trust-oracle
Server Details
Independent A-F trust grade for any MCP server, watched for drift. Free, never for sale.
- Status
- Healthy
- Last Tested
- Transport
- Streamable HTTP
- URL
Glama MCP Gateway
Connect through Glama MCP Gateway for full control over tool access and complete visibility into every call.
Full call logging
Every tool call is logged with complete inputs and outputs, so you can debug issues and audit what your agents are doing.
Tool access control
Enable or disable individual tools per connector, so you decide what your agents can and cannot do.
Managed credentials
Glama handles OAuth flows, token storage, and automatic rotation, so credentials never expire on your clients.
Usage analytics
See which tools your agents call, how often, and when, so you can understand usage patterns and catch anomalies.
Tool Definition Quality
Average 4.4/5 across 3 of 3 tools scored.
Each tool has a distinct and clearly defined purpose: check_mcp_drift focuses on detecting schema changes, grade_mcp_server provides a comprehensive security grade, and verify_before_execute combines drift and grade into a final verdict. There is no overlap or ambiguity.
All tool names follow a consistent verb_noun pattern using snake_case: check_mcp_drift, grade_mcp_server, verify_before_execute. The verbs (check, grade, verify) are distinct and accurately describe the action.
With only three tools, the server is lean but covers the core workflow of grading, drift detection, and final verification. The count feels slightly thin for a 'trust oracle,' but each tool serves a necessary and non-redundant role.
The tool surface covers the primary trust verification lifecycle: grade (grade_mcp_server), detect drift (check_mcp_drift), and gate execution (verify_before_execute). Minor gaps exist, such as no tool for managing trust relationships or listing all servers, but the essential actions are present.
Available Tools
3 toolscheck_mcp_driftAInspect
Check whether an MCP server's tool definitions have changed since it was last trusted (rug-pull / schema-drift detection, the CVE-2025-54136 class). Returns how long the tool surface has been stable, how many times it has changed, and the last change. Use after approval to detect post-trust mutation.
| Name | Required | Description | Default |
|---|---|---|---|
| url | Yes | The MCP server endpoint URL to check. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations, the description carries full burden. It discloses the tool's purpose and return values, and implies no destructive side effects. It is neither misleading nor contradictory.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences, front-loaded with key information, no redundancy. Every sentence adds value.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
For a simple tool with one param and no output schema, the description explains what it does and what it returns. It is complete for accurate agent invocation.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100% (single 'url' parameter with description). The description adds no additional semantics beyond the schema, meeting the baseline expectation.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the verb (check), the resource (MCP server's tool definitions), and the specific purpose (drift detection for rug-pull/CVE-2025-54136). It also describes the return values (stability duration, change count, last change), distinguishing it from siblings like grade_mcp_server and verify_before_execute.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description says 'Use after approval to detect post-trust mutation,' giving explicit when-to-use guidance. It does not explicitly contrast with siblings or state when not to use, but the context is clear.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
grade_mcp_serverAInspect
Independently grade an MCP server (A–F) BEFORE connecting an agent to it. Returns spec-conformance, security (OWASP MCP Top 10), reliability, tool-hygiene and transparency sub-scores plus a connect/caution/avoid recommendation. Audited by wmcp.sh; the grade is free and never for sale.
