Readiness checks for MCP servers in the AI agent economy.
We audit public MCP servers & publish signed grades.
Not a malware scan — we check if it actually work
We built SaSame MCP Observatory.
We continuously audit public MCP servers and publish signed readiness grades, so your agent can check an MCP before it installs it.
A protocol + hygiene check, not a malware scan.
Free pre-install check 👇
https://t.co/VCZynmwFwk
Claude Code artifacts can now call MCP connectors, letting you build dashboards and apps that can fetch information and take actions for each viewer on demand.
Available on Pro, Max, Team, and Enterprise plans. Not available on publicly-shared artifacts.
6/ Check any MCP server yourself in one minute, free, no signup:
npx mcp-readiness
Same methodology, same grades. Measurement only — not an endorsement, not a malware scan.
1/ We measured 25,890 public MCP endpoints. Only 15.4% answer an anonymous MCP handshake.
Here's the honest reliability picture of the MCP ecosystem, continuously measured and cryptographically signed 🧵
5/ The full report is ed25519-signed, offline-verifiable (no callback to us), reproducible, CC-BY. We name only grade-A servers — everything else stays aggregate.
https://t.co/eMduuDkIGo
Conclusion
Web3Auth exposes a public MCP endpoint associated with:
・the Web3Auth official website;
・the Web3Auth GitHub organization;
・a public Web3Auth MCP repository;
・the official X account @Web3Auth;
・a machine-readable MCP server identity.
Across eight examined observations from June 21 through July 14, 2026, SaSame consistently recorded:
・successful MCP initialization;
・five listed tools;
・server identity web3auth-embedded-wallets 2.0.0;
・valid schemas and distinct descriptions;
・read-only safety-related annotations;
・substantive content from search_docs;
・structured JSON-RPC error behavior;
・a compact tools/list result near 4.2KB;
・Grade A under SaSame’s runtime observation standard.
The evidence supports the following operational conclusion:
The Web3Auth MCP endpoint was repeatedly reachable, protocol-callable, tool-listable and capable of returning substantive read-only developer documentation content.
The observed MCP surface was compact and narrowly focused.
It did not expose wallet-signing or transaction-execution operations in the tested five-tool inventory.
This observation does not establish the security of Web3Auth’s broader wallet infrastructure or the correctness of every returned integration instruction.
A separate mechanical preflight identified one potential improvement:
Expose explicit human-readable titles for all five tools if they are not already present in the production response.
The correct conclusion is:
Web3Auth provides a reproducible example of a focused, read-only and context-efficient documentation MCP, while documentation freshness, source provenance, directory-submission readiness and wallet-system security remain separate verification layers.
MCP protocol readiness, documentation delivery and wallet security are different operational facts.
They should be measured independently.
Corrections and reproducible verification fixtures are welcome.
@Web3Auth
Web3Auth MCP Observation Report
Report status
Longitudinal public MCP observation
Observation period:
June 21–July 14, 2026
Most recent observation:
July 14, 2026, 16:15:19 UTC
Observed MCP endpoint:
https://t.co/tnX21w6k8T
Associated project:
Web3Auth / MetaMask Embedded Wallets
Associated public GitHub organization:
https://t.co/pbuRGNPLAH
Associated public MCP repository:
https://t.co/TRHqxiZwnx
Associated official website:
https://t.co/S8fBCClm9r
Official X account linked from the project website:
@Web3Auth
Recorded MCP Registry identity:
io.github.Web3Auth/mcp-server
Machine-reported MCP identity:
web3auth-embedded-wallets 2.0.0
This document is an independent technical observation produced by SaSame.
It is not:
・a security audit;
・a source-code security review;
・a wallet-security assessment;
・a smart-contract audit;
・an endorsement of Web3Auth or MetaMask Embedded Wallets;
・a guarantee that an integration created from returned documentation will be secure;
・a guarantee that all documentation is current;
・a certification of authentication, key-management or wallet infrastructure;
・a review of production applications using Web3Auth;
・a continuous-availability guarantee.
The report describes only what SaSame observed from publicly reachable MCP infrastructure at specific times.
27. Correction policy
An authorized Web3Auth representative may provide:
・the canonical MCP endpoint;
・the canonical GitHub repository;
・clarification regarding the Registry identity;
・updated tool definitions;
・confirmation of explicit tool titles;
・documentation-freshness metadata;
・a deterministic verification fixture;
・evidence that any observation is inaccurate;
・evidence that the production surface has changed.
SaSame will:
・inspect the correction;
・repeat the measurement;
・preserve the original dated observation;
・publish an updated status;
・distinguish measured facts from inference;
・avoid treating correction as failure.
Corrections and improved observations are part of the evidence lifecycle.