MCP Directory Rules

Overview

By submitting an MCP to cursor.store, you agree that your server follows the requirements below and that we may update these rules over time. We may reject or remove MCPs that violate these policies.

1. General requirements

• All MCPs in the directory must be functional, installable with a clear install snippet, and use the official MCP specification.
• Listings must include accurate descriptions of capabilities and limitations, a working repo link, and be safe and legal to use.
• We reserve the right to reject or remove any listing that violates these rules.

2. Allowed content

• You may submit MCPs across categories such as Automation, DevTools, Data & APIs, Productivity, Cloud & Infrastructure, OS Tools, AI / ML Helpers, Education, Media Tools, and Integration Servers (GitHub, Notion, AWS, etc.).
• Both open‑source and proprietary MCPs are allowed.

3. Prohibited content

• Malicious or harmful tools (unauthorized scraping, malware, backdoors, tools designed to evade security systems or exploit vulnerabilities without consent).
• MCPs that access sensitive data without explicit user control (e.g. crypto wallets without user‑side signing, personal accounts without OAuth/API keys, tools that bypass rate limits or platform protections).
• Misleading or deceptive listings (fake or non‑functional MCPs, misrepresented features/permissions, or implying affiliation you don’t have).
• Copyright or licensing violations (redistributing proprietary APIs without permission, bundling commercial SDKs in ways that break their licenses).

4. Safety & permission levels

• Every MCP must declare a permission_level: low (read‑only / safe operations), medium (uses API keys / external services), or high (filesystem, shell, deployment tools, financial APIs).
• Examples: Weather API → low; GitHub or Notion API → medium; shell / FS / deployment tools → high.
• High‑permission MCPs must clearly describe safety measures or guardrails.

5. Required metadata

• Listings must include at minimum: name, slug, short and long description, category, tags, author/maintainer, repo URL, install snippet (if available), and permissions / security notes.
• Docs URL, homepage, license, icon/logo, and usage examples are optional but strongly recommended.

6. Install snippets

• Install snippets must work in Cursor or any MCP‑compliant client, include only necessary environment variables, use secure defaults, and never expose real credentials.
• If your tool requires complex runtime setup, link to your docs for full instructions.

7. Quality standards

• We expect MCPs to be minimally documented, return valid MCP responses, fail gracefully with informative errors, and ideally use semantic versioning.
• Include a README with installation and usage instructions. Low‑quality or broken servers may be delisted.

8. Featured placement

• Paid featured slots do not override these rules: all safety and quality requirements still apply.
• Featured spots are manually reviewed and may be removed even if paid if a listing violates these guidelines.

9. Enforcement & removal

• We may remove or reject MCPs for security vulnerabilities, misleading descriptions, frequent outages/installation failures, or rule violations.
• DMCA or copyright complaints may result in immediate removal. In most cases creators will be contacted before removal.

10. Reporting issues

• If you find a problematic listing or security issue, contact report@cursor.store or open an issue on our GitHub (if public).
• We aim to review reports within 24–72 hours.

11. Policy updates

• These rules may evolve as the MCP ecosystem grows. Submitting an MCP means you agree to abide by future updates.

Example install snippet

{
  "mcpServers": {
    "my-mcp": {
      "command": "node",
      "args": ["./index.js"],
      "env": {
        "API_KEY": "<YOUR_API_KEY>"
      }
    }
  }
}