Is io.github.attestagents/attest-mcp safe to use?

io.github.attestagents/attest-mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.attestagents/attest-mcp?

io.github.attestagents/attest-mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with io.github.attestagents/attest-mcp?

io.github.attestagents/attest-mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

io.github.attestagents/attest-mcp

Scan agent payment endpoints (x402, AP2, L402, MPP, 402) for a trust grade A-F before paying.

GitHub

No known CVEs

No license

Maintenance unknown

No commit data

Works with most clients

Transport:

0 tools

Grade F

Edit this pageView history

Finance

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-attestagents-attest-mcp": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-attestagents-attest-mcp)](https://mcppedia.org/s/io-github-attestagents-attest-mcp)

Read me

What io.github.attestagents/attest-mcp does

Trust scanning for agent payments — right inside your AI agent.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

20/100across 5 weighted dimensions

How we score →

0255075100

−80

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.attestagents/attest-mcp safe to use?: io.github.attestagents/attest-mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.attestagents/attest-mcp?: io.github.attestagents/attest-mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with io.github.attestagents/attest-mcp?: io.github.attestagents/attest-mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Similar servers

Others in finance

View all →

Investor Agent93

A Model Context Protocol server for building an investor agent

333 7

Alpha Vantage Mcp93

Real-time financial market data: stocks, forex, crypto, commodities, and economic indicators

167 3

Evm Mcp Server92

MCP server that provides LLMs with tools for interacting with EVM networks

378 6

Spreedly Mcp92

A Model Context Protocol (MCP) server that provides AI assistants with direct access to the Spreedly payments API. Enables LLMs to manage gateways, process transactions, tokenize payment methods, and more, through structured, validated tool calls.

9 8

MCP Security Weekly

Get CVE alerts and security updates for io.github.attestagents/attest-mcp and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Finance

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-attestagents-attest-mcp": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-attestagents-attest-mcp)](https://mcppedia.org/s/io-github-attestagents-attest-mcp)

Read me

What io.github.attestagents/attest-mcp does

Trust scanning for agent payments — right inside your AI agent.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

Attest MCP Server

Trust scanning for agent payments — right inside your AI agent.

attest-mcp is a Model Context Protocol server that lets any MCP-compatible agent (Claude, Cursor, Windsurf, VS Code, and more) scan an agent payment endpoint and get back a letter grade A–F with a clear safety verdict before authorizing a single cent.

It covers the agentic payment protocols in use today: x402, MPP, AP2, L402, and HTTP 402.

Powered by Attest. The scoring engine runs entirely on Attest's servers — this package is a thin client that relays requests, so installing it never exposes any proprietary grading logic.

Why

Autonomous agents are starting to pay for things on their own. A single malicious or misconfigured endpoint can drain funds through impersonation, a blocklisted payout wallet, bait-and-switch pricing, or a broken payment handshake. attest-mcp gives your agent a fast, deterministic safety check it can run as a step in its payment loop.

Tools

Tool	What it does
`attest_scan`	Runs a full scan on a payment endpoint URL and returns a grade (A–F), a composite score (0–100), a verdict, danger flags, price, and a link to the full report. Call this before paying an unfamiliar endpoint.
`attest_grade`	Fast lookup of the most recent grade for a host that has already been scanned. Good for a quick pre-check.

Requirements

Node.js 18 or newer
Any MCP-compatible client

No API key required.

Quick start

Run it directly with npx (no install needed):

npx attest-mcp

The server speaks MCP over stdio, so you normally don't run it by hand — you point your MCP client at it using one of the configs below.

Client setup

Claude Desktop

Edit claude_desktop_config.json (Settings → Developer → Edit Config):

{
  "mcpServers": {
    "attest": {
      "command": "npx",
      "args": ["-y", "attest-mcp"]
    }
  }
}

Cursor

Add to ~/.cursor/mcp.json (or Settings → MCP → Add new server):

{
  "mcpServers": {
    "attest": {
      "command": "npx",
      "args": ["-y", "attest-mcp"]
    }
  }
}

Windsurf

Add to ~/.codeium/windsurf/mcp_config.json:

{
  "mcpServers": {
    "attest": {
      "command": "npx",
      "args": ["-y", "attest-mcp"]
    }
  }
}

VS Code

Add to .vscode/mcp.json in your workspace:

{
  "servers": {
    "attest": {
      "command": "npx",
      "args": ["-y", "attest-mcp"]
    }
  }
}

Any other MCP client

Use the command npx -y attest-mcp with the stdio transport.

Remote server (no install)

Prefer not to install anything? Attest also runs a hosted MCP server you can connect to over Streamable HTTP:

https://attestagent.org/api/mcp

Point any remote-MCP-capable client at that URL.

Usage example

Once connected, just ask your agent in natural language:

"Before you pay, scan https://api.example.com/paid-resource with Attest."

The agent calls attest_scan and gets back something like:

{
  "host": "api.example.com",
  "grade": "A",
  "composite": 95,
  "danger": false,
  "verdict": "Valid endpoint, established host.",
  "priceHuman": "0.01 USDC",
  "reportUrl": "https://attestagent.org/r/abc-123"
}

Configuration

Environment variable	Default	Description
`ATTEST_BASE_URL`	`https://attestagent.org`	Override the Attest API base URL. Only needed for self-hosting or testing.

Security & privacy

**No

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

20/100across 5 weighted dimensions

How we score →

0255075100

−80

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.attestagents/attest-mcp safe to use?: io.github.attestagents/attest-mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.attestagents/attest-mcp?: io.github.attestagents/attest-mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with io.github.attestagents/attest-mcp?: io.github.attestagents/attest-mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.