Tools We Don't Recommend
We review hundreds of Claude AI tools. Most make the catalog. Some don't. This page explains why specific tools were excluded — so you can make informed decisions if you encounter them elsewhere.
This is not a complete list of every rejected tool. It covers tools that are popular enough that you might encounter them, where the reasoning would save you time or protect you from risk.
Page last updated: 2026-05-29 · Security holds: 5 · Rejections: 2 · Scored below standard: 27
Security Holds
These tools were flagged during review for security concerns that make them unsuitable for recommendation.
FreeRide
FreeRide gives you unlimited free AI in OpenClaw by automatically managing OpenRouter's free models.
Rotates between free-tier accounts on multiple AI providers to dodge rate limits that those providers set intentionally. That is a direct violation of the Terms of Service for OpenAI, Anthropic, Google, and every other mainstream API — grounds for account termination, IP bans, and, for commercial use, potential breach-of-contract exposure. Beyond the legal posture, the tool's whole value proposition depends on staying one step ahead of provider enforcement, which means it will break unpredictably and invite anti-abuse scrutiny on any account touching it. If you need more throughput, pay for it; if you are building for clients, this is a liability you do not want in the stack.
View source
agent-tool
MCP tool server for AI coding agents -- encoding-aware file tools, binary analysis, DAP debugger, SSH/SFTP, process memory, and more
Bundles SSH and SFTP clients, live process memory inspection, binary analysis, and debugger (DAP) control into a single MCP server with no sandboxing or capability scoping. A successful prompt injection — or a confused model following a malicious README — could pivot into production servers using your keys, read credentials out of a running process's memory, or attach a debugger to a sensitive binary. Each of these capabilities alone warrants careful review; stacking them behind one LLM-driven interface turns the tool into a general-purpose post-exploitation toolkit. Use individual, purpose-built tools with narrower scopes instead.
View source
real-browser-mcp
MCP server + Chrome extension that gives AI agents control of your real browser with existing sessions and logins
Connects Claude to your actual Chrome profile — the one logged into your bank, email, CRM, and admin panels. Prompt injection from any page the model reads (an email, a search result, a scraped article) can trigger real actions inside those sessions: sending messages, approving transactions, changing settings, exfiltrating data. There is no sandbox, no per-site scoping, and no meaningful confirmation layer. The blast radius is everything your browser is currently signed into. For a consultant or operator, that is almost never an acceptable trade against the convenience it offers.
View source
secbot
⚠️ 本工具仅用于授权的安全测试。未经授权使用本工具进行网络攻击是违法的。一个智能化的自动化渗透测试机器人,具备AI驱动的安全测试能力。
Security concerns identified during review. Exercise caution.
View source
t2000
A bank account for AI agents. DeFi banking via MCP — save, borrow, invest, exchange, send. Non-custodial on Sui.
Exposes on-chain lending, borrowing, swapping, and investing on the Sui blockchain as tools an AI agent can call directly. Blockchain transactions are irreversible — a hallucinated amount, a wrong token address, or a prompt-injected instruction moves real money that no support desk can claw back. Non-custodial framing does not change this; it just means you personally absorb the loss. DeFi protocols themselves also carry smart-contract and oracle risk that most LLMs cannot reason about. Financial actions need human-in-the-loop confirmation and hard spending caps, neither of which this tool enforces.
View source
Not Recommended
These tools were reviewed and rejected for specific reasons beyond just being niche or incomplete.
Linkedin Mcp Server
Scrapes LinkedIn profiles, companies, and jobs via AI
Automates scraping of LinkedIn profiles, companies, and job listings through an AI agent. LinkedIn's User Agreement explicitly prohibits automated data collection, and LinkedIn has successfully pursued scrapers through account termination, cease-and-desist letters, and federal litigation (hiQ Labs, 3taps, and others). Detection is aggressive — behavioral fingerprinting, rate analysis, and device signals routinely flag scraping activity within days. For a consultant, the downside is not hypothetical: a suspended LinkedIn account is a business continuity problem, and using scraped data in client deliverables can create GDPR and CCPA exposure. Use the official LinkedIn API or a sanctioned data partner.
View source
Mcp Mindmesh
Quantum-inspired swarm orchestrating multiple Claude instances
Markets itself with terms like 'quantum field coherence,' 'ensemble intelligence,' and 'neural swarm' that imply capabilities the code does not deliver — under the hood it is a straightforward multi-model fan-out with a voting step. Overstated claims on an MCP server are a reliability signal in themselves: if the README misrepresents what the tool does, you should assume the same looseness applies to error handling, data handling, and security posture. You also inherit whatever credentials get wired into each underlying provider, multiplied across instances. Real multi-agent orchestration is possible, but it needs honest documentation before it earns a place in a client stack.