| Name | Required | Description | Default |
|---|---|---|---|
| url | Yes | The MCP server endpoint URL to grade (e.g. https://mcp.example.com/mcp). | |
| fresh | No | Force a live re-probe instead of returning a recent cached grade. |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations are provided, so the description carries the full burden. It details output sub-scores (spec-conformance, security, reliability, etc.) and mentions independence ('audited by wmcp.sh; free'). It lacks details like rate limits or duration, but is sufficient for a grading tool.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is two sentences: the first succinctly states purpose and outputs, the second adds credibility. Every sentence is useful, and it is front-loaded with the core action.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
With no output schema or annotations, the description compensates by listing sub-scores (spec-conformance, security, etc.) and the recommendation. It covers what the tool returns and when to use it, though some details like error handling are omitted.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100% with descriptions for both 'url' and 'fresh' parameters. The description adds value by explaining the 'fresh' parameter as 'Force a live re-probe instead of returning a recent cached grade', complementing the schema.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states 'Independently grade an MCP server (A–F) BEFORE connecting an agent to it', using a specific verb and resource, and differentiating from sibling tools like 'check_mcp_drift' and 'verify_before_execute' by focusing on grading before connection.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description advises using this tool 'BEFORE connecting an agent to it', providing clear context. It doesn't explicitly mention when not to use it or alternatives, but the usage context is well-defined.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
verify_before_executeAInspect
Verify an MCP server immediately BEFORE you execute any of its tools. Combines the continuously-watched trust grade and live drift status into a single connect/caution/avoid verdict (ok | caution | drifted | failing | ungraded), so you can gate the call in one step. Free, read-tier. The grade is independent and never for sale.
| Name | Required | Description | Default |
|---|---|---|---|
| url | Yes | The MCP server endpoint URL you are about to call. | |
| fresh | No | Force a live re-probe instead of returning a recent cached grade (<6h). |
Tool Definition Quality
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations provided, but the description discloses that the tool combines trust grade and drift status, offers a cached result (<6h) or live re-probe, and states it is read-only and free. It also asserts independence of the grade, providing confidence.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Two sentences. First sentence gives purpose and placement; second explains the verdict and notes it is free/read-tier. No unnecessary words, front-loaded with key action.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
With 2 parameters fully described in schema and no output schema, the description covers usage context, what the tool returns (verdict list), and caching behavior. Sibling tools are addressed implicitly by the combined function.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100%, but description adds value beyond schema: clarifies 'url' is the endpoint to call, and for 'fresh' explains the caching policy (<6h) and that it forces a live re-probe, which is not in the schema description.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
Clearly states the tool verifies an MCP server before executing its tools, with a specific verb 'verify' and resource 'MCP server'. The verdict list (ok, caution, drifted, failing, ungraded) and the directive 'immediately BEFORE you execute' differentiate it from sibling tools check_mcp_drift and grade_mcp_server.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
Explicitly instructs to use before tool execution ('gate the call in one step'). Also notes it is free and read-tier. Does not explicitly mention when not to use, but the context and sibling names imply alternatives for separate needs.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
Claim this connector by publishing a /.well-known/glama.json file on your server's domain with the following structure:
{
"$schema": "https://glama.ai/mcp/schemas/connector.json",
"maintainers": [{ "email": "your-email@example.com" }]
}The email address must match the email associated with your Glama account. Once published, Glama will automatically detect and verify the file within a few minutes.
Control your server's listing on Glama, including description and metadata
Access analytics and receive server usage reports
Get monitoring and health status updates for your server
Feature your server to boost visibility and reach more users
For users:
Full audit trail – every tool call is logged with inputs and outputs for compliance and debugging
Granular tool control – enable or disable individual tools per connector to limit what your AI agents can do
Centralized credential management – store and rotate API keys and OAuth tokens in one place
Change alerts – get notified when a connector changes its schema, adds or removes tools, or updates tool definitions, so nothing breaks silently
For server owners:
Proven adoption – public usage metrics on your listing show real-world traction and build trust with prospective users
Tool-level analytics – see which tools are being used most, helping you prioritize development and documentation
Direct user feedback – users can report issues and suggest improvements through the listing, giving you a channel you would not have otherwise
The connector status is unhealthy when Glama is unable to successfully connect to the server. This can happen for several reasons:
The server is experiencing an outage
The URL of the server is wrong
Credentials required to access the server are missing or invalid
If you are the owner of this MCP connector and would like to make modifications to the listing, including providing test credentials for accessing the server, please contact support@glama.ai.
Discussions
No comments yet. Be the first to start the discussion!