Korpora

Audit report

PortSwigger/mcp-server

https://github.com/PortSwigger/mcp-server

Type: mcp · Audited 2026-05-22

68grade D
Fix in Claude

Top fixes

  • high

    Add a server.json manifest

    Add a server.json manifest. It is the machine-readable declaration of your server that the MCP registry and agents read directly.

  • high

    Cut tagged releases

    Cut tagged releases. Versioning lets an agent pin a known-good version.

  • medium

    Add a clear repository description

    Add a clear repository description. It is the first signal agents and the MCP registry use to tell what your server does.

  • medium

    Add GitHub topics to the repository

    Add GitHub topics to the repository. Topics let agents and registries categorize your server by capability.

  • medium

    Show the exact install or run command (npx, uvx, pip, or docker)

    Show the exact install or run command (npx, uvx, pip, or docker). Agents need an unambiguous way to launch the server.

Sub-scores

Discoverability

45 / 100
weight 15%

Agents can only recommend tools they can find. llms.txt and open robots.txt are the fastest wins.

Missing

  • Repository has a clear description (19)
  • Repository has topics/tags (1)

Passing

  • Identifiable as an MCP server
  • README opens with a one-line summary

Installation

50 / 100
weight 20%

Config-file appearances are the closest thing to a real install count for MCP servers.

Missing

  • README has an install or run command
  • Ships a package manifest

Passing

  • README shows an MCP client config block
  • Transport or configuration is documented

Tool definitions

70 / 100
weight 25%

Structured markup lets agents extract facts reliably instead of guessing from prose.

Missing

  • Ships a server.json manifest

Passing

  • README enumerates the tools
  • Tools are described, not just named
  • README shows usage examples

Documentation

80 / 100
weight 15%

Thin or poorly-described content gives agents nothing to summarise or cite.

Missing

  • Versioned releases or a changelog

Passing

  • Substantive README (1200+ chars) (5654)
  • README states what the server is for
  • README is organized into sections (14)

Trust & adoption

85 / 100
weight 25%

Models pattern-match provenance signals before recommending — missing basics trigger silent skips.

Missing

  • Has tagged releases (none)
  • Discussed on Hacker News or Reddit (0)

Passing

  • Open-source license (GPL-3.0)
  • Appears in public MCP config files (3374)
  • Pushed in the last 90 days (7)
  • Multiple contributors (9)
  • 25+ GitHub stars (799)
  • Has tests or CI

Generated llms.txt

Drop this at /llms.txt on your domain.

Generating your llms.txt with Claude...

Embed badge

Paste this into your README to display your live score.

Agent readiness badge
[![Agent Readiness](https://mcprank-green.vercel.app/api/badge/github.com-portswigger-mcp-server-afb5a7)](https://mcprank-green.vercel.app/r/github.com-portswigger-mcp-server-afb5a7)

Get notified when this changes

We re-audit periodically. We'll email you when this score moves.

Discovery Report · free

The audit tells you whether agents CAN pick this server. Want to know whether they actually DO?

The Discovery Report measures which queries agents route to this server vs its rivals across multiple AI model families. It picks the one intent where you have the most leverage and gives you a concrete change to ship this week. Free.