MCP Server Registration Checklist for Claude Catalog

General Information

Server Type: Remote MCP Server
Platforms: Claude.ai, Claude Desktop, Claude Mobile
Submission Form: https://docs.google.com/forms/d/e/1FAIpQLSeafJF2NDI7oYx1r8o0ycivCSVLNq92Mpc1FPxMKSw1CzDkqA/viewform
Documentation: https://support.claude.com/en/articles/12922490-remote-mcp-server-submission-guide

Mandatory Technical Requirements

1. HTTPS with Valid SSL Certificate

  • [ ] Server accessible via HTTPS
  • [ ] Valid SSL certificate (Let's Encrypt or commercial)
  • [ ] Endpoint: https://yourdomain.com/mcp/v1/

2. MCP Protocol Implementation

Your server must support these MCP methods:

Required Methods:

  • [ ] initialize - Protocol handshake
  • [ ] tools/list - Returns list of available tools
  • [ ] tools/call - Executes a tool
  • [ ] notifications/initialized - Initialization confirmation (no response needed)

3. Safety Annotations (CRITICAL - MANDATORY)

Every single tool MUST have safety annotations.

  • [ ] All tools have readOnlyHint OR destructiveHint
  • [ ] Annotations accurately reflect tool behavior
  • [ ] No tools are missing annotations

Rules: - Read-only tools (only read data): readOnlyHint: true, destructiveHint: false - Destructive tools (create/modify/delete data): destructiveHint: true, readOnlyHint: false

Common mistakes to avoid: - Missing annotations entirely - Both set to false - Wrong annotation (destructive tool marked as read-only)

Official documentation: - MCP spec (Tools, Data Types → Tool, annotations):
Tools – Server Features — tool definition and optional annotations (trust & safety).
Schema Reference → ToolAnnotations — defines readOnlyHint and destructiveHint on the Tool type. - Claude catalog requirement (every tool must have these):
Remote MCP Server Submission Guide — where the “every tool MUST have safety annotations” rule is stated for directory listing.

4. OAuth 2.0 Authentication (if authentication required)

  • [ ] OAuth 2.0 authorization code flow implemented
  • [ ] Authorization endpoint: https://yourdomain.com/oauth/authorize/
  • [ ] Token endpoint: https://yourdomain.com/auth/token/
  • [ ] Callback URLs allowlisted

Required callback URLs to allowlist: 

 'https://claude.ai/api/mcp/auth_callback',      // ← Claude.ai web
 'https://claude.com/api/mcp/auth_callback',     // ← Claude.com web
 'http://localhost:6274/oauth/callback',         // ← Claude Desktop
 'http://localhost:6274/oauth/callback/debug'    // ← Claude Code/Inspector

5. CORS Configuration

  • [ ] CORS headers configured for Claude domains
  • [ ] OPTIONS requests handled correctly

6. IP Allowlisting (if server behind firewall)

  • [ ] Claude IP addresses allowlisted

Get current IP list: 

curl https://docs.claude.com/en/api/ip-addresses

Add these IPs to your firewall allowlist.

Note: IP allowlisting alone is NOT sufficient security - use OAuth 2.0 for authentication.

Documentation Requirements

1. Public Documentation (README.md)

  • [ ] Server description (what it does)
  • [ ] List of features
  • [ ] Complete list of all tools with:
  • Tool name
  • Type (read-only / destructive)
  • Description
  • Parameters
  • Return value
  • [ ] Setup/connection instructions
  • [ ] Authentication details (if applicable)
  • [ ] Minimum 3 usage examples (MANDATORY)
  • [ ] Support contact information
  • [ ] Privacy policy link

Example structure:

# Teacher Assistant MCP Server

## Description
MCP server for teachers to manage courses, students, and assignments through Claude.

## Features
- Course management
- Student tracking
- Assignment creation and grading

## Available Tools

### getMyCourses
**Type:** Read-only  
**Description:** Returns list of all courses for the current teacher  
**Parameters:** None  
**Returns:** Array of courses with student counts

