Is io.github.ObligationSign/agts-mcp safe to use?

io.github.ObligationSign/agts-mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.ObligationSign/agts-mcp?

io.github.ObligationSign/agts-mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.

io.github.ObligationSign/agts-mcp

Sovereign MCP Gateway — 64 governed tools with Merkle transparency log. EU AI Act and SOC 2 ready.

UnknownNot tested

Other

GitHub

11FNo CVEsunknown

Quick Install

{
  "mcpServers": {
    "io-github-obligationsign-agts-mcp": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Setup guide

No install config available. Check the server's README for setup instructions.

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-obligationsign-agts-mcp)](https://mcppedia.org/s/io-github-obligationsign-agts-mcp)

Should you use this server?

Sovereign MCP Gateway — 64 governed tools with Merkle transparency log. EU AI Act and SOC 2 ready.

✓

Is it safe?

No package registry to scan.

No authentication — any process on your machine can connect.

License not specified.

Is it maintained?

Commit history unknown.

Will it work with my client?

Transport: , . Compatibility not confirmed.

README

AGTS MCP Server

Sovereign MCP Gateway — Governed Tool Invocation for Autonomous Agents

Model Context Protocol server that turns tool calls into cryptographically authorized, verifiable actions. 64 governed tools across 6 layers — hybrid Ed25519 + SLH-DSA signed and Merkle-anchored. Designed to support EU AI Act, GDPR, SOC 2, ISO 27001, DORA, NIS2, and FINRA compliance.

Server URL

https://agts-mcp.obligationsign.com/mcp

Transport	URL	Status
Streamable HTTP (primary)	`https://agts-mcp.obligationsign.com/mcp`	Active
SSE (deprecated)	`https://agts-mcp.obligationsign.com/mcp/sse`	Deprecated

Authentication

The gateway requires a Bearer token issued through the ObligationSign platform. All requests must include an Authorization header.

To obtain a token, register at obligationsign.com/start/.

Quick Start

Claude Desktop / Cursor / Windsurf

Add to your MCP configuration:

{
  "mcpServers": {
    "agts": {
      "url": "https://agts-mcp.obligationsign.com/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_TOKEN"
      }
    }
  }
}

Programmatic (JSON-RPC over HTTP)

curl -X POST https://agts-mcp.obligationsign.com/mcp \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -d '{
    "jsonrpc": "2.0",
    "id": 1,
    "method": "tools/list",
    "params": {}
  }'

What is AGTS?

AGTS (Autonomous Governance Transparency Standard) is a transparency-backed governance protocol that converts validated machine decisions into append-only cryptographic records, independently verified by a network of witnesses and monitors.

decision → record → immutable history → verifiable truth

Every tool call passes through a five-gate firewall (Statistical, Causal, Regression, Evidence, Human-Compatible Explanation) before execution. Admitted actions are Merkle-anchored into an append-only transparency log and signed with hybrid post-quantum cryptography.

Tool Catalog (64 Tools)

Layer 1 — Infrastructure

VPN & Network

Tool	Description
`create_tunnel`	Establish an attested VPN tunnel (WireGuard/IPSec/TLS)
`tunnel_status`	Monitor uptime, transfer bytes, and attestation status
`disconnect_tunnel`	Terminate session and log the event
`dns_query`	Secure DNS resolution through the Sovereign resolver

Monitor

Tool	Description
`system_health`	Probe all mesh workers for status and latency
`check_alerts`	Fetch the monitor alert timeline
`subscribe_alerts`	Webhook subscription for real-time alerts
`check_equivocations`	Fetch conflicting Signed Tree Head proofs
`gossip_status`	Current state of gossip protocol and monitor identity

Layer 2 — Identity & Communications

Sovereign Mail

Tool	Description
`send_sovereign_mail`	Send encrypted (internal) or plaintext (external) messages
`list_inbox`	List message metadata from an inbox
`read_message`	Retrieve full message content by ID
`lookup_recipient_keys`	Retrieve public keys (ECDH P-384 / ML-KEM-512)

Sovereign Drive

Tool	Description
`upload_file`	Client-side encrypted upload with integrity anchoring
`list_files`	List file metadata, sizes, and sharing status
`download_file`	Retrieve ciphertext for client-side decryption
`share_file`	Share files using ECDH key wrapping
`delete_file`	Remove a file and create a death leaf in the log

OpenClaw (Agent Identity)

Tool	Description
`register_claw`	Create a cryptographic Claw Passport and identity keys
`scan_skill`	Scan agent skills through the five-gate firewall
`claw_status`	Return trust score, governance history, and quota
`export_passport`	Sec

... View full README on GitHub

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Score Breakdown

MCPpedia Score

Click each category to see evidence

11F

Last scored 7h ago

How we score →

Security

2/30

No known vulnerabilities.

○

Known CVEs — No package registry to scan

○

Tool safety — No tools to analyze

○

Tool poisoning — No tools to analyze

○

Injection vectors — No tools to analyze

○

Tool stability — First scan — baseline recorded

○

Dependency health — No package to analyze

✗

License — No license specified

○

Authentication — No authentication required

○

Repository — active repo

CVEs checked daily via OSV.dev. Score algorithm is open source.

Reviews

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.ObligationSign/agts-mcp safe to use?: io.github.ObligationSign/agts-mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.ObligationSign/agts-mcp?: io.github.ObligationSign/agts-mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.

Similar servers

View all →

Memory MCP Server

Official

No CVEs98A

Persistent memory using a knowledge graph

5 toolsstdio83.8k93.5k/wk1d ago

Hash-verified file editing MCP server with token efficiency hook. 11 tools for AI coding agents.

No CVEs95A

Hash-verified file editing MCP server with token efficiency hook. 11 tools for AI coding agents.

5 toolsremote398685.9k/wk11h ago

Context Mode

No CVEs95A

Privacy-first. MCP is the protocol for tool access. We're the virtualization layer for context.

6 toolsremote7.3k10.0k/wk23h ago

Browser Tools Mcp

No CVEs94A

Monitor browser logs directly from Cursor and other MCP compatible IDEs.

7 toolsremote7.2k2.9k/wk28d ago

MCP Security Weekly

Get CVE alerts and security updates for io.github.ObligationSign/agts-mcp and similar servers.

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?