trustscoreagent-mcp
OfficialTrustScoreAgent
Free, open reputation registry for AI microservices. Agents check trust scores before calling any service.
Status: Phase 1 (early). The API, scoring (Beta + EigenTrust), receipt verification, Merkle audit trail and MCP server are implemented and tested — but the public dataset is still small, some services (
*.example.com) are demo seed data, and parts of the design (on-chain anchoring, x402 payments, mandatory agent signatures) are Phase 2. We publish early and openly on purpose: the trust layer for the agentic economy should exist, be auditable, and be adoptable before it becomes critical. See the trust model in SECURITY.md.
What is this?
AI agents increasingly rely on paid microservices. TrustScoreAgent lets any agent:
Check the reputation of a service before calling it
Rate a service after calling it
Discover which services are reliable
No account needed. No API key. Identify services by URL, domain, or DID.
Related MCP server: AgentVeil Protocol
Quick start
# Check a service's trust score (any format works)
curl "https://api.trustscoreagent.com/v1/score?service=api.example.com"
curl "https://api.trustscoreagent.com/v1/score?service=https://api.example.com/v1/translate"
# Unknown services return a neutral score (0.5) — no errors
curl "https://api.trustscoreagent.com/v1/score?service=never-seen-before.com"
# Rate a service after calling it
curl -X POST "https://api.trustscoreagent.com/v1/rate" \
-H "Content-Type: application/json" \
-H "X-Agent-DID: my-agent.example.com" \
-d '{
"service": "api.example.com",
"metrics": {
"status_code": 200,
"latency_ms": 143,
"schema_valid": true
}
}'
# List top-rated services
curl "https://api.trustscoreagent.com/v1/services?sort_by=score&min_ratings=10"Local development
# Start PostgreSQL and Redis
docker compose up -d
# Run the API
dotnet run --project src/TrustScore.Api
# Run tests
dotnet test
# Swagger UI
open http://localhost:5000/swaggerArchitecture
C# / .NET 8 — ASP.NET Core Minimal API
PostgreSQL — Ratings and service scores
Redis — Score caching, rate limiting, nonce tracking
Beta Reputation System — Bayesian scoring (per-dimension: availability, latency, conformity)
EigenTrust — Anti-Sybil agent trust scoring
Merkle Tree — Cryptographic audit log with inclusion proofs
Ed25519 Receipt Verification — Cryptographic proof of service interaction
MCP Server — Integration with Claude, Cursor, and MCP-compatible agents
API Reference
Core (free, always)
Endpoint | Description |
| Trust score for a service (0.5 neutral for unknown) |
| Submit a rating after calling a service |
| List rated services (pagination, sorting, filtering) |
| Check your agent's trust score |
| Latest Merkle tree root |
| Cryptographic inclusion proof for a rating |
Premium (free for now, x402 micropayments later)
Endpoint | Description |
| Daily aggregated score history |
| Latency percentiles, quality distribution |
| Up to 100 scores in one request |
Service identification
All endpoints accept services in any format — they are normalized internally:
api.example.com(domain)https://api.example.com/v1/translate(URL)did:web:api.example.com(DID)
All three resolve to the same service.
MCP Server
TrustScoreAgent is available as an MCP server for Claude, Cursor, and other agents.
# Add to Claude Code
claude mcp add trustscoreagent -- npx -y @trustscoreagent/mcp-serverSee docs/mcp.md for full setup instructions.
Framework integrations
Drop-in tools for agent frameworks (no account or API key needed):
LangChain —
from trustscoreagent_langchain import get_trustscoreagent_toolsCrewAI —
from trustscoreagent_crewai import get_trustscoreagent_tools
Each exposes trustscore_check_reputation, trustscore_submit_rating, and
trustscore_list_services. See integrations/.
Documentation
MCP Server Setup — Claude, Cursor, Windsurf
Contributing
Contributions are welcome — see CONTRIBUTING.md and our Code of Conduct. To report a vulnerability, follow SECURITY.md.
Project status & trust model
TrustScoreAgent is Phase 1 (early). What that means in practice:
Baseline data is real and auditable. Initial scores come from a transparent operated probe (
did:web:trustscoreagent.com:probe) that measures the availability, latency and conformity of a curated list of public, free APIs — real, Merkle-audited measurements, not fabricated numbers. Community and receipt-verified ratings accumulate on top. (The earlier fictitious*.example.comseeds have been removed.)Single operator. Neutrality currently rests on open-source scoring code and a verifiable Merkle audit trail, not on decentralization. Federation is a later phase.
Agent identity is self-asserted. Sybil resistance in Phase 1 is rate limiting + hourly EigenTrust; verified service receipts are the trustworthy signal. Mandatory agent signatures and on-chain Merkle anchoring are Phase 2.
See SECURITY.md for the full trust model and how to report vulnerabilities.
License
Apache-2.0. See LICENSE.
Maintenance
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/trustscoreagent/trustscoreagent'
If you have feedback or need assistance with the MCP directory API, please join our Discord server