MCP-Trust-Kit

[](https://github.com/aak204/MCP-Trust-Kit/actions/workflows/ci.yml) [](https://github.com/aak204/MCP-Trust-Kit/releases) [](LICENSE) [](https://www.python.org/downloads/)

Deterministic surface-risk scoring for MCP servers.

MCP Trust Kit scans a local MCP server over stdio, discovers its tools, runs deterministic checks for protocol and tool hygiene plus risky exposed capabilities, calculates a score from 0..100, and emits terminal, JSON, and SARIF output that fits cleanly into CI.

MCP Trust Kit scores surface risk, not business intent.

A low score means the exposed tool surface deserves review. It does not mean a server is malicious. A high score means fewer deterministic findings. It does not mean a server is safe.

MCP servers expose tools to agents. That makes two questions worth automating before adoption:

• is the server metadata and schema surface clear enough to review?
• does the server expose capabilities with high blast radius?

MCP Trust Kit is intentionally narrow. It is not a security platform, a gateway, a hosted service, or a certification authority. It is a deterministic scanner with stable output.

Today the scanner penalizes two broad classes of issues:

• protocol and tool hygiene

duplicate tool names, missing descriptions, vague descriptions, weak schemas, missing schema type, arbitrary top-level properties, optional critical fields

• risky exposed capabilities

command execution, filesystem mutation, network request primitives, download-an