Add MseeP.ai badge

[mseep-ai]

Hi there,

This pull request shares a security update on netlify-mcp.

We also have an entry for netlify-mcp in our directory, MseeP.ai, where we provide regular security and trust updates on your app.

We invite you to add our badge for your MCP server to your README to help your users learn from a third party that provides ongoing validation of netlify-mcp.

You can easily take control over your listing for free: visit it at https://mseep.ai/app/netlify-netlify-mcp.

Thanks,

The MseeP Team
MCP servers you can trust

---

[netlify]

👷 Deploy request for mcp-isolate pending review.

Visit the deploys page to approve it

Name	Link
🔨 Latest commit	6501730

[netlify]

👷 Deploy request for netlify-mcp pending review.

Visit the deploys page to approve it

Name	Link
🔨 Latest commit	6501730

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

• Documentation
  • Added a security assessment badge to the README, linking to security assessment details.

Walkthrough

A MseeP.ai Security Assessment badge is added to the very top of README.md. It consists of a linked image pointing to https://mseep.ai/app/netlify-netlify-mcp. No other content in the file is modified.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~1 minute

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: adding a MseeP.ai badge to the repository.
Description check	✅ Passed	The description is directly related to the changeset, explaining the purpose of adding the MseeP.ai security badge and providing context about the service.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Warning

⚠️ This pull request has been flagged as potential spam (promotional) by CodeRabbit slop detection and should be reviewed carefully.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@README.md`:
- Around line 1-2: The MseeP.ai badge in the README has mismatched domains: the
image URL uses mseep.net while the link destination uses mseep.ai. Verify with
MseeP.ai documentation whether these domains are intentionally related (such as
mseep.net being a CDN for mseep.ai) or if the image URL should be updated to use
mseep.ai for consistency. Confirm that the image link is the official badge URL
and document the relationship between the two domains to ensure the badge won't
break if their infrastructure changes.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: c4a4e0ad-a586-492b-b22a-770ef0db5453

📥 Commits

Reviewing files that changed from the base of the PR and between ca97df8 and 6501730.

📒 Files selected for processing (1)

• README.md

🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

• netlify/blueprints (manual)

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

MseeP.ai security assessment service legitimacy and reputation

💡 Result:

MseeP.ai appears to be a real, operating service associated with SkyDeck AI, but publicly available evidence of independent security validation is limited (many claims are marketing/press-release level rather than auditor-grade proof). 1) What it is (service/product claims) - MseeP.ai positions itself as a “verified”/trusted directory and gateway for Model Context Protocol (MCP) servers, aimed at reducing MCP supply-chain/security risk. A press-release distributed via AP Newswire Access Newswire states it provides “verified MCP server” capabilities including “Verified Maintainer Identities,” “Integrity Tracking” (hashes/signatures), “Comprehensive Metrics,” and “Security Alerts” for untrusted sources. [1] - SkyDeck AI’s docs for “MseeP AI Helper App” also claim a “security-first” approach: “Every MCP server in our registry undergoes comprehensive automated security analysis, vulnerability scanning, and trust verification.” [2] 2) Legitimacy signals (company/personality/technical footprint) - There is an established GitHub presence for “mseep-ai” (GitHub user/org) with many public repos and ongoing activity, consistent with an entity that is building software rather than only running a brochure site. [3] - A named CEO is publicly associated: SkyDeck AI press material quotes “Lawrence Sinclair, CEO of SkyDeck AI.” [1] - Public technical pages exist on mseep.ai for specific MCP servers (for example pages titled “Security Audit,” “Pentest,” etc.), indicating the site is more than a static landing page. [4][5] - Third-party web-scanner assessment site (Scamadviser) gives a “not a scam” style conclusion, while also noting typical trust factors like WHOIS privacy and domain age. This is a weak signal compared with audits, but it does suggest it is not an obvious dead/obvious scam domain. [6] 3) Reputation / trustworthiness (what’s missing) - The strongest detailed “security methodology” claims found in public sources are primarily from SkyDeck AI press releases and SkyDeck AI documentation, not from independent third-party audits/certifications that you could directly verify (e.g., named firms, audit scopes, report summaries, attestations, CVEs testing results). [1][2] - One independent-ish blog post discusses MseeP.ai in general terms and explicitly notes that MseeP.ai “has yet to publicly disclose the specifics of its verification process for inclusion in its directory,” which is effectively the key gap for independent verification. [7] 4) Bottom line (legitimacy and how to evaluate it safely) - Likely legitimate operator: Supported by active GitHub presence and business attribution to SkyDeck AI/CEO Lawrence Sinclair in press material. [3][1] - Limited independently verifiable proof: Public evidence for rigorous, independently performed security assessments (auditor reports, detailed verification process, third-party attestations) is not clearly available in the sources found. [7][2] - Practical recommendation: Treat MseeP.ai as a convenience layer for discovering/installing MCP servers, but still perform your own due diligence for any server you install/use—e.g., inspect the server’s source/release integrity, review its permissions/network/filesystem access, and run security reviews/testing in your environment. This recommendation aligns with the fact that the detailed verification process itself is not fully independently evidenced publicly. [7][2] Sources used (most relevant): [6][3][7][1][4][5][2].

