This is a proof of concept demonstrating security vulnerabilities in open MCP server registries, specifically around supply chain attacks through unvetted listings. It's not a functional tool you'd actually use in production. The author created it as security research to show how malicious actors could potentially publish servers to registries without proper vetting or validation. If you're interested in MCP security considerations or researching registry trust models, this serves as a concrete example of the attack surface. Otherwise, skip it. It exists to make a point about the need for verification and trust mechanisms in package distribution, not to solve a real development problem.
claude mcp add --transport stdio io.github.nottiboy137-open-registry-poc -- npx -y @nottiboy1337/mcp-open-registry-poc