{"passport":{"unfragile":{"@version":"1.0","version":"2026-05","artifact":{"id":"github_mcp-modelcontextprotocol-mcpb","slug":"mcp-modelcontextprotocol-mcpb","name":"mcpb","type":"mcp","url":"https://github.com/modelcontextprotocol/mcpb","page_url":"https://unfragile.ai/mcp-modelcontextprotocol-mcpb","categories":["mcp-servers"],"tags":[],"pricing":{"model":"open_source","free":true,"starting_price":null},"status":"active","verified":false},"capabilities":[{"id":"github_mcp-modelcontextprotocol-mcpb__cap_0","uri":"capability://data.processing.analysis.versioned.manifest.schema.validation.with.strict.loose.modes","name":"versioned manifest schema validation with strict/loose modes","description":"Validates MCP extension manifests against multiple schema versions (0.1, 0.2, 0.3) using Zod runtime validation. Provides dual validation modes: strict schemas enforce exact manifest structure for production bundles, while loose schemas allow passthrough and auto-correction during bundle cleaning operations. Schemas are versioned independently to support backward compatibility and gradual migration paths for extension developers.","intents":["Validate that my manifest.json conforms to the correct MCP specification version before packaging","Auto-fix manifest formatting issues without losing data during bundle optimization","Ensure cross-version compatibility when updating existing MCP extensions"],"best_for":["MCP extension developers building production-ready bundles","DevOps teams automating extension validation in CI/CD pipelines","Tool builders integrating MCPB as a library for manifest validation"],"limitations":["Loose schema mode may mask structural issues that strict validation would catch — requires manual review of auto-corrected manifests","Schema evolution is manual — no automatic migration tool from v0.1 to v0.3 manifests","Validation errors report at field level only, not nested object paths"],"requires":["Node.js 14+ (Zod dependency)","Valid manifest.json file with 'version' field matching 0.1, 0.2, or 0.3"],"input_types":["JSON object (manifest.json structure)","string (JSON file path)"],"output_types":["validation result object with pass/fail status","detailed error array with field names and constraint violations"],"categories":["data-processing-analysis","schema-validation"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"github_mcp-modelcontextprotocol-mcpb__cap_1","uri":"capability://automation.workflow.mcp.bundle.packaging.with.zip.compression.and.dependency.bundling","name":"mcp bundle packaging with zip compression and dependency bundling","description":"Packages MCP extensions into self-contained .mcpb files (ZIP archives with maximum compression level 9 via fflate library) that include manifest.json, server code, all runtime dependencies (node_modules, Python venv, or server/lib), visual assets, and localization files. Preserves Unix file permissions for executable binaries and includes SHA1 hash metadata for integrity verification. Supports configurable entry points and platform-specific dependency inclusion.","intents":["Create a distributable .mcpb bundle from my MCP server source code and dependencies","Ensure all runtime dependencies are included so the bundle works standalone without npm install","Preserve executable permissions on shell scripts and binaries when packaging for Unix systems"],"best_for":["Extension developers preparing bundles for marketplace distribution","Desktop app teams packaging MCP extensions for one-click installation","Build automation systems creating reproducible extension artifacts"],"limitations":["Maximum compression (level 9) adds ~5-15% overhead to pack time compared to level 6","No built-in deduplication of dependencies across multiple bundles — each bundle contains full dependency tree","Windows file permissions are not preserved (only Unix permissions via ZIP extra fields)","Bundle size can exceed 100MB+ for extensions with large dependency trees (e.g., Chromium-based tools)"],"requires":["Node.js 14+","Valid manifest.json in bundle root","Server code at path specified in manifest.json serverPath field","All dependencies pre-installed (node_modules or venv directories)"],"input_types":["directory path containing manifest.json and server code","manifest object with serverPath, dependencies, and assets configuration"],"output_types":[".mcpb file (ZIP archive)","bundle metadata object with SHA1 hash and file count"],"categories":["automation-workflow","tool-use-integration"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"github_mcp-modelcontextprotocol-mcpb__cap_10","uri":"capability://safety.moderation.bundle.signature.system.for.integrity.and.authenticity.verification","name":"bundle