### getStudentsByCourse
**Type:** Read-only  
**Description:** Returns list of students for a specific course  
**Parameters:**
- `courseId` (number, required): Course ID
**Returns:** Array of students with their progress

### createAssignment
**Type:** Destructive (creates data)  
**Description:** Creates a new assignment for a course  
**Parameters:**
- `courseId` (number, required): Course ID
- `title` (string, required): Assignment title
- `description` (string, optional): Assignment description
- `dueDate` (string, required): Due date (ISO 8601)
**Returns:** Created assignment with ID

## Connection

1. Open [Claude MCP Directory](https://claude.com/connectors)
2. Find "Teacher Assistant"
3. Click "Connect"
4. Login with your teacher account
5. Authorize access

## Authentication
This server uses OAuth 2.0. Each teacher sees only their own data.

## Usage Examples

### Example 1: View My Courses
**User prompt:** "Show me all my courses this semester"

**What happens:**
1. Claude calls `getMyCourses`
2. Server returns course list
3. Claude formats and displays course information

**Expected result:**
You have 3 courses this semester: 1. Math 10th Grade (25 students) 2. Physics 11th Grade (20 students) 3. Algebra 9th Grade (28 students) 

### Example 2: Find Students Who Didn't Submit
**User prompt:** "Which students from Math 10th Grade didn't submit the last assignment?"

**What happens:**
1. Claude calls `getMyCourses` to find course ID
2. Claude calls `getStudentsByCourse` with courseId
3. Claude analyzes submission status
4. Shows list of students

**Expected result:**
5 students didn't submit "Quadratic Equations": - John Smith - Mary Johnson - Alex Brown - Sarah Davis - Mike Wilson 

### Example 3: Create New Assignment
**User prompt:** "Create an assignment for Physics 11th Grade on 'Mechanics' due next Monday"

**What happens:**
1. Claude calls `getMyCourses` to find "Physics 11th Grade"
2. Claude calculates next Monday's date
3. Claude calls `createAssignment` with parameters
4. Confirms creation

**Expected result:**
✓ Assignment created: Title: Mechanics Course: Physics 11th Grade Due: February 17, 2025 Students will be notified 

## Privacy Policy
https://yourdomain.com/privacy

We collect only necessary data:
- Your course information
- Student lists
- Grades and assignments

We DO NOT collect:
- Full conversations with Claude
- Personal messages
- Data from other apps

## Support
- Email: support@yourdomain.com
- Documentation: https://yourdomain.com/docs
- Troubleshooting: https://yourdomain.com/troubleshooting

2. Privacy Policy (MANDATORY)

  • [ ] Privacy policy published at stable URL
  • [ ] Explains data collection
  • [ ] Explains data usage
  • [ ] Explains data retention
  • [ ] Explains user rights

Minimum requirements: - What data you collect - Why you collect it - How long you store it - Who has access to it - How users can delete their data

Example: https://yourdomain.com/privacy

3. Minimum 3 Usage Examples (MANDATORY)

Each example must include: - [ ] User prompt/request - [ ] What the server does - [ ] Expected output/behavior

Format: 

### Example 1: [Action Name]
**User prompt:** "Natural language request here"
**What happens:**
- Step 1: Server does X
- Step 2: Server does Y
- Step 3: Result shown

**Expected result:**
[Show what user sees]

Tips: - Cover different tool types (read-only and destructive) - Show realistic use cases - Demonstrate value proposition - Use natural language prompts

Test Account

Required Test Account Setup

  • [ ] Test account created with full access
  • [ ] Sample data populated
  • [ ] Account documented for reviewers

What to provide in submission form:

Test Account Credentials:
  Email: test.teacher@yourdomain.com
  Password: TestPass123!

