Tools We Don't Recommend
We review hundreds of Claude AI tools. Most make the catalog. Some don't. This page explains why specific tools were excluded — so you can make informed decisions if you encounter them elsewhere.
This is not a complete list of every rejected tool. It covers tools that are popular enough that you might encounter them, where the reasoning would save you time or protect you from risk.
Page last updated: 2026-04-20 · Holds on this page: 5 · Rejections on this page: 2
Security Holds
These tools were flagged during review for security concerns that make them unsuitable for recommendation.
FreeRide
FreeRide gives you unlimited free AI in OpenClaw by automatically managing OpenRouter's free models.
Rotates between free-tier accounts on multiple AI providers to dodge rate limits that those providers set intentionally. That is a direct violation of the Terms of Service for OpenAI, Anthropic, Google, and every other mainstream API — grounds for account termination, IP bans, and, for commercial use, potential breach-of-contract exposure. Beyond the legal posture, the tool's whole value proposition depends on staying one step ahead of provider enforcement, which means it will break unpredictably and invite anti-abuse scrutiny on any account touching it. If you need more throughput, pay for it; if you are building for clients, this is a liability you do not want in the stack.
View source
agent-tool
MCP tool server for AI coding agents -- encoding-aware file tools, binary analysis, DAP debugger, SSH/SFTP, process memory, and more
Bundles SSH and SFTP clients, live process memory inspection, binary analysis, and debugger (DAP) control into a single MCP server with no sandboxing or capability scoping. A successful prompt injection — or a confused model following a malicious README — could pivot into production servers using your keys, read credentials out of a running process's memory, or attach a debugger to a sensitive binary. Each of these capabilities alone warrants careful review; stacking them behind one LLM-driven interface turns the tool into a general-purpose post-exploitation toolkit. Use individual, purpose-built tools with narrower scopes instead.
View source
real-browser-mcp
MCP server + Chrome extension that gives AI agents control of your real browser with existing sessions and logins
Connects Claude to your actual Chrome profile — the one logged into your bank, email, CRM, and admin panels. Prompt injection from any page the model reads (an email, a search result, a scraped article) can trigger real actions inside those sessions: sending messages, approving transactions, changing settings, exfiltrating data. There is no sandbox, no per-site scoping, and no meaningful confirmation layer. The blast radius is everything your browser is currently signed into. For a consultant or operator, that is almost never an acceptable trade against the convenience it offers.
View source
secbot
⚠️ 本工具仅用于授权的安全测试。未经授权使用本工具进行网络攻击是违法的。一个智能化的自动化渗透测试机器人,具备AI驱动的安全测试能力。
Security concerns identified during review. Exercise caution.
View source
t2000
A bank account for AI agents. DeFi banking via MCP — save, borrow, invest, exchange, send. Non-custodial on Sui.
Exposes on-chain lending, borrowing, swapping, and investing on the Sui blockchain as tools an AI agent can call directly. Blockchain transactions are irreversible — a hallucinated amount, a wrong token address, or a prompt-injected instruction moves real money that no support desk can claw back. Non-custodial framing does not change this; it just means you personally absorb the loss. DeFi protocols themselves also carry smart-contract and oracle risk that most LLMs cannot reason about. Financial actions need human-in-the-loop confirmation and hard spending caps, neither of which this tool enforces.
View source
Not Recommended
These tools were reviewed and rejected for specific reasons beyond just being niche or incomplete.
Linkedin Mcp Server
Scrapes LinkedIn profiles, companies, and jobs via AI
Automates scraping of LinkedIn profiles, companies, and job listings through an AI agent. LinkedIn's User Agreement explicitly prohibits automated data collection, and LinkedIn has successfully pursued scrapers through account termination, cease-and-desist letters, and federal litigation (hiQ Labs, 3taps, and others). Detection is aggressive — behavioral fingerprinting, rate analysis, and device signals routinely flag scraping activity within days. For a consultant, the downside is not hypothetical: a suspended LinkedIn account is a business continuity problem, and using scraped data in client deliverables can create GDPR and CCPA exposure. Use the official LinkedIn API or a sanctioned data partner.
View source
Mcp Mindmesh
Quantum-inspired swarm orchestrating multiple Claude instances
Markets itself with terms like 'quantum field coherence,' 'ensemble intelligence,' and 'neural swarm' that imply capabilities the code does not deliver — under the hood it is a straightforward multi-model fan-out with a voting step. Overstated claims on an MCP server are a reliability signal in themselves: if the README misrepresents what the tool does, you should assume the same looseness applies to error handling, data handling, and security posture. You also inherit whatever credentials get wired into each underlying provider, multiplied across instances. Real multi-agent orchestration is possible, but it needs honest documentation before it earns a place in a client stack.
View source
Tool authors: If you believe your tool was excluded in error or have addressed the concerns listed here, reach out on LinkedIn. We re-evaluate tools when significant changes are made.