PitchHut logo
mcp-trustcard
The npm audit for MCP servers, ensuring a secure connection.
Pitch

mcp-trustcard provides a simple command to generate a public trust card for every Model Context Protocol server, identifying key security metrics such as tool validity and destructive capabilities. This tool empowers users to make informed decisions before connecting to unknown servers, enhancing security in the rapidly growing MCP ecosystem.

Description

Overview

mcp-trustcard functions as a vital security tool for users of Model Context Protocol (MCP) servers, akin to the npm audit command, but tailored specifically for MCP environments. This tool enables agents to evaluate the trustworthiness of MCP servers prior to establishing a connection, enhancing security and quality assurance.

Features

Every day, agents connect to unfamiliar MCP servers, often without knowledge of critical factors such as installability, compatibility with current protocols, tool schema validity, and security vulnerabilities. mcp-trustcard provides a public trust card through a simple command:

npx mcp-trustcard @modelcontextprotocol/server-github

A sample output from this command highlights various checks:

MCP Trustcard: github-mcp-server  @modelcontextprotocol/server-github
────────────────────────────────────────────────────────────────────────
Installability             PASS  @modelcontextprotocol/server-github@2025.4.8
Protocol handshake         PASS  github-mcp-server 0.6.2 · 717ms
Tool schema validity       PASS  26 tools, all schemas valid
Destructive capabilities   PASS  no destructive verbs; 11 write/exec tool(s)
Authentication             PASS  no auth required to list tools
Secret exposure            UNKNOWN  no secrets seen in this run (single probe)
Protocol version           WARN  negotiated 2024-11-05 (latest is 2025-06-18)
Latency & failure rate     PASS  1ms avg, 0% failure
────────────────────────────────────────────────────────────────────────
Score                      86/100

Purpose

The rapid growth of the MCP registry has resulted in a concerning lack of security vetting, with many servers potentially harboring exploitable vulnerabilities such as tool poisoning and secret leakage. mcp-trustcard addresses these challenges by offering a structured public ranking system for MCP servers:

  • Installation checks ensure the package can be resolved and installed.
  • Protocol handshakes verify server responses.
  • Tool schema validation assesses the integrity of tool descriptions and capabilities.
  • Potentially destructive actions are highlighted to prevent accidental data loss or harm.

Scoring System

The trust card implements a comprehensive scorecard with 8 checks, totaling 100 points:

CheckPointsDescription
Installability15Validates package installation from npm.
Protocol handshake25Tests response to initialize.
Tool schema validity15Checks JSON Schema conformity of tools.
Destructive capabilities10Flags potentially harmful commands.
Authentication10Verifies authentication requirements.
Secret exposure10Investigates potential secret leakage.
Protocol version10Checks for the latest supported protocol.
Latency & failure rate5Measures connection latency and reliability.

Each check returns a status of PASS, WARN, FAIL, or UNKNOWN, contributing to an overall trust score that reflects the server’s reliability and security posture.

Leaderboard

A leaderboard tracks the performance of various servers based on their scores:

#ServerScoreHandshakeToolsProtoDestructiveNotes
1@modelcontextprotocol/server-filesystem83/100PASS · 2994ms142025-06-18WARN3/14 destructive (write/delete)
2@modelcontextprotocol/server-github82/100PASS · 2610ms262024-11-05PASSLags behind latest protocol
...

Usage Examples

To engage mcp-trustcard, users can perform the following commands:

  • For a text report of a single server:
    npx mcp-trustcard @modelcontextprotocol/server-github
    
  • To receive a JSON report:
    npx mcp-trustcard --json @modelcontextprotocol/server-memory
    
  • For batch scanning servers:
    mcp-trustcard --batch servers/official.json --json-out results.json
    

The tool is designed to seamlessly integrate into CI workflows by providing non-zero exit codes for failing scores, ensuring an intuitive experience for developers.

How It Works

The trust card operates by performing a series of checks through the following stages:

  1. Resolving the package via npm view <spec>.
  2. Initiating a handshake as a child process with stdio JSON-RPC.
  3. Validating responses, latency, and the schema of exposed tools.
  4. Scoring the server based on the defined criteria.

With its efficiency and simplicity, mcp-trustcard runs swiftly without dependencies, relying solely on Node's standard library.

Limitations

mcp-trustcard acknowledges inherent limitations:

  • Results may indicate UNKNOWN for secret exposure unless a secret is explicitly revealed.
  • Servers requiring configuration might fail the handshake, highlighting the discovery gap in current setups.
  • Current checks for destructive command detection may result in false positives.

The project remains open to contributions and discussions regarding improvements in server verifications to enhance security across MCP environments.

0 comments

No comments yet.

Sign in to be the first to comment.