Sample Data Available:
  - 3 courses with students
  - 10-15 students per course
  - 5 assignments with various statuses
  - Grade history with different completion levels

Special Notes:
  - Account has full teacher permissions
  - All tools are accessible
  - Sample data refreshes daily (optional)

Important: - Test account must remain active during review - Sample data should demonstrate all tool functionality - Ensure realistic data (not just dummy values)

Security & Compliance

Security Checklist

  • [ ] HTTPS only (no HTTP)
  • [ ] Valid SSL certificate
  • [ ] OAuth 2.0 for authentication
  • [ ] Tokens stored securely (hashed)
  • [ ] SQL injection prevention
  • [ ] XSS prevention
  • [ ] CSRF protection for OAuth

Privacy Compliance

  • [ ] Only collect necessary data
  • [ ] Do NOT collect full conversation history
  • [ ] Do NOT collect data from other apps
  • [ ] Clear data retention policy
  • [ ] User data deletion capability

Policy Compliance

Must comply with: - [ ] Anthropic Usage Policy - [ ] MCP Directory Policy - [ ] MCP Directory Terms

Prohibited: - Money transfers or financial transactions - Image/video/audio generation (design assets like charts OK) - Cross-service automation - Bypassing Claude safety guardrails - Accessing user's chat history or memory

Performance Requirements

Response Times

  • [ ] Initialize: < 5 seconds
  • [ ] tools/list: < 5 seconds
  • [ ] tools/call: < 30 seconds (preferably < 10)

Error Handling

  • [ ] Graceful error handling
  • [ ] Helpful error messages (not generic)
  • [ ] Proper HTTP status codes

Token Efficiency

  • [ ] Responses are concise but complete
  • [ ] No unnecessary verbose output
  • [ ] Tool names ≤ 64 characters

Guideline: Token usage should match task complexity

Submission Process

Pre-Submission Checklist

Technical: - [ ] HTTPS working with valid certificate - [ ] MCP protocol implemented (initialize, tools/list, tools/call) - [ ] All tools have safety annotations - [ ] OAuth 2.0 working - [ ] CORS configured correctly - [ ] Response times acceptable - [ ] Error handling implemented

Documentation: - [ ] Public documentation published - [ ] Privacy policy published - [ ] Minimum 3 usage examples written - [ ] Support contact provided - [ ] All tools documented

Testing: - [ ] Test account created with sample data - [ ] Tested with MCP Inspector or Claude Desktop - [ ] All tools verified working - [ ] OAuth flow tested end-to-end

Submission Form

Form URL: https://docs.google.com/forms/d/e/1FAIpQLSeafJF2NDI7oYx1r8o0ycivCSVLNq92Mpc1FPxMKSw1CzDkqA/viewform

Information to provide:

  1. Server Details
  2. Server name
  3. Description (1-2 sentences)
  4. Server URL (HTTPS)

  5. Category

  6. OAuth Details (if applicable)

  7. Authorization URL
  8. Token URL
  9. Client ID

  10. Callback URLs

  11. Documentation

  12. Documentation URL
  13. Privacy policy URL

  14. Support email/URL

  15. Test Access

  16. Test account credentials
  17. Sample data description

  18. Special setup instructions (if any)

  19. Examples

  20. Example 1 (prompt + behavior)
  21. Example 2 (prompt + behavior)

  22. Example 3 (prompt + behavior)

  23. Developer Info

  24. Contact name
  25. Contact email

  26. Company/Organization (if applicable)

  27. Compliance

  28. Confirm ownership of API endpoint
  29. Agree to MCP Directory Terms
  30. Confirm compliance with policies

Common Rejection Reasons

Top Issues to Avoid

  1. Missing safety annotations (readOnlyHint/destructiveHint)
  2. Fix: Add @mcpReadOnly or @mcpDestructive to ALL RPC methods

