com.exploit-intel/eip-mcp scored 29 — the lowest-trust new entry with a published package. It has no source code, no GitHub presence, and no named humans behind it. The contact is exploit.intel@proton.me. The MCP server wants your API credentials. You cannot see what it does with them.
The operators describe themselves on their about page:
"We're a mixed crew of hackers, researchers, and defenders — some of us still remember the milw0rm days, others grew up on GitHub. We built EIP because we missed an exploit archive that was fast, trustworthy, and rich with context. We are a non-commercial group, we are not selling anything, and we do this because we genuinely love the field."
— exploit-intel.com/about
The platform itself is polished: 334,701 CVEs tracked, 52,005 public exploits, aggregation from NVD, CISA KEV, ExploitDB, Metasploit, GitHub, and others. This isn't a throwaway. Someone put real work into a legitimate-looking exploit intelligence service, complete with API docs, a CLI tool, and now an MCP integration. They say they're "working toward" open-sourcing the backend. But "working toward" isn't "did," and right now the trust model is broken at every level: anonymous operators, closed source, credential requests, and a domain that deals in exploit intelligence.
To be fair: an MCP server focused on exploit intelligence and security research has more reason than most to keep its internals private. Exposing source code for a tool that aggregates exploit data could itself be a security risk. That context matters. But it's not how we grade things at MCP Scorecard — our trust scores are computed from observable signals only, and closed-source with anonymous operators and credential requests is going to score low regardless of intent. The registry has no mechanism to distinguish well-intentioned security researchers who prefer anonymity from something adversarial, and neither can we.
We plan to reach out to the Exploit Intel team for a future spotlight — we'd like to learn more about the platform and the people behind it. If you're reading this: open an issue or drop us a line.
Sources: Exploit Intelligence Platform — exploit-intel.com · About page · Contact: exploit.intel@proton.me · @exploit_intel · No GitHub org or user found · No named individuals · Scorecard: com.exploit-intel (score 29)