View source
Scored Below Standard
These tools were catalogued and evaluated, but their latest evaluation scored a grade of D or F — they fell below the catalog's usable tier on the evidence (trust signals, maintenance, community pulse). This is an evidence-based rating, not a security flag. The stated reason for each comes from its evaluation rationale where one was recorded.
@demoday/skill Graded D
Beautiful clickable product demos, installed as a Claude Code skill.
Scored below the catalog standard on automated evaluation.
View source
@eslint/mcp Graded D
MCP server for ESLint
Scored below the catalog standard on automated evaluation.
View source
@motion.page/claude-plugin Graded D
Official Motion.page Claude Code plugin — animation SDK skills, builder guides, and best practices.
Scored below the catalog standard on automated evaluation.
View source
NanoBanana-PPT-Skills Graded D
🎨 Generate high-quality PPTs with AI, featuring smart transitions and interactive playback for seamless presentations and engaging visuals.
Scored below the catalog standard on automated evaluation.
View source
Pace (Wearables MCP) Graded D
MCP connector letting Claude access data from 20+ wearable devices (Garmin, Polar, Whoop) for health and fitness analysis through natural language.
Scored below the catalog standard on automated evaluation.
View source
ProductionOS Graded D
ProductionOS v1.0 — Claude Code plugin with 76 agents, 39 commands, and 12 hooks. Deploys specialized agents that review, score, and improve your entire codebase. Smart routing, recursive convergence, self-evaluation.
Scored below the catalog standard on automated evaluation.
View source
apple-dev-skills Graded D
Codex skills for Apple dev workflows: Xcode MCP-first execution, automatic xcodebuild/xcrun/SwiftPM fallback, swiftly+toolchain guidance, and Dash local-docset docs.
Scored below the catalog standard on automated evaluation.
View source
awesome-claude-code Graded D
A curated list of awesome tools, IDE integrations, frameworks, and other resources for developers working with Anthropic's Claude Code.
Scored below the catalog standard on automated evaluation.
View source
awesome-skills Graded D
热门skills推荐,包括编程以及非编程等各种热门实用的skill
Scored below the catalog standard on automated evaluation.
View source
blender-mcp Graded D
🛠️ Connect Blender to Claude AI for seamless 3D modeling and scene manipulation using the Model Context Protocol for enhanced creative workflows.
Scored below the catalog standard on automated evaluation.
View source
catalyst Graded D
Token-efficient Claude Code workspace with parallel agents and persistent memory. Research → Plan → Implement → Validate workflow.
Scored below the catalog standard on automated evaluation.
View source
cc-skills-golang Graded D
🧑🎨 A collection of Golang agentic skills that works
Scored below the catalog standard on automated evaluation.
View source
claude-total-memory Graded D
Persistent memory MCP server for Claude Code & Codex CLI — self-improving agent with 4-tier search, 20 tools
Scored below the catalog standard on automated evaluation.
View source
code-virtuoso Graded D
Skills, sub-agents, and playbooks for Claude Code, Cursor, and any Agent Skills-compatible AI coding assistant.
Scored below the catalog standard on automated evaluation.
View source
gitea-cli-skill Graded D
Install gitea-cli as a Claude Code skill
Scored below the catalog standard on automated evaluation.
View source
mcp-github-pr-issue-analyser Graded D
A Model Context Protocol (MCP) application for automated GitHub PR analysis and issue management. Enables LLMs to fetch PR details, analyse diffs, manage issues, and handle releases through a standardised interface
Scored below the catalog standard on automated evaluation.
View source
mcp-prometheus Graded D
MCP server for Prometheus — query metrics, alerts, and monitoring data from Claude using PromQL.
Scored below the catalog standard on automated evaluation.
View source
memento-vault Graded D
Persistent knowledge capture for coding agents. Auto-triages sessions into searchable Zettelkasten notes with epistemic metadata. Works with Claude Code, Codex, Cursor, Windsurf via hooks or MCP. Local-only, markdown + git.
Scored below the catalog standard on automated evaluation.
View source
sealos-skills Graded D
AI agent skills for Sealos Cloud — deploy any project, provision databases, object storage & more with one command. Works with Claude Code, Gemini CLI, Codex.
