mcp-trustcard provides a simple command to generate a public trust card for every Model Context Protocol server, identifying key security metrics such as tool validity and destructive capabilities. This tool empowers users to make informed decisions before connecting to unknown servers, enhancing security in the rapidly growing MCP ecosystem.
Overview
mcp-trustcard functions as a vital security tool for users of Model Context Protocol (MCP) servers, akin to the npm audit command, but tailored specifically for MCP environments. This tool enables agents to evaluate the trustworthiness of MCP servers prior to establishing a connection, enhancing security and quality assurance.
Features
Every day, agents connect to unfamiliar MCP servers, often without knowledge of critical factors such as installability, compatibility with current protocols, tool schema validity, and security vulnerabilities. mcp-trustcard provides a public trust card through a simple command:
npx mcp-trustcard @modelcontextprotocol/server-github
A sample output from this command highlights various checks:
MCP Trustcard: github-mcp-server @modelcontextprotocol/server-github
────────────────────────────────────────────────────────────────────────
Installability PASS @modelcontextprotocol/server-github@2025.4.8
Protocol handshake PASS github-mcp-server 0.6.2 · 717ms
Tool schema validity PASS 26 tools, all schemas valid
Destructive capabilities PASS no destructive verbs; 11 write/exec tool(s)
Authentication PASS no auth required to list tools
Secret exposure UNKNOWN no secrets seen in this run (single probe)
Protocol version WARN negotiated 2024-11-05 (latest is 2025-06-18)
Latency & failure rate PASS 1ms avg, 0% failure
────────────────────────────────────────────────────────────────────────
Score 86/100
Purpose
The rapid growth of the MCP registry has resulted in a concerning lack of security vetting, with many servers potentially harboring exploitable vulnerabilities such as tool poisoning and secret leakage. mcp-trustcard addresses these challenges by offering a structured public ranking system for MCP servers:
- Installation checks ensure the package can be resolved and installed.
- Protocol handshakes verify server responses.
- Tool schema validation assesses the integrity of tool descriptions and capabilities.
- Potentially destructive actions are highlighted to prevent accidental data loss or harm.
Scoring System
The trust card implements a comprehensive scorecard with 8 checks, totaling 100 points:
| Check | Points | Description |
|---|---|---|
| Installability | 15 | Validates package installation from npm. |
| Protocol handshake | 25 | Tests response to initialize. |
| Tool schema validity | 15 | Checks JSON Schema conformity of tools. |
| Destructive capabilities | 10 | Flags potentially harmful commands. |
| Authentication | 10 | Verifies authentication requirements. |
| Secret exposure | 10 | Investigates potential secret leakage. |
| Protocol version | 10 | Checks for the latest supported protocol. |
| Latency & failure rate | 5 | Measures connection latency and reliability. |
Each check returns a status of PASS, WARN, FAIL, or UNKNOWN, contributing to an overall trust score that reflects the server’s reliability and security posture.
Leaderboard
A leaderboard tracks the performance of various servers based on their scores:
| # | Server | Score | Handshake | Tools | Proto | Destructive | Notes |
|---|---|---|---|---|---|---|---|
| 1 | @modelcontextprotocol/server-filesystem | 83/100 | PASS · 2994ms | 14 | 2025-06-18 | WARN | 3/14 destructive (write/delete) |
| 2 | @modelcontextprotocol/server-github | 82/100 | PASS · 2610ms | 26 | 2024-11-05 | PASS | Lags behind latest protocol |
| ... |
Usage Examples
To engage mcp-trustcard, users can perform the following commands:
- For a text report of a single server:
npx mcp-trustcard @modelcontextprotocol/server-github - To receive a JSON report:
npx mcp-trustcard --json @modelcontextprotocol/server-memory - For batch scanning servers:
mcp-trustcard --batch servers/official.json --json-out results.json
The tool is designed to seamlessly integrate into CI workflows by providing non-zero exit codes for failing scores, ensuring an intuitive experience for developers.
How It Works
The trust card operates by performing a series of checks through the following stages:
- Resolving the package via
npm view <spec>. - Initiating a handshake as a child process with stdio JSON-RPC.
- Validating responses, latency, and the schema of exposed tools.
- Scoring the server based on the defined criteria.
With its efficiency and simplicity, mcp-trustcard runs swiftly without dependencies, relying solely on Node's standard library.
Limitations
mcp-trustcard acknowledges inherent limitations:
- Results may indicate
UNKNOWNfor secret exposure unless a secret is explicitly revealed. - Servers requiring configuration might fail the handshake, highlighting the discovery gap in current setups.
- Current checks for destructive command detection may result in false positives.
The project remains open to contributions and discussions regarding improvements in server verifications to enhance security across MCP environments.
No comments yet.
Sign in to be the first to comment.