Citations:

• 1: https://apnews.com/press-release/access-newswire/mseep-ai-solves-the-mcp-security-nightmare-with-our-directory-for-trusted-mcp-servers-9a7234ebf68facb96b44043c84a13698
• 2: https://docs.skydeck.ai/mseep-ai-helper-app
• 3: https://github.com/mseep-ai
• 4: https://mseep.ai/app/qianniuspace-mcp-security-audit
• 5: https://mseep.ai/app/ram001-code-pentestmcp
• 6: https://www.scamadviser.com/check-website/mseep.ai
• 7: https://techagency.com.au/mseep-ai-secure-mcp-servers-end-nightmare/

---

🏁 Script executed (no clone):

#!/bin/bash
# Check WHOIS and basic DNS info for both domains
echo "=== mseep.ai details ==="
curl -s "https://www.whois.com/whois/mseep.ai" | grep -i "registrar\|created\|updated" | head -5
echo ""
echo "=== mseep.net details ==="
curl -s "https://www.whois.com/whois/mseep.net" | grep -i "registrar\|created\|updated" | head -5

Length of output: 277

---

🏁 Script executed:

#!/bin/bash
# Check git log for context about the badge addition
git log --oneline -20 -- README.md 2>/dev/null | head -10
# Also check if there are any comments or docs about MseeP.ai
rg -i "mseep" --type md -A 3 -B 3

Repository: netlify/netlify-mcp

Length of output: 300

---

Clarify the domain relationship for the MseeP.ai badge URLs.

MseeP.ai is a legitimate service by SkyDeck AI with established presence (GitHub, press releases, named CEO), so phishing/scam concerns are not warranted. However, the badge links to two different domains—the image is hosted on mseep.net while the link points to mseep.ai—which should be clarified.

Verify and document:

1. Whether mseep.net and mseep.ai are intentionally related (e.g., CDN vs. service domain) or if the image URL should be updated to use mseep.ai.
2. Confirm the image link is the official badge URL from MseeP.ai and won't break if their CDN changes.

Note: MseeP.ai currently lacks independent third-party security audit validation, but this is a known limitation of their service offering rather than a hidden concern.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@README.md` around lines 1 - 2, The MseeP.ai badge in the README has
mismatched domains: the image URL uses mseep.net while the link destination uses
mseep.ai. Verify with MseeP.ai documentation whether these domains are
intentionally related (such as mseep.net being a CDN for mseep.ai) or if the
image URL should be updated to use mseep.ai for consistency. Confirm that the
image link is the official badge URL and document the relationship between the
two domains to ensure the badge won't break if their infrastructure changes.