signature system for integrity and authenticity verification","description":"Provides optional cryptographic signature system for .mcpb bundles to verify integrity and authenticity. Supports signing bundles with private keys and verifying signatures with public keys. Stores signature metadata in bundle manifest or separate signature files. Enables marketplace platforms to verify that bundles come from trusted publishers and haven't been tampered with. Uses industry-standard cryptographic algorithms (RSA, ECDSA, or similar).","intents":["Sign my bundles so users can verify they come from me and haven't been modified","Verify bundle signatures before installation to ensure authenticity","Prevent distribution of tampered or malicious bundles on marketplaces"],"best_for":["Marketplace platforms requiring publisher verification","Enterprise teams distributing MCP extensions internally with trust requirements","Security-conscious extension developers protecting against tampering"],"limitations":["Signature system is optional — not enforced by default, requires explicit verification","Key management is developer responsibility — no built-in key storage or rotation","Signature verification requires public key distribution — adds complexity to trust model","No revocation mechanism — compromised keys cannot be invalidated retroactively"],"requires":["Node.js 14+","Private key for signing (RSA or ECDSA)","Public key for verification (distributed to users/marketplace)"],"input_types":[".mcpb file path","private key (PEM format)","public key (PEM format)"],"output_types":["signed bundle with signature metadata","signature verification result (valid/invalid)","signer identity information"],"categories":["safety-moderation","tool-use-integration"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"github_mcp-modelcontextprotocol-mcpb__cap_11","uri":"capability://data.processing.analysis.user.configuration.schema.definition.and.validation","name":"user configuration schema definition and validation","description":"Enables MCP extensions to define user-configurable settings through manifest.json userConfiguration field with type-safe schemas. Supports various configuration types (string, number, boolean, enum, object) with validation rules (min/max, pattern, required). Generates configuration UI hints for desktop apps and web interfaces. Validates user-provided configuration values against schema before passing to server. Supports configuration persistence and default values.","intents":["Define configuration options that users can customize when installing my MCP extension","Validate user configuration values to ensure they meet requirements before passing to server","Generate configuration UI automatically from schema for desktop app installers"],"best_for":["Extension developers building configurable MCP servers","Desktop app teams generating configuration UIs from manifests","Marketplace platforms supporting user-customizable extensions"],"limitations":["Configuration schema is static — cannot express conditional configuration (e.g., 'show API key field only if auth type is API')","No built-in configuration persistence — requires external storage","UI generation is hints-based — desktop apps must implement actual UI rendering","No runtime configuration updates — configuration is set at installation time"],"requires":["manifest.json with userConfiguration field","Valid configuration schema definition","User-provided configuration values matching schema"],"input_types":["configuration schema object","user configuration values (JSON object)"],"output_types":["validated configuration object","configuration validation errors","UI hints for configuration fields"],"categories":["data-processing-analysis","tool-use-integration"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"github_mcp-modelcontextprotocol-mcpb__cap_12","uri":"capability://data.processing.analysis.tools.and.prompts.manifest.specification.with.schema.validation","name":"tools and prompts manifest specification with schema validation","description":"Enables MCP extensions to declare available tools (functions the server exposes) and prompts (pre-written prompts for LLM interaction) in manifest.json with full schema validation. Tools include name, description, input schema, and output schema. Prompts include name, description, and template text. Manifest system validates that declared tools and prompts match actual server implementation. Enables client applications to