Trust scoring for domains, wallets, APIs. SSL+DNS+WHOIS+headers. Score 0-100.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"io-github-br0ski777-trust-score": {
"command": "<see-readme>",
"args": []
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Unified trust scoring for domains, wallets, and APIs. Score 0-100 with 5 sub-scores. Powered by x402 micropayments.
No automated test available for this server. Check the GitHub README for setup instructions.
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
No package registry to scan.
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in security
AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.
Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.
Model Context Protocol for WinDBG
Security scanner for GitHub repos, Agent Skills, Plugins, and MCP servers. 18 scanners. Zero dependencies.
MCP Security Weekly
Get CVE alerts and security updates for io.github.Br0ski777/trust-score and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
Unified trust scoring for domains, wallets, and APIs. Score 0-100 with 5 sub-scores. Powered by x402 micropayments.
The trust layer AI agents need before interacting with unknown services. One API call tells you if a domain, wallet, or endpoint is safe.
| Sub-score | Weight | What it checks |
|---|---|---|
| SSL/TLS | 25% | Certificate validity, HSTS, expiry, issuer, preload |
| WHOIS | 25% | Domain age, registrar reputation, expiry date, suspicious TLDs |
| Security Headers | 20% | CSP, X-Frame-Options, HSTS, Referrer-Policy, Permissions-Policy, X-Content-Type-Options |
| DNS | 15% | A/AAAA/MX/NS records, SPF, DMARC, DNSSEC |
| Content | 15% | Reachability, latency, status code, robots.txt, favicon, CORS |
For wallet addresses (0x...): transaction count, ETH/USDC balance, contract detection on Base L2.
POST /api/score - $0.01/callEvaluate a single target.
{
"target": "example.com",
"checks": ["all"]
}
Response:
{
"target": "example.com",
"type": "domain",
"compositeScore": 72,
"grade": "B",
"verdict": "moderate",
"subscores": {
"ssl": { "score": 90, "grade": "A+", "valid": true, "details": ["HTTPS active", "HSTS max-age=31536000 (1yr+)"] },
"dns": { "score": 85, "details": ["2 A record(s)", "SPF configured", "DMARC configured"] },
"whois": { "score": 60, "domainAge": 10957, "registrar": "Cloudflare, Inc.", "details": ["Domain age: 30 years"] },
"headers": { "score": 55, "missing": ["content-security-policy", "permissions-policy"], "details": ["x-frame-options: DENY"] },
"content": { "score": 70, "latencyMs": 234, "details": ["Status: 200 OK", "Latency: 234ms (fast)"] }
},
"timestamp": "2026-04-13T10:45:00.000Z",
"cachedFor": "5m"
}
POST /api/batch - $0.02/callCompare 2-5 targets side by side, ranked by trust score.
{
"targets": ["google.com", "sketchy-site.tk", "0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045"]
}
Response:
{
"count": 3,
"mostTrusted": "google.com",
"leastTrusted": "sketchy-site.tk",
"results": [
{ "target": "google.com", "compositeScore": 82, "grade": "A", "verdict": "trusted" },
{ "target": "0xd8dA...", "compositeScore": 70, "grade": "B", "verdict": "moderate" },
{ "target": "sketchy-site.tk", "compositeScore": 15, "grade": "F", "verdict": "dangerous" }
]
}
| Score | Grade | Verdict | Meaning |
|---|---|---|---|
| 90-100 | A+ | trusted | Excellent security posture, well-established |
| 75-89 | A | trusted | Good security, minor improvements possible |
| 60-74 | B | moderate | Acceptable, some security gaps |
| 40-59 | C | moderate | Below average, multiple issues |
| 20-39 | D | suspicious | Poor security, use with caution |
| 0-19 | F | dangerous | Critical issues, avoid interaction |
Works with Claude Desktop, Cursor, Copilot, and any MCP-compatible client.
{
"mcpServers": {
"trust-score": {
"url": "https://trust-score-production-ff18.up.railway.app/mcp",
"transport": "sse"
}
}
}
Uses x402 protocol. Send a request, get HTTP 402 with price, your agent signs USDC on Base automatically. No API keys, no signup.