cross-client testing + security scanning for mcp servers

Paste an MCP server.
Get the verdict.

> throne scan github.com/acme/files-mcp queued

claude code QUEUED

cursor QUEUED

chatgpt desktop QUEUED

codex cliemulator in calibration — verdicts ship when it passes weekly parity checks CALIBRATING

zedemulator in calibration — verdicts ship when it passes weekly parity checks CALIBRATING

{
  "client": "cursor",
  "step": "streaming",
  "error": {"code": -32001, "message": "request timed out after 5000ms"}
}

static scan · queued

VERDICT: NOT FIT TO SHIP 2 live clients diverge / 2 calibrating / 1 security finding / full report →

cross-client divergence

Three clients today. Five at full coverage.

Claude Code, Cursor, and ChatGPT Desktop run today. Codex CLI and Zed are in calibration until weekly parity checks prove the emulators match the real clients.

claude code{"result": "stream complete"}

cursor{"error": {"code": -32001, "message": "request timed out after 5000ms"}}

test suite

Nine steps. Every live client. Every run.

01 connect
02 discover
03 validate schemas
04 smoke-test tools
05 error handling
06 streaming
07 resource lifecycle
08 concurrent calls
09 reconnect

security scan

The scan you are not running.

MCP servers expose local files, credentials, prompts, commands, and developer workflows. Throne checks the server surface before a client turns a footgun into a user report.

THR-PATH-01HIGHpath traversal outside declared root

THR-EXEC-04HIGHunescaped command boundary

THR-PROMPT-07MEDIUMtool output enters model context undelimited

Paste an MCP server.Get the verdict.

Three clients today. Five at full coverage.

Nine steps. Every live client. Every run.

The scan you are not running.

First run is free. The verdict takes under a minute.

Paste an MCP server.
Get the verdict.