How do I install Trust?

Trust is a local plugin. Install it using PyPI package: mcp-trust and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

Is Trust safe to use?

Yes. Trust passed MCP Marketplace's automated security scan with a score of 9.5/10 (low risk). Every server on MCP Marketplace is security-scanned before it's listed; see the full security report on this page for the findings and permissions.

What AI apps work with Trust?

Trust uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Trust MCP Server

by Saagpatel

Developer ToolsLow Risk9.5MCP RegistryLocal

Free

Server data from the Official MCP Registry

Check the danger grade of any public MCP server before you connect.

About

Check the danger grade of any public MCP server before you connect.

Security Report

9.5

Low Risk9.5Low Risk

Valid MCP server (1 strong, 1 medium validity signals). 1 known CVE in dependencies Imported from the Official MCP Registry. 1 finding(s) downgraded by scanner intelligence.

6 files analyzed · 2 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

HTTP Network Access

Connects to external APIs or services over the internet.

env_vars

Check that this permission is expected for this type of plugin.

database

Check that this permission is expected for this type of plugin.

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-saagpatel-mcp-trust": {
      "args": [
        "mcp-trust"
      ],
      "command": "uvx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

MCP Trust Registry

Check before you connect. A neutral, public danger grade for the MCP servers your AI agents rely on.

Live: mcp-trust.vercel.app

Not yet published to PyPI. Install from source using the Quickstart below.

Use as an MCP server

mcp-trust runs as a read-only MCP server so an agent can check a server's danger grade before connecting — it serves a baked snapshot of real, sandboxed grades, so no database or network is needed.

mcp-trust mcp-serve          # from a source/dev install (works today)
uvx mcp-trust mcp-serve      # once published to PyPI

Tool	Description
`list_servers`	Every graded MCP server with its A-F grade, transparency, and danger score.
`check_server`	Full grade, risk dimensions, and findings for one server by slug.
`get_methodology`	How the A-F grade and transparency axis are computed, plus the honesty model.

Connecting an MCP server hands it influence over what your agent does. Tool poisoning, prompt injection, over-broad permissions, and rug-pull tool mutations are documented attack classes -- and today there's no quick way to vet a server before you wire it in. MCP Trust Registry scans public MCP servers and gives each one a single readable danger grade (A-F), a separate transparency signal, and the findings behind them.

Think OSV.dev / Socket.dev / haveibeenpwned, scoped to MCP servers.

Prerequisites

Python >= 3.11
uv (used for dependency management and running the project)

How it works

register a server  ->  scan via engine  ->  derive grade  ->  persist  ->  serve at a stable URL

The registry does not reimplement vulnerability detection. It orchestrates a pluggable scan engine -- the shipping backend wraps the public mcp-audits (>=2.1) package -- and owns the catalog, the public trust-grade normalization, persistence, and the lookup API.

Quickstart

git clone https://github.com/saagpatel/mcp-trust.git && cd mcp-trust
uv pip install -e ".[dev]"      # core + dev deps (runs on the built-in StubEngine)
mcp-trust seed                  # load the seed catalog
mcp-trust scan mcp-reference-time   # scan a catalog server, print its grade
mcp-trust check mcp-reference-time  # look up the latest stored grade
mcp-trust serve                 # serve the API on http://127.0.0.1:8000

For real scanning install the engine extra and select it:

uv pip install -e ".[dev,engine]"
MCP_TRUST_ENGINE=mcpaudit mcp-trust scan mcp-reference-time

Scanning launches the server's process. For untrusted servers, isolate execution in a locked-down container (no network, read-only fs, dropped caps, resource limits):

MCP_TRUST_ENGINE=mcpaudit MCP_TRUST_SANDBOX=docker mcp-trust scan mcp-reference-time

The default is no sandbox (safe only for servers you trust).

API

Method	Path	Purpose
`GET`	`/`	web -- public catalog page (grade + transparency per server)
`GET`	`/ui/servers/{slug}`	web -- server detail page + README badge-embed snippet
`GET`	`/healthz`	liveness
`GET`	`/servers`	catalog + latest grade per server (JSON)
`GET`	`/servers/{slug}`	full latest scan record + metadata (JSON)
`POST`	`/servers/{slug}/scan`	operator scan trigger; public deployments disable this route
`GET`	`/servers/{slug}/badge.json`	shields.io-compatible README badge

Every server has two orthogonal signals: a danger grade (A-F) and a transparency level (high/medium/low, from annotation coverage). Automated grades are not endorsements, certifications, or claims that a server is malicious. A low grade on a low-transparency server means "cannot verify safe," not "known dangerous."

HTTP scan triggering is fail-closed by default. Public deployments should set MCP_TRUST_PUBLIC_READONLY=1, which makes POST /servers/{slug}/scan return 403 before any engine can run. Operator scans should normally run through the CLI against the persistent registry DB, not through public traffic.

For local API demos with the deterministic StubEngine, set MCP_TRUST_ALLOW_UNAUTHENTICATED_STUB_SCANS=1. Do not set that in public. Token-gated API scan triggering is still available for private operator surfaces by setting MCP_TRUST_SCAN_TOKEN and passing it as Authorization: Bearer <token> or X-MCP-Trust-Scan-Token.

Set MCP_TRUST_RECEIPTS_DIR=/data/mcp-trust/receipts during real scan runs to archive a JSON receipt for each scan and store its portable artifact filename in report_ref.

Status

Live at mcp-trust.vercel.app as a statically generated catalog, regenerated from the local registry. The seven official reference MCP servers carry real mcp-audits grades from network-off Docker sandbox scans (distribution A/B/B/C/D/F/F). Every grade is labeled by provenance, so demo/stub data can never read as a real scan, and an unscanned server never shows a letter grade.

The static front door is the low-ops launch path (see DEPLOY-VERCEL.md); a weekly launchd job under deploy/launchd/ re-scans, rebuilds, and optionally redeploys (deploy is opt-in). The live FastAPI service + VM path remains documented in DEPLOY-VM.md as an alternative. See SPEC.md for the full contract and LAUNCH-GATE.md for launch history.

Contributing

uv.lock is intentionally committed to the repository to ensure reproducible installs across environments. When adding or updating dependencies, commit the updated uv.lock alongside your pyproject.toml changes.

License

MIT

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Fetch

Free

by Modelcontextprotocol · Developer Tools

Web content fetching and conversion for efficient LLM usage

Git

Free

by Modelcontextprotocol · Developer Tools

Read, search, and manipulate Git repositories programmatically

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

Trust MCP Server

About

Security Report

Findings (2)

Permissions Required

How to Install

Documentation

MCP Trust Registry

Use as an MCP server

Prerequisites

How it works

Quickstart

API

Status

Contributing

License

Reviews

No reviews yet

More Developer Tools MCP Servers

Fetch

Git

Toleno

mcp-creator-python

MarkItDown

FinAgent