aak204 / MCP-Trust-Kit

Public

Deterministic CI scanner and surface-risk scoring for MCP (Model Context Protocol) servers.

agentic-ai ci-cd devsecops llm-agents mcp

100% credibility

Found Mar 29, 2026 at 18 stars -- GitGems finds repos before they trend. Get early access to the next one.

AI Analysis

Python

AI Summary

A scanner that analyzes local AI tool servers for protocol hygiene, risky capabilities like file writes or command execution, and assigns a deterministic 0-100 surface-risk score with terminal, JSON, and SARIF reports.

How It Works

📰 Discover the safety checker

You hear about a helpful tool that checks AI assistant servers for safety risks while building your smart helper.

💻 Set up the checker

You easily prepare the checker on your computer so it's ready to use.

🚀 Start your assistant server

You launch your local AI assistant server that provides tools for smart tasks.

🔍 Run the quick scan

You point the checker at your running server and it automatically reviews the tools for risks and clarity.

📊 Review the score and tips

You see a simple score out of 100 plus a friendly list of any issues like risky actions or unclear descriptions.

✅ Build with confidence

Your AI assistant server is now checked and safer, ready for use or easy fixes to make it even better.

Sign up to see the full architecture

4 more

Star Growth

See how this repo grew from 18 to 18 stars Sign Up Free

Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose

AI-Generated Review

What is MCP-Trust-Kit?

MCP-Trust-Kit is a Python CLI scanner and deterministic surface-risk scoring kit for MCP (Model Context Protocol) servers, the protocol powering AI agent tools. Point it at a local server via `mcp-trust scan --cmd python server.py`, and it discovers exposed tools over stdio, runs fixed checks for protocol hygiene (like missing schemas or duplicates) and risky capabilities (command exec, FS writes, network calls), then outputs a repeatable 0-100 score with terminal summaries, JSON, or SARIF. It flags blast-radius exposures without judging business logic, giving you CI-ready trust signals for model context servers.

Why is it gaining traction?

Its deterministic scoring—same server always yields the same output—makes it CI gold, unlike fuzzy scanners. GitHub Action integration lets you gate PRs on min-scores (e.g., 80+), auto-upload SARIF for code scanning, and validate real MCP servers like official filesystem ones. Narrow focus on tool surface-risk keeps scans fast and stable, hooking devs tired of manual audits.

Who should use this?

MCP server maintainers baking surface-risk gates into PR workflows to catch vague descriptions or exec tools early. Teams integrating third-party MCP servers (memory, filesystem) for AI agents, needing quick hygiene scores before deployment. Python devs building agent tooling who want repeatable CI checks on protocol compliance and risky exposures.

Verdict

Worth adding to your MCP CI pipeline now—alpha-stage with excellent docs, validated examples, and GitHub-ready outputs, even at 18 stars and 1.0% credibility score. Frame low scores as review prompts, not red flags.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.

Stars

Forks

Followers

Base stars: 18 stars

Penalty: Very new repo (0d): -70%

Bonus: AI verified quality (100%)

Account age: 2,212 days

Repo age: 0 days

License: Apache-2.0

Updated: Mar 29, 2026