trustmcp

> Static risk audit for JS/TS MCP servers before you run them.

TrustMCP is a narrow static audit CLI for JavaScript and TypeScript MCP server repositories that flags a few high-signal risk patterns before you run them.

If npm audit is the mental model that brought you here, keep the comparison loose: TrustMCP does not use CVE feeds, dependency advisories, or runtime analysis. It is a small source-level preflight check.

Canonical repository: https://github.com/Gujiassh/trustmcp

MCP servers are getting easier to discover and easier to wire into local tools. Trust review is still mostly manual, so TrustMCP focuses on a believable first step: scan the code, point to concrete evidence, and explain why it matters.

TrustMCP v0.1 intentionally stays small:

• one local CLI
• static heuristics only
• public GitHub repo root URLs or local folders
• three evidence-backed rules

It does not claim a target is safe.

• mcp/shell-exec
• mcp/outbound-fetch
• mcp/broad-filesystem

Every finding includes:

• ruleId
• severity
• confidence
• title
• file
• line when available
• evidence
• whyItMatters
• remediation

TrustMCP is not published to npm yet. The supported v0.1 path is source checkout, local build, then either node dist/cli/main.js ... or npm link.

Install dependencies:

npm install

Build the CLI:

npm run build

Optional: link the local CLI command:

npm link
trustmcp ./fixtures/local-risky

Scan a local folder:

node dist/cli/main.js ./fixtures/local-risky

Scan a public GitHub repo:

node dist/cli/main.js https://github.com/modelcontextprotocol/servers --format text

Or use explicit GitHub shorthand:

node dist/cli/main.js gh:modelcontextprotocol/servers --format text

GitHub scans accept repository root inputs only: either https://github.com/owner/repo or gh:owner/repo. Trailing slash