Independent trust scoring for MCP servers. Transparent methodology, no opinions — just data from the MCP registry and GitHub.
The MCP registry has thousands of servers with zero trust signals. No download counts, no verification, no quality scoring. Agents are increasingly auto-selecting MCP servers and handing them credentials with no way to evaluate trustworthiness.
MCP Scorecard is a batch-processed trust scoring index that aggregates publicly available signals from the MCP registry and GitHub. It runs daily, scores every server, and publishes the results as static JSON that anyone — human or agent — can consume.
Every server is scored 0–100 across four categories. The aggregate trust score is a weighted average.
Has a source repo, license, installable package, website, icon, matching namespace, SECURITY.md, code of conduct, and a unique (non-boilerplate) description.
Repo age, how recently it was pushed, active commit weeks in the past year, contributor count, and release activity.
GitHub stars, forks, and watchers on a logarithmic scale. npm/PyPI download counts planned for a future version.
How many secrets it requests, transport type risk (local stdio vs remote), credential sensitivity (API key vs database password vs wallet key), and package type.
Binary flags that indicate structural or behavioral anomalies, independent of the numeric score. These are observable facts, not opinions.
| Flag | What it observes | Count |
|---|---|---|
| DEAD_ENTRY | No packages and no remotes — server can't be installed or reached | — |
| TEMPLATE_DESCRIPTION | Description matches common boilerplate ("A model context protocol server") | — |
| STAGING_ARTIFACT | Name contains test/staging patterns combined with a template description | — |
| HIGH_SECRET_DEMAND | Requests 5 or more secret environment variables | — |
| SENSITIVE_CRED_REQUEST | Requests wallet keys, database passwords, or other high-risk credentials | — |
| REPO_ARCHIVED | GitHub repository is archived by its maintainer | — |
| NO_SOURCE | No repository URL and no verifiable package source | — |
| DESCRIPTION_DUPLICATE | Same description used by 3+ servers from different publishers | — |
Every signal, weight, and threshold is public. The full scoring logic is open source. Anyone can audit, reproduce, or fork it.
No curated blocklists, no manual overrides, no pay-to-play. Flags are observable facts from public data, not opinions.
Not a marketplace, not selling MCP servers, no commercial interest in rankings. The index exists to inform, not to sell.
Static JSON output designed for agent consumption. Any MCP client can check trust scores before granting credentials.
All data is freely available as static JSON. No API key required. Updated daily.
The pipeline runs daily via GitHub Actions. Four stages, ~70 minutes, all free public APIs.