The playground

Try any of 919 endpoints — live.

Pick an endpoint, load a working example, tweak the params, and send — no signup to try. Results render the way the data deserves; raw JSON, headers & code are one tab away.

Playground demo key · api.reefapi.com

post/mcp-registry/v1/security_signals2 credits

HEURISTIC risk signals for an MCP server (NOT a safe/unsafe certification). Flags permission breadth (fs/network/exec), credential/env-var requests, repo health (archived/low-adoption), prompt-injection patterns in description/manifest, and corroboration (cross-registry presence). Always returns a disclaimer.

Working example

Parameters

idrequired

GitHub URL/slug or Smithery qualifiedName of the server to scan.

request preview

curl -X POST https://api.reefapi.com/mcp-registry/v1/security_signals \
  -H "x-api-key: $REEF_KEY" \
  -H "content-type: application/json" \
  -d '{"id":"github.com/modelcontextprotocol/servers"}'

Hit Send to run this endpoint live.