🔥AgentScoreMCP Security

Is that MCP package safe?

Scan any npm package for security issues. Free. Instant.

Try: mcp-trust-guard, @modelcontextprotocol/server-filesystem, or any npm package

Scan. Watch. Enforce.

1

Scan

Check any npm package or remote MCP server URL. See score, findings, publisher posture, and what AI capabilities it exposes.

Free. Instant. No signup.

2

Watch

Get emailed when a package score drops, risk worsens, or new capabilities appear. We monitor 350+ packages continuously and detect changes within minutes.

Free. One email field on any report page.

3

Enforce

Put the gate in CI. Every PR shows what AI capabilities each MCP package grants. Block unapproved powers. Track approvals with expiry. No API key needed.

See the Policy Gate →

Redis/RedisInsight pinned MCP versions after our scan. Our data is part of the OWASP MCP Top 10.

350+
packages monitored
6,000+
scans completed
15
capability categories

What powers is your AI getting?

Paste any GitHub repo URL to see its MCP dependencies, capability surface, and what the gate would do. No install needed.

Preview Your RepoAPI Docs

Want AgentScore in your merge path?

Start with the Policy Gate if you need CI enforcement, repo memory, exceptions, and repo-specific alerts. Use the one-off review only if you need an out-of-band assessment first.

Open Policy Gate

AgentScore is a Policy Gate for MCP dependencies. The public scanner, advisories, and reviews support that control point with package intelligence and evidence. Static analysis plus continuous change detection. Does not inspect runtime behaviour or network traffic. Abuse data is community-reported. Scores are screening heuristics, not security guarantees.