# AgentScore — MCP Security Trust Layer

## What is this?
AgentScore scans MCP packages for security issues and provides trust verdicts, exposure mapping, and continuous monitoring for the MCP ecosystem.

## Quick Start

### Scan a package
```
GET https://agentscores.xyz/api/scan?npm=exa-mcp-server
```

### Get a trust verdict (allow/warn/block)
```
GET https://agentscores.xyz/api/verdict?npm=exa-mcp-server
```

### Check incident exposure
```
GET https://agentscores.xyz/api/exposure?npm=axios
```

### Security advisories
```
GET https://agentscores.xyz/api/advisories
```

## Capabilities
- MCP package scanning (metadata, source code, provenance posture, tool extraction, capability classification)
- Trust verdicts: allow / warn / block
- Incident exposure mapping: which MCP servers depend on a compromised package
- Continuous monitoring of 800+ MCP packages on npm
- Auto-published security advisories with RSS feed
- Abuse database
- Policy Gate (GitHub Action) for merge-path enforcement

## Proof points
- Redis pinned every MCP dependency in RedisInsight after our scan: https://agentscores.xyz/case-study/redis
- Agions shipped security fixes to taskflow-ai in 48h: https://agentscores.xyz/case-study/agions

## No API key required for read endpoints.

Full docs: https://agentscores.xyz/docs