BrowseFull catalogOutcomesSolve a specific problemRolesStack by teamTrustFilter by risk tier

Tools We Don't Recommend

We review hundreds of Claude AI tools; most make the catalog, some don't. This page is a curated (not exhaustive) list of exclusions worth knowing about, each with the specific reason — not just "niche" or "incomplete." Every verdict below is deep-linkable (hover a name for its #anchor).

Page last updated: 2026-07-03 · Security holds: 5 · Rejections: 2 · Scored below standard: 67

Security Holds

These tools were flagged during review for security concerns that make them unsuitable for recommendation.

FreeRideSecurity Hold Source
Rotates between free-tier accounts on multiple AI providers to dodge rate limits that those providers set intentionally. That is a direct violation of the Terms of Service for OpenAI, Anthropic, Google, and every other mainstream API — grounds for account termination, IP bans, and, for commercial use, potential breach-of-contract exposure. Beyond the legal posture, the tool's whole value proposition depends on staying one step ahead of provider enforcement, which means it will break unpredictably and invite anti-abuse scrutiny on any account touching it. If you need more throughput, pay for it; if you are building for clients, this is a liability you do not want in the stack.
agent-toolSecurity Hold Source
Bundles SSH and SFTP clients, live process memory inspection, binary analysis, and debugger (DAP) control into a single MCP server with no sandboxing or capability scoping. A successful prompt injection — or a confused model following a malicious README — could pivot into production servers using your keys, read credentials out of a running process's memory, or attach a debugger to a sensitive binary. Each of these capabilities alone warrants careful review; stacking them behind one LLM-driven interface turns the tool into a general-purpose post-exploitation toolkit. Use individual, purpose-built tools with narrower scopes instead.
real-browser-mcpSecurity Hold Source
Connects Claude to your actual Chrome profile — the one logged into your bank, email, CRM, and admin panels. Prompt injection from any page the model reads (an email, a search result, a scraped article) can trigger real actions inside those sessions: sending messages, approving transactions, changing settings, exfiltrating data. There is no sandbox, no per-site scoping, and no meaningful confirmation layer. The blast radius is everything your browser is currently signed into. For a consultant or operator, that is almost never an acceptable trade against the convenience it offers.
secbotSecurity Hold Source
Security concerns identified during review. Exercise caution.
t2000Security Hold Source
Exposes on-chain lending, borrowing, swapping, and investing on the Sui blockchain as tools an AI agent can call directly. Blockchain transactions are irreversible — a hallucinated amount, a wrong token address, or a prompt-injected instruction moves real money that no support desk can claw back. Non-custodial framing does not change this; it just means you personally absorb the loss. DeFi protocols themselves also carry smart-contract and oracle risk that most LLMs cannot reason about. Financial actions need human-in-the-loop confirmation and hard spending caps, neither of which this tool enforces.

Not Recommended

These tools were reviewed and rejected for specific reasons beyond just being niche or incomplete.

Linkedin Mcp ServerNot Recommended Source
Scrapes LinkedIn profiles, companies, and jobs via AI
Automates scraping of LinkedIn profiles, companies, and job listings through an AI agent. LinkedIn's User Agreement explicitly prohibits automated data collection, and LinkedIn has successfully pursued scrapers through account termination, cease-and-desist letters, and federal litigation (hiQ Labs, 3taps, and others). Detection is aggressive — behavioral fingerprinting, rate analysis, and device signals routinely flag scraping activity within days. For a consultant, the downside is not hypothetical: a suspended LinkedIn account is a business continuity problem, and using scraped data in client deliverables can create GDPR and CCPA exposure. Use the official LinkedIn API or a sanctioned data partner.
Mcp MindmeshNot Recommended Source
Quantum-inspired swarm orchestrating multiple Claude instances
Markets itself with terms like 'quantum field coherence,' 'ensemble intelligence,' and 'neural swarm' that imply capabilities the code does not deliver — under the hood it is a straightforward multi-model fan-out with a voting step. Overstated claims on an MCP server are a reliability signal in themselves: if the README misrepresents what the tool does, you should assume the same looseness applies to error handling, data handling, and security posture. You also inherit whatever credentials get wired into each underlying provider, multiplied across instances. Real multi-agent orchestration is possible, but it needs honest documentation before it earns a place in a client stack.

Scored Below Standard

These tools were catalogued and evaluated, but their latest evaluation scored a grade of D or F — they fell below the catalog's usable tier on the evidence (trust signals, maintenance, community pulse). This is an evidence-based rating, not a security flag. The stated reason for each comes from its evaluation rationale where one was recorded.

