Is io.github.notifuturo/vouch safe to use?

io.github.notifuturo/vouch has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.notifuturo/vouch?

io.github.notifuturo/vouch supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with io.github.notifuturo/vouch?

io.github.notifuturo/vouch is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Is io.github.notifuturo/vouch actively maintained?

io.github.notifuturo/vouch is actively maintained — last commit was 4 days ago. It has 1 GitHub stars.

io.github.notifuturo/vouch

npm

Trust/risk score for AI agents before they pay. Free via MCP; paid x402 for reasons.

1 GitHub npm

No known CVEs

No license

Actively maintained

Last commit 4d ago

Works with most clients

Transport:

0 tools

Grade F

Edit this pageView history

AI / ML

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-notifuturo-vouch": {
      "args": [
        "-y",
        "npm"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-notifuturo-vouch)](https://mcppedia.org/s/io-github-notifuturo-vouch)

Read me

What io.github.notifuturo/vouch does

Trust/risk score for AI agents before they pay. Free via MCP; paid x402 for reasons.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y 'npm' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

28/100across 5 weighted dimensions

How we score →

0255075100

−72

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked npm against OSV.dev.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.notifuturo/vouch safe to use?: io.github.notifuturo/vouch has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.notifuturo/vouch?: io.github.notifuturo/vouch supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with io.github.notifuturo/vouch?: io.github.notifuturo/vouch is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is io.github.notifuturo/vouch actively maintained?: io.github.notifuturo/vouch is actively maintained — last commit was 4 days ago. It has 1 GitHub stars.

Similar servers

Others in ai-ml

View all →

Sequential Thinking MCP Server98

Dynamic problem-solving through sequential thought chains

87.0k 1

Memory MCP Server98

Persistent memory using a knowledge graph

87.0k 5

Better Chatbot96

Just a Better Chatbot. Powered by Agent & MCP & Workflows.

1.1k 4

Antigravity Workspace Template96

Workspace template + MCP server for Claude Code, Codex CLI, Cursor & Windsurf. Multi-agent knowledge engine (ag-refresh / ag-ask) that turns any codebase into a queryable AI assistant.

1.3k 2

MCP Security Weekly

Get CVE alerts and security updates for io.github.notifuturo/vouch and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

AI / ML

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-notifuturo-vouch": {
      "args": [
        "-y",
        "npm"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-notifuturo-vouch)](https://mcppedia.org/s/io-github-notifuturo-vouch)

Read me

What io.github.notifuturo/vouch does

Trust/risk score for AI agents before they pay. Free via MCP; paid x402 for reasons.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y 'npm' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

Vouch

A per-call payment trust & reputation API for AI agents — monetized over x402.

When an autonomous agent is about to pay a merchant, API, or counterparty, it asks Vouch one question first: is this safe to pay? Vouch returns an explainable trust score, and charges a fraction of a cent per call in USDC — no accounts, no API keys, no Stripe. Billing is the x402 protocol itself.

Why

The agentic-commerce rails (Coinbase x402, AWS, Visa, Mastercard, Agnic) are being built by giants. The governance layer — should this agent trust this counterparty with money? — is the named #1 blocker to autonomous spend and is wide open. Vouch is a thin, self-serve pick-and-shovel on top of those rails.

Every call makes the product better: checks and community reports accrete into a reputation dataset that compounds with usage — the moat a bootstrapped team can actually build.

How it works

agent ──POST /v1/check { target }──▶  x402 paywall (402 → pay USDC → retry)
                                          │
                                          ▼
                          ┌─────────── scoring engine ───────────┐
                          │ transport · domain heuristics ·       │
                          │ threat feed · reputation (D1)         │
                          └───────────────────────────────────────┘
                                          │
                            { score, risk, reasons[] }

Scoring is a weighted average of independent signals, with a safety override: any single hard-negative signal (e.g. a threat-feed hit) caps the overall score so one strong red flag can't be averaged away.

Signal	Weight	Source
`threat_feed`	3	URLhaus host list (`THREAT_FEED_URL`), cached, fails open
`reputation`	2	Vouch's own accumulating D1 data (the moat)
`transport`	1.5	HTTPS / valid host
`domain_heuristics`	1	Punycode, raw IPs, abuse-prone TLDs, etc.

Endpoints

Method & path	Cost	Description
`POST /v1/check`	x402 (USDC)	Full verdict → `{ score, risk, reasons, signals, attestation }` (signed Ed25519 receipt)
`POST /v1/score`	free (rate-limited)	Score + risk only → `{ score, risk }`. Pay `/v1/check` for the reasons
`GET /v1/attestation/pubkey`	free	Ed25519 public key (JWK) to verify a `/v1/check` attestation
`POST /v1/report`	free	Submit a `flag` or `vouch` for a host
`GET /v1/stats`	free	Aggregate reputation totals (hosts, checks, flags, vouches)
`POST /mcp`	free	MCP Streamable-HTTP server (`vouch_score`, `vouch_report` tools)
`GET /health`	free	Liveness
`GET /`	free	Service info (HTML landing for browsers)

CORS is open (*) and the x402 payment headers are exposed, so browser-hosted agents can preflight and complete the pay/retry flow.

Reading `/v1/report` (abuse model)

POST /v1/report is free and unauthenticated by design — anyone can submit a flag or vouch for a host, so the raw flags/vouches counts are community signals, not ground truth. Abuse is contained by:

Rate limiting — 10 reports per 60s per client IP (Cloudflare Rate Limiting, fails closed).
Reporter-standing weighting — each counted report contributes a weighted amount (not a flat +1) based on the reporti

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

28/100across 5 weighted dimensions

How we score →

0255075100

−72

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked npm against OSV.dev.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.notifuturo/vouch safe to use?: io.github.notifuturo/vouch has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.notifuturo/vouch?: io.github.notifuturo/vouch supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with io.github.notifuturo/vouch?: io.github.notifuturo/vouch is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is io.github.notifuturo/vouch actively maintained?: io.github.notifuturo/vouch is actively maintained — last commit was 4 days ago. It has 1 GitHub stars.

Similar servers

Others in ai-ml

View all →

Sequential Thinking MCP Server98

Dynamic problem-solving through sequential thought chains

87.0k 1

Memory MCP Server98

Persistent memory using a knowledge graph

87.0k 5

Better Chatbot96

Just a Better Chatbot. Powered by Agent & MCP & Workflows.

1.1k 4

Antigravity Workspace Template96

Workspace template + MCP server for Claude Code, Codex CLI, Cursor & Windsurf. Multi-agent knowledge engine (ag-refresh / ag-ask) that turns any codebase into a queryable AI assistant.

1.3k 2

MCP Security Weekly

Get CVE alerts and security updates for io.github.notifuturo/vouch and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

io.github.notifuturo/vouch

Install in your client

What io.github.notifuturo/vouch does

Test This Server

Why this score

28/100across 5 weighted dimensions

Security

Help improve this page

Reviews

Frequently Asked Questions

Similar servers

Discussion

io.github.notifuturo/vouch

Install in your client

What io.github.notifuturo/vouch does

Test This Server

Vouch

Why

How it works

Endpoints

Reading /v1/report (abuse model)

Why this score

28/100across 5 weighted dimensions

Security

Help improve this page

Reviews

Frequently Asked Questions

Similar servers

Discussion

Vouch

Why

How it works

Endpoints

Reading /v1/report (abuse model)

Reading `/v1/report` (abuse model)

Reading `/v1/report` (abuse model)