  3. Impact: Immediate rejection

  4. OAuth implementation errors

  5. Missing callback URLs in allowlist
  6. Token validation not working

  7. Fix: Test OAuth flow thoroughly

  8. Incomplete documentation

  9. Missing usage examples
  10. Tools not documented

  11. Fix: Follow documentation template exactly

  12. Test account issues

  13. Account doesn't work
  14. No sample data

  15. Fix: Test with a fresh login

  16. MCP protocol violations

  17. Wrong response format
  18. Missing required methods

  19. Fix: Validate with MCP Inspector

  20. Privacy policy missing or inaccessible

  21. Fix: Publish at stable HTTPS URL

  22. Poor error handling

  23. Generic error messages
  24. Server crashes on invalid input
  25. Fix: Test edge cases, implement graceful errors

Review Timeline

What to expect:

  • Submission: Instant confirmation
  • Review: Variable timeline (high volume of submissions)
  • Response: Email notification if accepted or revision needed
  • No guaranteed timeline - be patient

Note: Anthropic cannot promise: - Acceptance of every submission - Individual responses to all submissions - Specific review timelines

Best Practices

For Faster Approval

  1. Complete checklist thoroughly - don't skip items
  2. Test everything yourself first - pretend you're the reviewer
  3. Provide excellent documentation - clear, comprehensive, with examples
  4. High-quality test account - realistic data, full access
  5. Professional presentation - well-written, no typos

For Better User Experience

  1. Fast responses - optimize your queries
  2. Helpful errors - guide users to fix issues
  3. Token efficient - don't send walls of text
  4. Clear tool descriptions - Claude needs to know when to call each tool
  5. Realistic examples - show real use cases

For Long-term Success

  1. Monitor server health - uptime, performance
  2. Respond to user feedback - fix issues promptly
  3. Keep dependencies updated - security patches
  4. Maintain compliance - policies may change
  5. Support users - answer questions quickly

Official Resources: - Submission Form: https://docs.google.com/forms/d/e/1FAIpQLSeafJF2NDI7oYx1r8o0ycivCSVLNq92Mpc1FPxMKSw1CzDkqA/viewform - Submission Guide: https://support.claude.com/en/articles/12922490-remote-mcp-server-submission-guide - Directory Policy: https://support.claude.com/en/articles/11697096-anthropic-mcp-directory-policy - Directory Terms: https://support.claude.com/en/articles/11697081-anthropic-mcp-directory-terms-and-conditions - MCP Protocol: https://modelcontextprotocol.io/ - Claude IP Addresses: https://docs.claude.com/en/api/ip-addresses

Support: - Claude Help Center: https://support.claude.com - MCP Documentation: https://modelcontextprotocol.io/

Final Pre-Submission Checklist

Print this and check off each item before submitting:

Technical Requirements: - [ ] HTTPS with valid SSL certificate - [ ] initialize method working - [ ] tools/list method working - [ ] tools/call method working - [ ] ALL tools have safety annotations - [ ] OAuth 2.0 implemented (if auth required) - [ ] CORS configured for Claude domains - [ ] IP allowlisting done (if behind firewall) - [ ] Response times < 30 seconds - [ ] Error handling graceful and helpful

Documentation: - [ ] Public documentation published - [ ] Server description clear - [ ] All tools documented with types - [ ] Minimum 3 usage examples included - [ ] Privacy policy published - [ ] Support contact provided

Testing: - [ ] Test account created - [ ] Sample data populated - [ ] Tested with MCP Inspector or Claude Desktop - [ ] All tools verified working - [ ] OAuth flow tested end-to-end (if applicable) - [ ] Error cases tested

Compliance: - [ ] Read and agree to MCP Directory Terms - [ ] Comply with Anthropic Usage Policy - [ ] No prohibited use cases - [ ] Only necessary data collected - [ ] Own or control the API endpoint

Submission Form: - [ ] All fields filled out completely - [ ] Test credentials provided - [ ] URLs verified (all links work) - [ ] Examples are clear and realistic - [ ] Contact information accurate

You're Ready to Submit When:

  • All items in this checklist are complete
  • You can successfully test your server with MCP Inspector
  • Test account works and has realistic sample data
  • Documentation is clear and comprehensive
  • You've tested the OAuth flow (if applicable)
  • All tools have correct safety annotations

Good luck with your submission!