Scored from trust signals (evidence-eval-v1): 36 GitHub stars; contributors unknown; last commit 0d ago; license no license.
View source
seo-blog-writer-claude Graded D
SEO blog writer Claude skill — turn any URL, notes, or topic into a human-sounding blog post that ranks on Google. Fills every SEO field: title, meta description, FAQ schema, table of contents. Beats AI detectors.
Scored below the catalog standard on automated evaluation.
View source
seobuild-onpage Graded D
SEOBuild Onpage - The first AI agent that writes pages Google ranks AND LLMs cite. One command in, ranking page out. Built on DeerFlow, powered by 2026 SEO + GEO strategies tested / working. Forensic competitive analysis, 500-token chunk architecture, entity consensus, verification tags. BYOK GSC, DataforSEO. Works w/ OpenClaw, Claude Code, Codex
Scored from trust signals (evidence-eval-v1): 212 GitHub stars; contributors unknown; last commit 2d ago; license no license.
View source
ship Graded D
An agentic development harness for Claude Code, Codex & Cursor: gated pipeline from spec to green checks.
Scored below the catalog standard on automated evaluation.
View source
skill-manager Graded D
SkillDock 是一个桌面控制中心,用于管理 AI Skills 和 MCP servers,支持 Git-aware 更新,并同步到 Claude Code、Codex、Cursor、Windsurf、Gemini CLI、GitHub Copilot 等工具。 SkillDock is a desktop control center for managing AI Skills and MCP servers, with Git-aware updates and sync for Claude Code, Codex, Cursor, Windsurf, Gemini CLI, GitHub Copilot, and more.
Scored from trust signals (evidence-eval-v1): 107 GitHub stars; contributors unknown; last commit 1d ago; license no license.
View source
sp500-mcp-server Graded D
An MCP server and Next.js web app for querying S&P 500 company data from Supabase, with tools for company info, news, officers, and SEC filings, plus embedded MCP App UI resources, Elicitation, and Sampling support.
Scored from trust signals (evidence-eval-v1): 100 GitHub stars; contributors unknown; last commit 1d ago; license AGPL-3.0.
View source
swift-code-reviewer-skill Graded D
Claude Code skill for comprehensive Swift/SwiftUI code reviews with multi-layer analysis
Scored below the catalog standard on automated evaluation.
View source
tacit Graded D
Harness tacit knowledge into the context of AI agent with on device always-on transcription
Scored below the catalog standard on automated evaluation.
View source
web-developer-mcp Graded D
A Model Context Protocol (MCP) server that provides web development tools for AI assistants. Enables browser automation, DOM inspection, network monitoring, and console analysis through Playwright.
Scored below the catalog standard on automated evaluation.
View source
Tool authors: If you believe your tool was excluded in error or have addressed the concerns listed here, reach out on LinkedIn. We re-evaluate tools when significant changes are made.
Frequently Asked Questions
Why are these Claude tools not recommended?
Each tool on this page was excluded for a specific reason disclosed alongside it — typically a security posture that creates unacceptable blast radius, a terms-of-service violation, overstated marketing relative to what the code delivers, or a design that puts user data or funds at risk. The reasoning for each tool is written out so you can judge for yourself whether it matches your situation.
Does "not recommended" mean these tools are unsafe?
Not always. "Not recommended" means we would not deploy it ourselves or suggest it to a client in our typical consulting context. Some tools carry genuine security concerns; others are simply overstated or carry legal risk like terms-of-service violations. Read the specific reasoning for each tool — context matters.
What is the difference between a security hold and a tool scored below standard?
A security hold is a tool flagged for a specific security concern — for example, an unacceptable blast radius if prompt-injected, or a design that puts credentials or funds at risk. A tool scored below standard was catalogued and evaluated normally, but its latest evaluation graded D or F on the evidence (trust signals, maintenance, community pulse). The first is a risk flag; the second is an evidence-based quality rating. Each tool's section on this page makes clear which kind it is.
How do you decide which Claude tools not to recommend?
We look at blast radius if the tool is prompt-injected, scope of credentials or capabilities it bundles, maintainer identity and responsiveness, license posture, documentation accuracy, and whether the value proposition justifies the risk. Our evaluation framework is published at /evaluate-tools.
Can a tool be re-evaluated if it changes?
Yes. If a maintainer addresses the specific concerns listed on this page, reach out and we will re-evaluate. Tools on this page are not blacklisted forever — they reflect the state of the tool at review time.