Back to Browse
Free
Server data from the Official MCP Registry
Trust scoring for domains, wallets, APIs. SSL+DNS+WHOIS+headers. Score 0-100.
About
Trust scoring for domains, wallets, APIs. SSL+DNS+WHOIS+headers. Score 0-100.
Remote endpoints: sse: https://trust-score.api.klymax402.com/mcp
Security Report
5.0
Moderate5.0Moderate RiskThis MCP server implements a trust scoring API for domains, wallets, and IPs with a payment model (x402 micropayments). The code is well-structured with proper input validation, no malicious patterns, and appropriate use of external APIs. However, there are several moderate-severity concerns: (1) unchecked arbitrary domain/URL fetching could enable SSRF attacks, (2) missing authentication/authorization on the main MCP endpoints, (3) environment variable handling is minimal, and (4) error messages could leak sensitive information. Permissions align well with the stated purpose. Supply chain analysis found 5 known vulnerabilities in dependencies.
5 files analyzed · 13 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
Permissions Required
This plugin requests these system permissions. Most are normal for its category.
How to Install & Connect
Available as Local & Remote
This plugin can run on your machine or connect to a hosted endpoint. during install.
Documentation
View on GitHubFrom the project's GitHub README.
Trust Score API
Unified trust scoring for domains, wallets, and APIs. Score 0-100 with 5 sub-scores. Powered by x402 micropayments.
The trust layer AI agents need before interacting with unknown services. One API call tells you if a domain, wallet, or endpoint is safe.
What It Scores
| Sub-score | Weight | What it checks |
|---|---|---|
| SSL/TLS | 25% | Certificate validity, HSTS, expiry, issuer, preload |
| WHOIS | 25% | Domain age, registrar reputation, expiry date, suspicious TLDs |
| Security Headers | 20% | CSP, X-Frame-Options, HSTS, Referrer-Policy, Permissions-Policy, X-Content-Type-Options |
| DNS | 15% | A/AAAA/MX/NS records, SPF, DMARC, DNSSEC |
| Content | 15% | Reachability, latency, status code, robots.txt, favicon, CORS |
For wallet addresses (0x...): transaction count, ETH/USDC balance, contract detection on Base L2.
Endpoints
POST /api/score - $0.01/call
Evaluate a single target.
{
"target": "example.com",
"checks": ["all"]
}
Response:
{
"target": "example.com",
"type": "domain",
"compositeScore": 72,
"grade": "B",
"verdict": "moderate",
"subscores": {
"ssl": { "score": 90, "grade": "A+", "valid": true, "details": ["HTTPS active", "HSTS max-age=31536000 (1yr+)"] },
"dns": { "score": 85, "details": ["2 A record(s)", "SPF configured", "DMARC configured"] },
"whois": { "score": 60, "domainAge": 10957, "registrar": "Cloudflare, Inc.", "details": ["Domain age: 30 years"] },
"headers": { "score": 55, "missing": ["content-security-policy", "permissions-policy"], "details": ["x-frame-options: DENY"] },
"content": { "score": 70, "latencyMs": 234, "details": ["Status: 200 OK", "Latency: 234ms (fast)"] }
},
"timestamp": "2026-04-13T10:45:00.000Z",
"cachedFor": "5m"
}
POST /api/batch - $0.02/call
Compare 2-5 targets side by side, ranked by trust score.
{
"targets": ["google.com", "sketchy-site.tk", "0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045"]
}
Response:
{
"count": 3,
"mostTrusted": "google.com",
"leastTrusted": "sketchy-site.tk",
"results": [
{ "target": "google.com", "compositeScore": 82, "grade": "A", "verdict": "trusted" },
{ "target": "0xd8dA...", "compositeScore": 70, "grade": "B", "verdict": "moderate" },
{ "target": "sketchy-site.tk", "compositeScore": 15, "grade": "F", "verdict": "dangerous" }
]
}
Grading Scale
| Score | Grade | Verdict | Meaning |
|---|---|---|---|
| 90-100 | A+ | trusted | Excellent security posture, well-established |
| 75-89 | A | trusted | Good security, minor improvements possible |
| 60-74 | B | moderate | Acceptable, some security gaps |
| 40-59 | C | moderate | Below average, multiple issues |
| 20-39 | D | suspicious | Poor security, use with caution |
| 0-19 | F | dangerous | Critical issues, avoid interaction |
Use Cases
- Before payments: Check if an API or wallet is trustworthy before sending USDC
- Agent safety: Verify domains before scraping, crawling, or sending data
- Due diligence: Compare multiple service providers
- Phishing detection: Score suspicious URLs from emails or messages
- Wallet vetting: Check on-chain reputation before transacting
MCP Integration
Works with Claude Desktop, Cursor, Copilot, and any MCP-compatible client.
{
"mcpServers": {
"trust-score": {
"url": "https://trust-score-production-ff18.up.railway.app/mcp",
"transport": "sse"
}
}
}
Payment
Uses x402 protocol. Send a request, get HTTP 402 with price, your agent signs USDC on Base automatically. No API keys, no signup.
Related APIs
- SSL Checker - Deep SSL certificate analysis
- DNS Lookup - Full DNS record query
- Domain Intelligence - WHOIS + DNS + SSL combined
- SEO Analyzer - Full SEO audit (different from trust)
- Port Scanner - Network port scanning
Reviews
No reviews yet
Be the first to review this server!
More Developer Tools MCP Servers
Git
Freeby Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
80.0K
Stars
4
Installs
6.5
Security
No ratings yet
Local
Toleno
Freeby Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
137
Stars
477
Installs
8.0
Security
4.8
Local
mcp-creator-python
Freeby mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.
-
Stars
63
Installs
10.0
Security
4.6
Local