discover and display available tools/prompts without executing server.","intents":["Declare what tools and prompts my MCP server provides in the manifest","Enable client apps to discover available tools without connecting to the server","Validate that manifest tool/prompt declarations match actual server implementation"],"best_for":["Extension developers documenting server capabilities in manifests","Desktop app teams discovering tools/prompts for UI display","Marketplace platforms showing extension capabilities without running servers"],"limitations":["Tool/prompt declarations are static — cannot express dynamic tools generated at runtime","No automatic discovery from server — declarations must be manually maintained in manifest","Schema validation only checks structure, not semantic correctness (e.g., schema matches actual implementation)","No versioning of tools/prompts — cannot deprecate or evolve tool signatures"],"requires":["manifest.json with tools and prompts arrays","Valid tool schema with name, description, inputSchema, outputSchema","Valid prompt schema with name, description, template"],"input_types":["tools array with tool definitions","prompts array with prompt definitions"],"output_types":["validated tools array","validated prompts array","validation errors for malformed declarations"],"categories":["data-processing-analysis","tool-use-integration"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"github_mcp-modelcontextprotocol-mcpb__cap_13","uri":"capability://data.processing.analysis.visual.assets.and.localization.file.management","name":"visual assets and localization file management","description":"Manages visual assets (icons, screenshots, banners) and localization files (translations for multiple languages) within bundles through manifest.json asset specifications. Supports multiple icon sizes and formats, screenshot galleries, and localized manifest fields (name, description in different languages). Validates asset file references and formats. Enables marketplace platforms to display localized extension information and assets. Supports asset compression and optimization within bundles.","intents":["Include icons and screenshots in my bundle for marketplace display","Provide localized extension names and descriptions for different languages","Validate that all asset files referenced in manifest actually exist in the bundle"],"best_for":["Extension developers creating marketplace-ready bundles with visual branding","Marketplace platforms displaying localized extension information","Teams supporting multiple languages in extension metadata"],"limitations":["Asset validation only checks file existence, not format correctness (e.g., icon is valid PNG)","No automatic image optimization — developers must pre-optimize assets","Localization is manifest-only — server code localization must be handled separately","No fallback mechanism for missing localized assets — requires all languages to be complete"],"requires":["manifest.json with assets and localization fields","Asset files (PNG, JPG, etc.) in bundle at paths specified in manifest","Localization files or inline translations in manifest"],"input_types":["asset file paths","localization object with language codes and translations"],"output_types":["validated asset references","localization data for rendering","asset validation errors"],"categories":["data-processing-analysis","image-visual"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"github_mcp-modelcontextprotocol-mcpb__cap_2","uri":"capability://automation.workflow.bundle.unpacking.with.selective.file.extraction.and.permission.restoration","name":"bundle unpacking with selective file extraction and permission restoration","description":"Extracts .mcpb ZIP archives with automatic restoration of Unix file permissions from ZIP extra fields, selective file extraction based on manifest specifications, and validation of bundle structure during unpacking. Supports extracting to custom directories and preserves the original bundle structure (manifest.json at root, server code in specified directory, dependencies in node_modules/venv). Includes integrity checks to ensure no files were corrupted during extraction.","intents":["Extract a .mcpb bundle to inspect its contents and verify structure before installation","Restore executable permissions on shell scripts and binaries after extracting on Unix systems","Validate that the extracted bundle matches the manifest specification"],"best_for":["Desktop app installers unpacking MCP extensions for local installation","Developers debugging bundle contents and