Back to Browse
Reading
Free
Server data from the Official MCP Registry
Trust/risk score for AI agents before they pay. Free via MCP; paid x402 for reasons.
About
Trust/risk score for AI agents before they pay. Free via MCP; paid x402 for reasons.
Remote endpoints: streamable-http: https://vouch.futuronoti.workers.dev/mcp
Security Report
5.8
Moderate5.8Moderate RiskVouch is a well-architected x402-monetized trust API for AI agents with solid security fundamentals. Authentication is delegated to x402's payment protocol (appropriate for the use case), input validation is comprehensive, and dangerous operations are avoided. Minor code quality concerns around error handling and the unauthenticated /v1/report endpoint's reputation-poisoning resistance do not materially impact security. The codebase is clean, permissions are well-scoped to its purpose, and there are no findings of malicious patterns or credential exposure. Supply chain analysis found 1 known vulnerability in dependencies (1 critical, 0 high severity).
8 files analyzed · 5 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
Permissions Required
This plugin requests these system permissions. Most are normal for its category.
How to Install & Connect
Available as Local & Remote
This plugin can run on your machine or connect to a hosted endpoint. during install.
Documentation
View on GitHubFrom the project's GitHub README.
Vouch
A per-call payment trust & reputation API for AI agents — monetized over x402.
When an autonomous agent is about to pay a merchant, API, or counterparty, it asks Vouch one question first: is this safe to pay? Vouch returns an explainable trust score, and charges a fraction of a cent per call in USDC — no accounts, no API keys, no Stripe. Billing is the x402 protocol itself.
Why
The agentic-commerce rails (Coinbase x402, AWS, Visa, Mastercard, Agnic) are being built by giants. The governance layer — should this agent trust this counterparty with money? — is the named #1 blocker to autonomous spend and is wide open. Vouch is a thin, self-serve pick-and-shovel on top of those rails.
Every call makes the product better: checks and community reports accrete into a reputation dataset that compounds with usage — the moat a bootstrapped team can actually build.
How it works
agent ──POST /v1/check { target }──▶ x402 paywall (402 → pay USDC → retry)
│
▼
┌─────────── scoring engine ───────────┐
│ transport · domain heuristics · │
│ threat feed · reputation (D1) │
└───────────────────────────────────────┘
│
{ score, risk, reasons[] }
Scoring is a weighted average of independent signals, with a safety override: any single hard-negative signal (e.g. a threat-feed hit) caps the overall score so one strong red flag can't be averaged away.
| Signal | Weight | Source |
|---|---|---|
threat_feed | 3 | URLhaus host list (THREAT_FEED_URL), cached, fails open |
reputation | 2 | Vouch's own accumulating D1 data (the moat) |
transport | 1.5 | HTTPS / valid host |
domain_heuristics | 1 | Punycode, raw IPs, abuse-prone TLDs, etc. |
Endpoints
| Method & path | Cost | Description |
|---|---|---|
POST /v1/check | x402 (USDC) | Full verdict → { score, risk, reasons, signals } |
POST /v1/score | free (rate-limited) | Score + risk only → { score, risk }. Pay /v1/check for the reasons |
POST /v1/report | free | Submit a flag or vouch for a host |
GET /v1/stats | free | Aggregate reputation totals (hosts, checks, flags, vouches) |
GET /health | free | Liveness |
GET / | free | Service info (HTML landing for browsers) |
CORS is open (*) and the x402 payment headers are exposed, so browser-hosted
agents can preflight and complete the pay/retry flow.
Reading /v1/report (abuse model)
POST /v1/report is free and unauthenticated by design — anyone can submit a
flag or vouch for a host, so the raw flags/vouches counts are community
signals, not ground truth. Abuse is contained by:
- Rate limiting — 10 reports per 60s per client IP (Cloudflare Rate Limiting).
- Poisoning resistance in scoring — community
reputationis a non-authoritative signal: it can lower a score but cannot, on its own, force acriticalverdict. Only objective signals (threat feeds, transport) can hard-cap the score. So a burst of anonymous flags can't unilaterally brand a legitimate counterparty as unsafe. - Bounded input —
target/reason/reporterare length-capped before storage.
Treat /v1/stats and report counts as a crowd-sourced prior that informs the paid
verdict, not as an authoritative blocklist.
Stack ($0 to run)
TypeScript · Hono · Cloudflare Workers (free tier) ·
D1 (free SQLite) · @x402/* v2 · public facilitator at x402.org/facilitator.
Testnet first (Base Sepolia + free Circle faucet USDC); flip X402_NETWORK to
base for mainnet.
Develop
npm install
npm run typecheck
npm test
cp .dev.vars.example .dev.vars # set PAY_TO_ADDRESS (your testnet wallet)
wrangler d1 create vouch # paste database_id into wrangler.toml
npm run db:init # apply schema locally
npm run dev # local Worker
License
MIT — see LICENSE.
Reviews
No reviews yet
Be the first to review this server!
More Developer Tools MCP Servers
Fetch
Freeby Modelcontextprotocol · Developer Tools
Web content fetching and conversion for efficient LLM usage
80.0K
Stars
3
Installs
5.3
Security
No ratings yet
Local
Git
Freeby Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
80.0K
Stars
4
Installs
6.5
Security
No ratings yet
Local
Toleno
Freeby Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
137
Stars
466
Installs
8.0
Security
4.8
Local