a description stuffed with marketing copy and an unrelated implementation
  • Non-functioning servers

What We Don't Remove

Generally, we believe in keeping the registry open and pushing moderation to subregistries. We therefore won't remove:

  • Low-quality or buggy servers
  • Servers with security vulnerabilities
  • Servers that do the same thing as other servers
  • Servers that provide or contain adult content

How Removal Works

When we remove a server, we set the server's status to "deleted", but the server's metadata remains accessible via the MCP Registry API. Aggregators may then remove the server from their indexes.

In extreme cases, we may overwrite or erase the server's metadata. For example, if the metadata itself is unlawful.

Appeals

Think we made a mistake? Open an issue on our GitHub repository with:

  • The name of the server
  • Why you believe the server doesn't meet the above criteria for removal

Changes to This Policy

We're still learning how best to run the MCP Registry! As such, we might end up changing this policy in the future.

Source: https://modelcontextprotocol.io/registry/moderation-policy.md

More information