structure","CI/CD systems validating bundle integrity before deployment"],"limitations":["Selective extraction requires manifest.json to be present and valid — cannot extract without knowing expected structure","Permission restoration only works on Unix-like systems (Linux, macOS); Windows extracts without permission bits","No streaming extraction — entire bundle must be loaded into memory before unpacking","Integrity checks use SHA1 (cryptographically weak) — not suitable for security-critical validation"],"requires":["Node.js 14+","Valid .mcpb file (ZIP archive with manifest.json at root)","Write permissions to target extraction directory","Sufficient disk space for unpacked bundle (typically 2-5x compressed size)"],"input_types":[".mcpb file path","target extraction directory path","optional: selective file filter array"],"output_types":["extracted directory structure","extraction report with file count and permission restoration status"],"categories":["automation-workflow","data-processing-analysis"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"github_mcp-modelcontextprotocol-mcpb__cap_3","uri":"capability://automation.workflow.platform.specific.configuration.overrides.with.variable.substitution","name":"platform-specific configuration overrides with variable substitution","description":"Enables MCP bundles to define platform-specific server configurations, dependencies, and assets through manifest.json platform overrides (e.g., separate Node.js entry points for macOS vs Windows, different Python venv paths). Supports variable substitution syntax for dynamic values like ${HOME}, ${PLATFORM}, ${ARCH} that are resolved at installation time. Allows conditional inclusion of dependencies and assets based on target platform, reducing bundle size and ensuring correct runtime configuration.","intents":["Configure different server entry points for Windows vs macOS vs Linux in a single bundle","Use environment variables like ${HOME} in configuration paths so they resolve correctly on each user's system","Include platform-specific dependencies (e.g., native binaries) only for the target platform"],"best_for":["Extension developers supporting multiple operating systems with different binary requirements","Teams building extensions that depend on platform-specific native modules","Desktop app teams deploying MCP extensions across heterogeneous user environments"],"limitations":["Variable substitution happens at installation time, not bundle creation time — requires runtime resolution logic in the installer","No conditional logic beyond platform/architecture matching — cannot express complex rules like 'use venv if Python 3.9+, else use bundled Python'","Platform detection relies on Node.js process.platform and process.arch — may not detect all edge cases (e.g., ARM64 on Windows)","Variable substitution is string-based — no type validation of resolved values"],"requires":["Node.js 14+","manifest.json with 'platforms' field containing platform-specific overrides","Valid variable names matching pattern ${VARIABLE_NAME}","Runtime environment providing variable values (e.g., HOME, PLATFORM, ARCH)"],"input_types":["manifest.json with platforms array","platform identifier string (e.g., 'darwin', 'win32', 'linux')","architecture identifier string (e.g., 'x64', 'arm64')"],"output_types":["resolved configuration object with platform-specific values","variable substitution map showing original and resolved values"],"categories":["automation-workflow","data-processing-analysis"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"github_mcp-modelcontextprotocol-mcpb__cap_4","uri":"capability://safety.moderation.bundle.validation.with.structural.integrity.and.manifest.conformance.checks","name":"bundle validation with structural integrity and manifest conformance checks","description":"Validates complete .mcpb bundles by checking manifest.json conformance to schema, verifying required files exist (server code, dependencies), confirming SHA1 hashes match, and validating asset references (icons, screenshots, localization files). Performs structural validation to ensure bundle ZIP format is correct and all referenced paths are present. Returns detailed error reports identifying missing files, schema violations, and hash mismatches.","intents":["Verify that a .mcpb bundle is valid and complete before distributing it to users","Detect corrupted bundles or incomplete packaging before installation","Validate that all asset references in the manifest actually exist in the bundle"],"best_for":["Extension developers validating bundles before marketplace