CuratedMCP
Developer Growth Kit

Build, publish, and distribute MCP servers at scale

Official SDKs, GitHub Actions templates, a verified publisher program, and one-click hosting — everything you need to go from local prototype to production-grade MCP server in hours.

Node.js + Python SDKs3 GitHub Actions templatesVerified badge program

What's in the kit

Every tool to ship and grow your MCP server

Early access

Official SDKs

Type-safe Node.js and Python clients for catalog queries, team config, and audit log export.

Early access

GitHub Actions

Three Action templates: sync config, audit-scan PRs, and publish releases. Template YAMLs available now.

Submit via docs

Verified Publisher badge

Human security review + badge in the catalog. Verified servers surface first in enterprise filtered views.

npm install -g @curatedmcp/sentinel

Sentinel CLI

Local-first action firewall. Wrap any MCP server, enforce policy rules, log locally. Free core.

npx -y @curatedmcp/mcp

Catalog MCP Server

Search the catalog and check verification status directly from Claude, Cursor, or any MCP client — no browser tab required.

Available

Managed hosting

One-click hosted endpoints from $9/mo. No containers, no restarts, no config drift.

Coming soon

Revenue share

List paid MCP servers and earn a revenue share on every subscription. Payouts via Stripe.

Official SDKs

Type-safe clients for Node.js and Python

Query the catalog, manage team configs, and export audit logs programmatically — with full TypeScript types and Pydantic models.

Early access: The SDK packages are in active development. The API surface shown below is final — packages will be published to npm/PyPI on launch. Join the waitlist via the docs page to be notified and get early access credentials.

Node.js
npm install @curatedmcp/sdk # early access — join waitlist below
import { CuratedMCP } from '@curatedmcp/sdk';

const client = new CuratedMCP({ apiKey: process.env.CURATEDMCP_API_KEY });

// List approved servers for your team
const servers = await client.catalog.list({ filter: 'read-only' });

// Get your Team Config URL config
const config = await client.team.getConfig({ teamId: 'acme' });

// Export audit logs
const logs = await client.audit.export({ from: '2026-01-01', format: 'csv' });
Python
pip install curatedmcp # early access — join waitlist below
from curatedmcp import CuratedMCP

client = CuratedMCP(api_key=os.environ["CURATEDMCP_API_KEY"])

# List approved servers for your team
servers = client.catalog.list(filter="read-only")

# Get your Team Config URL config
config = client.team.get_config(team_id="acme")

# Export audit logs
logs = client.audit.export(from_date="2026-01-01", format="csv")

GitHub Actions templates

Automate sync, audit, and publish from GitHub

Copy-paste YAML into your .github/workflows/ directory. Add your API key as a GitHub secret and you're live.

Early access: Actions 1 (sync config) uses the live Team Config URL — copy-paste ready today. Actions 2 and 3 (audit scan, publish) depend on GitHub Actions packages currently in active development alongside the SDK. The YAML templates shown are the final form.

Install MCP config

Sync your team's approved MCP config on every push. Ensures all developer machines use the latest org-approved servers.

curatedmcp-sync.yml
name: Sync MCP Config
on:
  push:
    branches: [main]
  schedule:
    - cron: '0 6 * * *'   # daily refresh

jobs:
  sync-mcp:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Fetch approved MCP config
        run: |
          curl -sf -H "Authorization: Bearer ${{ secrets.CURATEDMCP_API_KEY }}" \
            https://curatedmcp.com/api/teams/${{ vars.CURATEDMCP_TEAM_ID }}/config \
            -o .mcp-config.json
      - name: Verify JSON is valid
        run: python3 -c "import json,sys; json.load(open('.mcp-config.json'))"
      - name: Commit updated config
        uses: stefanzweifel/git-auto-commit-action@v5
        with:
          commit_message: "chore: update approved MCP config"
          file_pattern: .mcp-config.json

Audit scan on PR

Automatically scan pull requests for new MCP server additions and flag unapproved servers before they merge.

curatedmcp-audit.yml
name: MCP Audit Scan
on:
  pull_request:
    paths:
      - '**/*.json'
      - '.mcp-config.json'
      - 'claude.json'

jobs:
  audit:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Run MCP audit scan
        uses: curatedmcp/audit-action@v1
        with:
          api-key: ${{ secrets.CURATEDMCP_API_KEY }}
          team-id: ${{ vars.CURATEDMCP_TEAM_ID }}
          fail-on: unapproved,high-risk
      - name: Comment results on PR
        if: always()
        uses: curatedmcp/pr-comment-action@v1
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

Publish MCP server

Automate submission and update of your MCP server listing on CuratedMCP when you push a new release tag.

curatedmcp-publish.yml
name: Publish to CuratedMCP
on:
  push:
    tags:
      - 'v*'

jobs:
  publish:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Publish / update MCP listing
        uses: curatedmcp/publish-action@v1
        with:
          api-key: ${{ secrets.CURATEDMCP_API_KEY }}
          manifest: ./mcp.json          # your server manifest
          changelog: ${{ github.event.head_commit.message }}
      - name: Request security review
        if: ${{ inputs.request-review == 'true' }}
        uses: curatedmcp/review-action@v1
        with:
          api-key: ${{ secrets.CURATEDMCP_API_KEY }}

Required secret: CURATEDMCP_API_KEY — generate in your CuratedMCP dashboard under Settings → API Keys. Optionally set CURATEDMCP_TEAM_ID as a repository variable for team-scoped actions.

Verified publisher program

Get the Verified badge — and rank higher in enterprise search

Verified servers pass a human security review and display a Verified badge. Enterprise teams filter by Verified by default — so this directly drives installs.

01

Publish your server

Submit via the form below or use the Publish GitHub Action. Provide a public repo, config example, and your mcp.json manifest.

02

Human security review

A CuratedMCP engineer reads your source code within 48 hours, checking for secrets exposure, injection vulnerabilities, and MCP spec compliance.

03

Get the Verified badge

Approved servers display a Verified badge in the catalog and are eligible for the "Read-Only" filter — increasing enterprise discoverability significantly.

04

Auto-review on updates

Major version bumps trigger a re-review automatically (via the Publish Action or webhook). Badge stays active between patch releases.

mcp.jsonPlace in your repository root
{
  "name": "my-mcp-server",
  "version": "1.0.0",
  "description": "One-line description of what your server does",
  "category": "productivity",
  "risk": "read-only",
  "repository": "https://github.com/yourorg/your-mcp-server",
  "config": {
    "command": "npx",
    "args": ["-y", "my-mcp-server"],
    "env": {
      "API_KEY": { "required": true, "description": "Your service API key" }
    }
  },
  "tools": [
    { "name": "get_data", "description": "Retrieve data from the service" }
  ]
}

Quick start

From zero to listed in under an hour

1

Add mcp.json to your repo

Drop the manifest file in your repo root using the template above. This is what the reviewer reads.

2

Submit via the docs page

Go to /docs and submit your server link. A human engineer reviews within 48 hours.

3

Get listed + earn your badge

Once approved, your server is live in the catalog. Verified badge appears automatically.