@demoday/skillGraded D Source
No detailed rationale recorded — scored below the catalog's usable tier on automated trust-signal evaluation.
@eslint/mcpGraded D Source
No detailed rationale recorded — scored below the catalog's usable tier on automated trust-signal evaluation.
@motion.page/claude-pluginGraded D Source
No detailed rationale recorded — scored below the catalog's usable tier on automated trust-signal evaluation.
Agent-Engineering-InfrastructureGraded D Source
27 GitHub stars; contributors unknown; last commit 0d ago; license no license.
CecilGraded D Source
293 GitHub stars; contributors unknown; last commit 0d ago; license EUPL-1.2.
Claude-AI-Pro-2026Graded D Source
52 GitHub stars; contributors unknown; last commit 0d ago; license no license.
Claude-Code-Agent-Design-KitGraded D Source
50 GitHub stars; contributors unknown; last commit 0d ago; license no license.
Mythos-Claude-OrchestratorGraded D Source
50 GitHub stars; contributors unknown; last commit 0d ago; license no license.
NanoBanana-PPT-SkillsGraded D Source
No detailed rationale recorded — scored below the catalog's usable tier on automated trust-signal evaluation.
Pace (Wearables MCP)Graded D Source
No detailed rationale recorded — scored below the catalog's usable tier on automated trust-signal evaluation.
ProductionOSGraded D Source
No detailed rationale recorded — scored below the catalog's usable tier on automated trust-signal evaluation.
Themata-Claude-ScribeGraded D Source
152 GitHub stars; contributors unknown; last commit 0d ago; license no license.
ai-skillsGraded D Source
32 GitHub stars; contributors unknown; last commit 4d ago; license no license.
anki-mcp-serverGraded D Source
242 GitHub stars; contributors unknown; last commit 1d ago; license no license.
apple-dev-skillsGraded D Source
No detailed rationale recorded — scored below the catalog's usable tier on automated trust-signal evaluation.
atlasGraded D Source
54 GitHub stars; contributors unknown; last commit 0d ago; license no license.
awesome-claude-codeGraded D Source
No detailed rationale recorded — scored below the catalog's usable tier on automated trust-signal evaluation.
awesome-skillsGraded D Source
No detailed rationale recorded — scored below the catalog's usable tier on automated trust-signal evaluation.
blender-mcpGraded D Source
No detailed rationale recorded — scored below the catalog's usable tier on automated trust-signal evaluation.
catalystGraded D Source
No detailed rationale recorded — scored below the catalog's usable tier on automated trust-signal evaluation.
cc-skills-golangGraded D Source
No detailed rationale recorded — scored below the catalog's usable tier on automated trust-signal evaluation.
claude-cli-mcp-bridgeGraded D Source
50 GitHub stars; contributors unknown; last commit 0d ago; license no license.
claude-design-studio-toolkitGraded D Source
51 GitHub stars; contributors unknown; last commit 0d ago; license no license.
claude-total-memoryGraded D Source
No detailed rationale recorded — scored below the catalog's usable tier on automated trust-signal evaluation.
cligateGraded D Source
89 GitHub stars; contributors unknown; last commit 0d ago; license AGPL-3.0.
clipforgeGraded D Source
181 GitHub stars; contributors unknown; last commit 0d ago; license AGPL-3.0.
code-virtuosoGraded D Source
No detailed rationale recorded — scored below the catalog's usable tier on automated trust-signal evaluation.
codebadgerGraded D Source
113 GitHub stars; contributors unknown; last commit 0d ago; license GPL-3.0.
codex-poolerGraded D Source
25 GitHub stars; contributors unknown; last commit 0d ago; license no license.
cowork-pluginsGraded D Source
221 GitHub stars; contributors unknown; last commit 0d ago; license no license.
dunetraceGraded D Source
55 GitHub stars; contributors unknown; last commit 0d ago; license no license.
exo-harness-ai-pipelineGraded D Source
151 GitHub stars; contributors unknown; last commit 0d ago; license no license.
gitea-cli-skillGraded D Source
No detailed rationale recorded — scored below the catalog's usable tier on automated trust-signal evaluation.
gryffin-calorai-ventusGraded D Source
152 GitHub stars; contributors unknown; last commit 0d ago; license no license.
handoffGraded D Source
60 GitHub stars; contributors unknown; last commit 0d ago; license no license.
humanizer-deGraded D Source
38 GitHub stars; contributors unknown; last commit 1d ago; license no license.
jira-commandsGraded D Source
41 GitHub stars; contributors unknown; last commit 0d ago; license no license.
kasettoGraded D Source
105 GitHub stars; contributors unknown; last commit 0d ago; license no license.
local-ai-code-assistantGraded D Source
152 GitHub stars; contributors unknown; last commit 0d ago; license no license.
mcp-1cGraded D Source
125 GitHub stars; contributors unknown; last commit 0d ago; license no license.
mcp-edd-analytics-vantageGraded D Source
151 GitHub stars; contributors unknown; last commit 0d ago; license no license.
mcp-github-pr-issue-analyserGraded D Source
No detailed rationale recorded — scored below the catalog's usable tier on automated trust-signal evaluation.
mcp-prometheusGraded D Source
No detailed rationale recorded — scored below the catalog's usable tier on automated trust-signal evaluation.
memento-vaultGraded D Source
No detailed rationale recorded — scored below the catalog's usable tier on automated trust-signal evaluation.
multi-agent-architecture-advisorGraded D Source
152 GitHub stars; contributors unknown; last commit 0d ago; license no license.
orionbelt-semantic-layerGraded D Source
58 GitHub stars; contributors unknown; last commit 0d ago; license no license.
piyazGraded D Source
118 GitHub stars; contributors unknown; last commit 1d ago; license AGPL-3.0.
plan-execute-verify-claude-codeGraded D Source
152 GitHub stars; contributors unknown; last commit 0d ago; license no license.
qaskillsGraded D Source
137 GitHub stars; contributors unknown; last commit 0d ago; license no license.
sealos-skillsGraded D Source
36 GitHub stars; contributors unknown; last commit 0d ago; license no license.
seo-blog-writer-claudeGraded D Source
No detailed rationale recorded — scored below the catalog's usable tier on automated trust-signal evaluation.
seobuild-onpageGraded D Source
212 GitHub stars; contributors unknown; last commit 2d ago; license no license.
shipGraded D Source
No detailed rationale recorded — scored below the catalog's usable tier on automated trust-signal evaluation.
skill-managerGraded D Source
107 GitHub stars; contributors unknown; last commit 1d ago; license no license.
sp500-mcp-serverGraded D Source
100 GitHub stars; contributors unknown; last commit 1d ago; license AGPL-3.0.
sql_to_ERGraded D Source
176 GitHub stars; contributors unknown; last commit 0d ago; license AGPL-3.0.
swift-code-reviewer-skillGraded D Source
No detailed rationale recorded — scored below the catalog's usable tier on automated trust-signal evaluation.
synapse-aiGraded D Source
198 GitHub stars; contributors unknown; last commit 7d ago; license AGPL-3.0.
tacitGraded D Source
No detailed rationale recorded — scored below the catalog's usable tier on automated trust-signal evaluation.
typo3-mcp-serverGraded D Source
82 GitHub stars; contributors unknown; last commit 2d ago; license GPL-2.0.
ue-mcpGraded D Source
123 GitHub stars; contributors unknown; last commit 1d ago; license no license.
unoplat-code-confluenceGraded D Source
89 GitHub stars; contributors unknown; last commit 7d ago; license no license.
web-developer-mcpGraded D Source
No detailed rationale recorded — scored below the catalog's usable tier on automated trust-signal evaluation.
whatsapp-mcpGraded D Source
75 GitHub stars; contributors unknown; last commit 2d ago; license GPL-3.0.
yantrikdb-serverGraded D Source
154 GitHub stars; contributors unknown; last commit 5d ago; license AGPL-3.0.
zenku-v2Graded D Source
35 GitHub stars; contributors unknown; last commit 22d ago; license no license.

