MCP compliance catalog

Every MCP tool in the SCOPE compliance index, grouped by server — risk posture, regulatory exposure, and the tools that warrant tighter governance.
80MCP servers
1695tools
Reset 80 of 80 servers
Vercel
20 tools · footprint 41
2 critical 3 high 2 med 13 low COSOSOX
Zapier
14 tools · footprint 39
1 critical 3 high 3 med 7 low COSOPCI+1 more
GitHub
83 tools · footprint 38
1 high 20 med 62 low COSOSOX
Snowflake
6 tools · footprint 37
2 critical 3 high 1 med COSOSOX
Calendly
35 tools · footprint 34
2 high 13 med 20 low
Smartsheet
42 tools · footprint 34
2 high 9 med 31 low COSOSOX
Ramp
17 tools · footprint 33
5 high 5 med 7 low COSOGLBA+2 more
Attio
37 tools · footprint 32
4 high 14 med 19 low
Egnyte
21 tools · footprint 31
3 high 9 med 9 low
Stytch
7 tools · footprint 31
1 critical 2 high 2 med 2 low
Wix
16 tools · footprint 29
1 critical 1 high 1 med 13 low COSOPCI+1 more
WordPress.com
19 tools · footprint 28
3 high 6 med 10 low COSOSOX
Oracle NetSuite
11 tools · footprint 27
3 high 3 med 5 low COSOSOX
Atlassian Rovo
54 tools · footprint 24
13 med 41 low
ZoomInfo
15 tools · footprint 24
5 high 4 med 6 low
Braze
40 tools · footprint 23
1 high 5 med 34 low COSOSOX
‹ PrevPage 2 of 5Next ›
WordPress.comDocs ↗
3 high 6 med 10 low · 19 tools · 1 SoD-flagged
regimes APPICCPACOSOGDPRISO_27001LGPDNIST_CSFPIPEDAPIPLPOPIASOC2SOXUK_GDPR

Tools needing tighter control (3 of 19)

wordpress-com.wpcom-mcp-content-authoring high conf highhuman approval
Creates, updates, and deletes posts, pages, comments, media metadata, categories, and tags on WordPress.com sites; can publish or remove live content.
wordpress-com.wpcom-mcp-site-users high conf highOBO
Lists site users with roles, permissions, and activity metrics; bulk PII read across site members.
wordpress-com.wpcom-mcp-user-security high conf highOBO
Reads user security settings including 2FA status; sensitive identity-posture data.
All other tools (16)
wordpress-com.wpcom-mcp-post-get low conf highallow
Retrieves a single post by ID or URL.
wordpress-com.wpcom-mcp-posts-search low conf highallow
Searches posts across user sites.
wordpress-com.wpcom-mcp-site-activity-log medium conf highaudit
Reads activity log entries for a site; can be used to reconstruct user actions for audit.
wordpress-com.wpcom-mcp-site-comments-search medium conf highaudit
Searches site comments; comment authors are personal data and may include email/IP metadata.
wordpress-com.wpcom-mcp-site-editor-context low conf highallow
Reads site design context (theme presets, colors, fonts, registered block types).
wordpress-com.wpcom-mcp-site-plugins low conf highallow
Reads installed plugin information for a site.
wordpress-com.wpcom-mcp-site-settings medium conf highaudit
Reads site-wide settings and configuration.
wordpress-com.wpcom-mcp-site-statistics low conf highallow
Reads site traffic statistics including views, visitors, and referrers.
wordpress-com.wpcom-mcp-user-achievements low conf highallow
Reads user achievements and progress tracking.
wordpress-com.wpcom-mcp-user-connections medium conf highaudit
Reads connected social accounts; tokens for third-party platforms are linked here.
wordpress-com.wpcom-mcp-user-notifications low conf highallow
Reads user notifications.
wordpress-com.wpcom-mcp-user-notifications-inbox low conf highallow
Manages the user's notification inbox.
wordpress-com.wpcom-mcp-user-profile medium conf highaudit
Reads the authenticated user's profile (name, email, settings).
wordpress-com.wpcom-mcp-user-sites low conf highallow
Lists and manages the user's owned sites with metrics.
wordpress-com.wpcom-mcp-user-sites-resource low conf highallow
MCP resource view of user sites data.
wordpress-com.wpcom-mcp-user-subscriptions medium conf highaudit
Reads user subscriptions and billing information.