submission","Marketplace platforms validating bundles before publishing","Desktop app teams validating bundles before installation"],"limitations":["Validation is static — does not execute server code or test actual functionality","SHA1 hash validation only detects corruption, not tampering (cryptographically weak)","Cannot validate that dependencies are compatible with target platform without executing them","Asset validation only checks existence, not format correctness (e.g., icon file is valid PNG)"],"requires":["Node.js 14+","Valid .mcpb file (ZIP archive)","manifest.json present at bundle root with valid schema version"],"input_types":[".mcpb file path","optional: validation strictness level (strict vs loose)"],"output_types":["validation result object with pass/fail status","detailed error array with file paths and violation descriptions","warnings array for non-critical issues"],"categories":["safety-moderation","data-processing-analysis"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"github_mcp-modelcontextprotocol-mcpb__cap_5","uri":"capability://automation.workflow.bundle.cleaning.with.auto.correction.and.schema.normalization","name":"bundle cleaning with auto-correction and schema normalization","description":"Automatically corrects and normalizes manifest.json files using loose schema validation, removing extraneous fields, fixing common formatting issues, and ensuring all required fields are present with valid values. Uses loose Zod schemas that allow passthrough to capture unexpected fields, then reconstructs a clean manifest conforming to strict schema. Supports in-place cleaning of bundles or generating cleaned copies. Useful for migrating legacy manifests or fixing malformed bundles.","intents":["Auto-fix manifest formatting issues without manually editing JSON","Remove deprecated fields from old manifest versions when upgrading","Normalize manifest structure to ensure consistency across bundles"],"best_for":["Extension developers upgrading legacy bundles to new manifest versions","Marketplace platforms auto-correcting user-submitted bundles","Build systems normalizing manifests before packaging"],"limitations":["Cleaning is lossy — removes unrecognized fields without warning, may discard custom metadata","Cannot fix semantic errors (e.g., invalid server path) — only structural issues","Loose schema mode may mask data quality problems that should be addressed manually","No rollback mechanism — cleaning modifies bundles in-place unless explicitly copying"],"requires":["Node.js 14+","Valid .mcpb file or manifest.json with recognizable structure","Write permissions to bundle directory (for in-place cleaning)"],"input_types":[".mcpb file path","manifest.json file path","optional: target manifest version for normalization"],"output_types":["cleaned manifest.json object","cleaning report with fields removed and corrections applied","optional: cleaned .mcpb file"],"categories":["automation-workflow","data-processing-analysis"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"github_mcp-modelcontextprotocol-mcpb__cap_6","uri":"capability://automation.workflow.cli.command.interface.for.bundle.lifecycle.management","name":"cli command interface for bundle lifecycle management","description":"Provides command-line interface with five core commands: mcpb init (scaffold new extension), mcpb pack (create bundle), mcpb unpack (extract bundle), mcpb validate (check bundle integrity), mcpb clean (auto-correct manifest). Each command maps to underlying programmatic APIs and supports flags for configuration (--output, --platform, --strict). Commands can be chained in build scripts and CI/CD pipelines. Supports both global and local installation via npm.","intents":["Initialize a new MCP extension project with scaffolded manifest.json and directory structure","Package my extension into a .mcpb bundle from the command line","Validate bundles in CI/CD pipelines before publishing","Integrate MCPB into build scripts and automation workflows"],"best_for":["Extension developers using command-line build tools and shell scripts","CI/CD systems automating bundle creation and validation","Teams integrating MCPB into existing build pipelines (Make, npm scripts, GitHub Actions)"],"limitations":["CLI is synchronous — long-running operations (large bundle packing) block the terminal","Error messages are text-based — no structured error output (JSON) for programmatic parsing","No interactive mode — all configuration must be provided via flags or manifest.json","Limited progress reporting for long operations — no progress bars or streaming