Tool authors: If you believe your tool was excluded in error or have addressed the concerns listed here, reach out on LinkedIn. We re-evaluate tools when significant changes are made.

Frequently Asked Questions

Why are these Claude tools not recommended?

Each tool on this page was excluded for a specific reason disclosed alongside it — typically a security posture that creates unacceptable blast radius, a terms-of-service violation, overstated marketing relative to what the code delivers, or a design that puts user data or funds at risk. The reasoning for each tool is written out so you can judge for yourself whether it matches your situation.

Does "not recommended" mean these tools are unsafe?

Not always. "Not recommended" means we would not deploy it ourselves or suggest it to a client in our typical consulting context. Some tools carry genuine security concerns; others are simply overstated or carry legal risk like terms-of-service violations. Read the specific reasoning for each tool — context matters.

What is the difference between a security hold and a tool scored below standard?

A security hold is a tool flagged for a specific security concern — for example, an unacceptable blast radius if prompt-injected, or a design that puts credentials or funds at risk. A tool scored below standard was catalogued and evaluated normally, but its latest evaluation graded D or F on the evidence (trust signals, maintenance, community pulse). The first is a risk flag; the second is an evidence-based quality rating. Each tool's section on this page makes clear which kind it is.

How do you decide which Claude tools not to recommend?

We look at blast radius if the tool is prompt-injected, scope of credentials or capabilities it bundles, maintainer identity and responsiveness, license posture, documentation accuracy, and whether the value proposition justifies the risk. Our evaluation framework is published at /evaluate-tools.

Can a tool be re-evaluated if it changes?

Yes. If a maintainer addresses the specific concerns listed on this page, reach out and we will re-evaluate. Tools on this page are not blacklisted forever — they reflect the state of the tool at review time.

Full Catalog · Getting Started · Trending · Deployment Playbook · Evaluation Guide · How We Review

Rolling Claude out in your org? Let's talk.

Start a conversation →