๐Ÿ”ฅAgentScoreMCP Security

Is that MCP package safe?

Scan any npm package for security issues. Free. Instant.

Try: mcp-trust-guard, @modelcontextprotocol/server-filesystem, or any npm package

๐Ÿ›ก๏ธ

Install Scripts

Detects postinstall hooks that run arbitrary code

๐Ÿ’‰

Prompt Injection

Finds instruction-like patterns in package metadata

๐Ÿ”—

Suspicious URLs

Flags raw IPs, sketchy TLDs, exfiltration endpoints

๐Ÿ“ฆ

Dependencies

High dependency count means larger attack surface

๐Ÿ“‹

Missing Metadata

No licence or repo link means unverifiable code

๐Ÿ”„

Continuous Monitoring

Continuous reassessment. Get alerted when a package or its dependencies change risk.

The MCP ecosystem needs a trust layer

The official MCP Registry lists servers but does not audit them. Anthropic does not manage or assess MCP server security. The registry is designed to delegate trust decisions to downstream services.

AgentScore is that downstream layer. We scan, monitor, and assess MCP packages so registries, clients, and teams can make informed install and connect decisions.

โœ”

Verdict API

Allow, warn, or block. One call.

๐Ÿ”

Exposure API

Which MCP servers are affected by incident X?

๐Ÿ›ก

Continuous Monitoring

250+ packages. Changes detected in minutes.

MCP security for compliance teams

Under ISO 27001, MCP servers are third-party software components requiring asset inventory (A.8.1), vulnerability assessment (A.12.6), and supplier risk management (A.15.1). AgentScore provides the evidence trail.

What MCP servers do you use?

Server inventory with risk classification

How do you assess them?

Timestamped scans with scores and findings

What vulnerabilities exist?

Every finding tracked with severity

How often do you reassess?

Daily monitoring with change alerts

A scan is a snapshot. Monitoring is the product.

Packages change. Dependencies update. New vulnerabilities appear. We rescan your MCP dependencies continuously and alert you when something changes.

Get Continuous MonitoringBrowse Tools

Protect your MCP server

Add security middleware. Abuse database, rate limiting, tool permissions.

npm install mcp-trust-guard

const guard = new McpGuard({ abuseCheck: true });
app.use('/mcp', guard.middleware());
API docsGuidesMore toolsMethodology

Want us to scan your MCP server dependencies?

Send your package name or repo URL. We will scan your full dependency chain and send you a short report. Free, no install needed.

Request a Free Scan Report

AgentScore scans published npm packages for security issues and provides continuous monitoring for MCP server dependencies. Static analysis plus continuous change detection. Does not inspect runtime behaviour or network traffic. Abuse database is community-reported. Scores are screening heuristics, not security guarantees. Supports ISO 27001 compliance evidence for third-party software assessment (A.8.1, A.12.6, A.15.1).