output"],"requires":["Node.js 14+","MCPB installed globally (npm install -g @anthropic-ai/mcpb) or locally (npm install @anthropic-ai/mcpb)","Valid manifest.json for pack/validate/clean commands"],"input_types":["command name (init, pack, unpack, validate, clean)","command flags (--output, --platform, --strict, etc.)","directory paths or file paths as arguments"],"output_types":["console output with status messages","exit code (0 for success, non-zero for failure)","generated files (.mcpb bundles, manifest.json, directories)"],"categories":["automation-workflow","tool-use-integration"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"github_mcp-modelcontextprotocol-mcpb__cap_7","uri":"capability://tool.use.integration.node.js.programmatic.api.for.bundle.operations","name":"node.js programmatic api for bundle operations","description":"Exports TypeScript/JavaScript APIs for all bundle operations (pack, unpack, validate, clean, init) as importable functions from @anthropic-ai/mcpb package. Enables programmatic bundle creation and manipulation in Node.js applications, build tools, and desktop app installers. Provides type-safe interfaces for manifest objects, configuration, and validation results. Supports both CommonJS and ES module imports.","intents":["Integrate bundle packing into my Node.js build tool or bundler","Programmatically validate bundles in my desktop app installer","Create bundles dynamically from configuration objects without writing manifest.json files"],"best_for":["Node.js tool developers building MCP-aware build systems","Desktop app teams integrating bundle installation into Electron/Tauri apps","Build tool maintainers (webpack, esbuild, etc.) adding MCP support"],"limitations":["Node.js only — no Python or other language bindings","Requires understanding of TypeScript types and async/await patterns","No streaming APIs — all operations load entire bundles into memory","Error handling is callback-based or Promise-based — no structured error objects with codes"],"requires":["Node.js 14+","@anthropic-ai/mcpb package installed as dependency","TypeScript 4.5+ (for type definitions, optional for JavaScript)"],"input_types":["manifest object (TypeScript interface)","directory paths",".mcpb file paths","configuration objects"],"output_types":["Promise<bundle result object>","Promise<validation result>","extracted directory structure"],"categories":["tool-use-integration","code-generation-editing"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"github_mcp-modelcontextprotocol-mcpb__cap_8","uri":"capability://tool.use.integration.browser.compatible.api.for.bundle.inspection.and.validation","name":"browser-compatible api for bundle inspection and validation","description":"Provides browser-compatible JavaScript API for reading and validating .mcpb bundles in web applications, without requiring Node.js. Uses browser-compatible ZIP parsing libraries to extract and inspect bundle contents. Enables web-based bundle viewers, marketplace interfaces, and validation tools. Supports manifest validation and asset preview (icon display, localization inspection) in browser context.","intents":["Display bundle contents and metadata in a web-based marketplace interface","Validate bundles uploaded by users before accepting them","Preview bundle assets (icons, screenshots) in a browser without downloading full bundle"],"best_for":["Marketplace platforms building web UIs for bundle browsing and validation","Web-based bundle inspection and debugging tools","Desktop app teams using Electron/web views for bundle management UI"],"limitations":["Browser APIs cannot access local file system directly — requires File input or fetch for remote bundles","Memory constraints limit bundle size that can be processed in browser (typically <100MB)","No execution of server code — only static inspection of manifest and assets","Cross-origin restrictions may prevent loading bundles from different domains"],"requires":["Modern browser with File API support (Chrome 13+, Firefox 10+, Safari 6+)","Bundle file accessible via File input or fetch (CORS-enabled for remote bundles)"],"input_types":["File object from <input type='file'>","Blob from fetch() response","ArrayBuffer from file read"],"output_types":["parsed manifest object","validation result","asset preview data (base64-encoded icons, etc.)"],"categories":["tool-use-integration","data-processing-analysis"],"confidence":0.5,"matches":0,"success_rate":0},{"id":"github_mcp-modelcontextprotocol-mcpb__cap_9","uri":"capability://code.generation.editing.schema.generation.from.typescript.types","name":"schema generation