Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@MCP Content Credentials Servercheck if this photo from my Downloads is AI-generated"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
MCP Content Credentials Server
MCP (Model Context Protocol) server for reading C2PA Content Credentials from images and videos. Detects credentials from both embedded manifests and invisible watermarks.
Features
π Embedded C2PA Detection - Read manifests from file metadata
π TrustMark Watermark Detection - Detect credentials in image pixels (survives social media!)
π URL Support - Check credentials from web URLs
π Direct Filesystem Access - Claude can browse your directories
β‘ Smart Detection - Checks embedded first, watermark as fallback
π€ Automatic Installation - Zero configuration setup
π Structured Output - Human-readable parsed data
π‘οΈ Production Ready - Full error handling and logging
π REST API - HTTP endpoints for ChatGPT and web integration
Quick Start
# 1. Clone
git clone https://github.com/noga7/mcp-content-credentials.git
cd mcp-content-credentials
# 2. Install (automatic: installs c2patool + TrustMark)
npm install
# 3. Build
npm run build
# 4. Configure Claude Desktop
# Add to ~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"content-credentials": {
"command": "node",
"args": ["/absolute/path/to/mcp-content-credentials/build/index.js"]
}
}
}
# 5. Restart Claude Desktop
# Optional: Start REST API for ChatGPT/web access
npm run start:api
# Server runs on http://localhost:3000REST API (for ChatGPT & Web Apps)
Want to use this with ChatGPT or your own web app? Start the HTTP REST API:
npm run start:apiThe server runs on http://localhost:3000. See REST-API.md for full documentation.
For ChatGPT: Use ngrok to expose your local server, or deploy to Render/Railway. See REST-API.md for instructions.
# Quick test
curl "http://localhost:3000/verify-url?url=https://example.com/image.jpg"Prerequisites
Node.js v18+
Python 3.8.5+ (for TrustMark watermarks)
All other dependencies auto-install during
β c2patool (Homebrew on macOS, binary on Linux)
β TrustMark Python package (via pip)
Manual Installation (if auto-install fails)
# c2patool
brew install contentauth/tools/c2patool # macOS
# TrustMark
pip3 install trustmark Pillow
# Or retry auto-install
npm run install-depsUsage
Check a Specific File
"Check content credentials in ~/Desktop/photo.jpg"
"Is this image AI-generated?"
"Who created /Users/you/Downloads/image.png?"Browse Directories
"What images are in my Desktop?"
"Check my Downloads for Content Credentials"
"Find AI-generated images in my Pictures"Check URLs
"Check credentials at https://example.com/image.jpg"How It Works
Detection Flow
1. Check Embedded C2PA Manifest (fast: ~150ms)
β
Found? β Return immediately β
β
2. Check TrustMark Watermark (slower: ~600ms)
β
Found? β Return watermark data β
β
3. Neither found β "No Content Credentials found" βWhy This Order?
Performance: 80% of credentialed images have embedded manifests
Speed: Skip expensive watermark check when not needed
Completeness: Still catch stripped metadata via watermarks
TrustMark Watermarks
Invisible watermarks embedded in image pixels that:
β Survive JPEG compression
β Persist through social media uploads (Instagram, Twitter)
β Work after print-scan cycles
β Remain when metadata is stripped
Supported Formats
Images: JPEG, PNG, WebP, GIF, TIFF, AVIF, HEIC
Video: MP4, MOV
API Response
{
success: boolean;
hasCredentials: boolean;
// Embedded C2PA data
manifestData?: {
whoThisComesFrom?: {
linkedInIdentity?: { name, profileUrl, verified }
otherIdentities?: [{ name, socialAccounts }]
};
aboutThisContent?: {
actions?: [{ action, softwareAgent, when }]
genAIInfo?: { generative, training, model }
};
aboutTheseCredentials?: { claimSigner, timestamp };
validationInfo?: { certificate, trustInfo };
};
// Watermark data (if no embedded found)
trustMarkData?: {
identifier: string; // Watermark payload
schema: string; // BCH_SUPER, BCH_5, etc.
manifestUrl?: string; // URL to full manifest
};
error?: string;
}Filesystem Access
Claude can browse these directories automatically:
~/Desktop~/Downloads~/Documents~/Pictures
No need to provide exact paths! Just ask:
"What images are in my Desktop?"
"Check recent downloads"
Development
npm run build # Compile TypeScript
npm run dev # Development mode
npm run lint # Check code quality
npm run test # Run tests
npm run precommit # Full quality checkArchitecture
mcp-content-credentials/
βββ src/
β βββ index.ts # MCP server + filesystem access
β βββ c2pa-service.ts # Detection orchestration
β βββ trustmark-service.ts # Watermark detection (Python)
β βββ parsers/ # Data formatters
β βββ types/ # TypeScript definitions
βββ scripts/
β βββ install-trustmark.cjs # Auto-installer
β βββ trustmark-decode.py # Python watermark decoder
βββ build/ # Compiled outputTroubleshooting
"Unable to access that file"
Restart Claude Desktop (most common fix!)
Use absolute paths:
/Users/you/...not~/...Verify MCP is connected: Ask "What tools do you have?"
"c2patool: command not found"
brew install contentauth/tools/c2patool # macOS
# or
npm run install-deps"Python or TrustMark not found"
pip3 install trustmark Pillow
# or
npm run install-depsNo Content Credentials Found
This is normal! The file either:
Wasn't created with content authentication
Had credentials removed
Is a screenshot/copy without provenance
Performance
Embedded check: ~150ms (fast path, 80% of cases)
+ Watermark check: ~600ms (fallback, 20% of cases)
First watermark: ~30s (downloads ONNX model, one-time)
Security
β Read-only filesystem access
β Limited to user directories (Desktop, Downloads, etc.)
β Input validation on all paths and URLs
β Temporary files auto-deleted
β No access to hidden/system files
Contributing
See CONTRIBUTING.md
Resources
License
MIT