from typescript types","description":"Automatically generates Zod validation schemas from TypeScript type definitions, enabling type-safe manifest validation without manually writing schema definitions. Uses TypeScript compiler API to parse type definitions and generate corresponding Zod schemas. Supports schema versioning and evolution by generating separate schemas for each manifest version. Enables strict and loose schema variants from single type definition.","intents":["Generate validation schemas automatically from TypeScript type definitions","Maintain schema consistency between type definitions and runtime validation","Create new schema versions without manually rewriting Zod definitions"],"best_for":["MCPB maintainers managing manifest schema versions","Tool developers building schema-driven systems","Teams using TypeScript as source of truth for data structures"],"limitations":["Requires TypeScript source files — cannot generate schemas from compiled JavaScript","Complex type features (conditional types, mapped types) may not translate to Zod schemas","Schema generation is one-way — changes to Zod schemas don't update TypeScript types","No validation of generated schemas — must be tested manually"],"requires":["Node.js 14+","TypeScript 4.5+","TypeScript source files with manifest type definitions"],"input_types":["TypeScript file path containing type definitions","type name to generate schema for"],"output_types":["Zod schema definition (as code string or object)","generated schema file"],"categories":["code-generation-editing","data-processing-analysis"],"confidence":0.5,"matches":0,"success_rate":0}],"trust":{"score":42,"verified":false,"data_access_risk":"high","permissions":["Node.js 14+ (Zod dependency)","Valid manifest.json file with 'version' field matching 0.1, 0.2, or 0.3","Node.js 14+","Valid manifest.json in bundle root","Server code at path specified in manifest.json serverPath field","All dependencies pre-installed (node_modules or venv directories)","Private key for signing (RSA or ECDSA)","Public key for verification (distributed to users/marketplace)","manifest.json with userConfiguration field","Valid configuration schema definition"],"failure_modes":["Loose schema mode may mask structural issues that strict validation would catch — requires manual review of auto-corrected manifests","Schema evolution is manual — no automatic migration tool from v0.1 to v0.3 manifests","Validation errors report at field level only, not nested object paths","Maximum compression (level 9) adds ~5-15% overhead to pack time compared to level 6","No built-in deduplication of dependencies across multiple bundles — each bundle contains full dependency tree","Windows file permissions are not preserved (only Unix permissions via ZIP extra fields)","Bundle size can exceed 100MB+ for extensions with large dependency trees (e.g., Chromium-based tools)","Signature system is optional — not enforced by default, requires explicit verification","Key management is developer responsibility — no built-in key storage or rotation","Signature verification requires public key distribution — adds complexity to trust model","builder identity is not verified yet","no observed match outcomes yet"],"rank_breakdown":{"adoption":0.4879740329791651,"quality":0.35,"ecosystem":0.39999999999999997,"match_graph":0.25,"freshness":0.75,"weights":{"adoption":0.25,"quality":0.25,"ecosystem":0.15,"match_graph":0.23,"freshness":0.12}},"observed_outcomes":{"matches":0,"success_rate":0,"avg_confidence":0,"top_intents":[],"last_matched_at":null},"maintenance":{"status":"active","updated_at":"2026-05-24T12:16:22.065Z","last_scraped_at":"2026-05-03T14:23:41.032Z","last_commit":"2026-04-22T16:16:06Z"},"community":{"stars":1891,"forks":184,"weekly_downloads":null,"model_downloads":null,"model_likes":null}},"distribution":{"claim_url":"https://unfragile.ai/submit?claim=mcp-modelcontextprotocol-mcpb","compare_url":"https://unfragile.ai/compare?artifact=mcp-modelcontextprotocol-mcpb"}},"signature":"d55wCtB+o76/OelCxGoGB6y+FQxyXDMW43DZWs/Gn4/0vXfk5AdP5LQ3ZnCNk56ynif0S4vMd8vX0/yHWP2UBQ==","signedAt":"2026-06-21T08:57:54.007Z","signedBy":"unfragile.ai","version":1},"_links":{"self":"https://unfragile.ai/api/v1/passport/mcp-modelcontextprotocol-mcpb","artifact":"https://unfragile.ai/mcp-modelcontextprotocol-mcpb","verify":"https://unfragile.ai/api/v1/verify?slug=mcp-modelcontextprotocol-mcpb","publicKey":"https://unfragile.ai/api/v1/trust-passport-public-key","spec":"https://unfragile.ai/trust","schema":"https://unfragile.ai/schema.json","docs":"https://unfragile.ai/docs"}}