Trust Data, The Full Picture

Integrate MCP trust scores into your tools, agents, and workflows.

Free tier included. No credit card required.

Get Access

Free

100 requests / day

$0 forever

All endpoints
Rate limit headers included
Personal projects & evaluation

Pro

10,000 requests / day

Coming soon

All endpoints
Rate limit headers included
Personal projects & evaluation
Production integrations & SaaS
Bulk server lookups
Score change notifications
Priority support

Coming Soon

Quick Start

REST API

Base URL for all API requests:

https://api.mcp-scorecard.ai/v1

Example request:

curl -H "X-API-Key: your_key" \
  https://api.mcp-scorecard.ai/v1/stats

MCP Server

Give your AI agent direct access to trust scores. The mcp-scorecard-server package wraps this API as an MCP tool — no HTTP calls needed in your code.

Add to your Claude Code config (.mcp.json):

{
  "mcpServers": {
    "mcp-scorecard": {
      "command": "uvx",
      "args": ["mcp-scorecard-server"],
      "env": {
        "SCORECARD_API_KEY": "your_key"
      }
    }
  }
}

Available tools:

Tool	Description
check_server_trust	Look up trust score, flags, and install info for a specific server
search_servers	Search servers by keyword (min 2 chars)
list_servers	Browse and filter servers by score, flags, platform, or namespace
get_ecosystem_stats	Aggregate stats — total servers, score distribution, flag summary

Works with any MCP-compatible client — Claude Code, Cursor, Windsurf, or your own agent.

Authentication

All endpoints except /v1/health require an API key passed via the X-API-Key header.

# Authenticated request
curl -H "X-API-Key: sk_your_key_here" \
  https://api.mcp-scorecard.ai/v1/servers

# Health check (no auth needed)
curl https://api.mcp-scorecard.ai/v1/health

Invalid or missing keys return 401 Unauthorized.

Endpoints

Health Check

GET /v1/health

Service status. No authentication required.

{ "data": { "status": "ok" }, "meta": { "cached": false } }

Ecosystem Statistics

GET /v1/stats

Aggregate statistics across all scored servers.

List Servers

GET /v1/servers

List and filter servers. Paginated.

Parameter	Type	Description
limit	int	Results per page. 1–200, default 50.
offset	int	Pagination offset. Default 0.
sort	string	Sort field: trust_score, name, namespace, provenance, maintenance, popularity, permissions, scored_at.
order	string	Sort direction: asc or desc. Default desc.
min_score	int	Filter by minimum trust score.
flags	string	Filter by flag name, e.g. SENSITIVE_CRED_REQUEST.
target	string	Filter by platform target, e.g. PostgreSQL.
namespace	string	Filter by publisher namespace.

Get Server

GET /v1/servers/:namespace/:id

Detailed trust data for a single server.

Search

GET /v1/search?q=

Search servers by name. Minimum 2 characters.

Parameter	Type	Description
q	string	Search query. Required, min 2 characters.
limit	int	Max results. 1–200, default 20.

Rate Limits

Rate limits reset daily at midnight UTC. Every response includes headers to track your usage:

X-RateLimit-Limit: 100        # Your daily limit
X-RateLimit-Remaining: 87   # Requests left today
X-RateLimit-Reset: 1709424000 # UTC midnight epoch

When you exceed your limit, the API returns 429 Too Many Requests with a Retry-After header.

Response Format

All responses use a standard envelope:

{
  "data": { ... },     # The response payload
  "meta": {             # Request metadata
    "cached": true,
    "total": 2889,
    "limit": 50,
    "offset": 0
  }
}

Responses may be cached for up to 1 hour. CORS is enabled for all origins.

Errors

Status	Meaning
400	Bad request — missing or invalid parameters
401	Unauthorized — missing or invalid API key
404	Not found — server or route doesn't exist
429	Rate limit exceeded — wait for reset
502	Upstream error — Supabase is unreachable

Use Cases

MCP Clients

Check trust scores before granting a server access to credentials.

CI/CD Pipelines

Gate MCP server additions on minimum trust thresholds.

Security Dashboards

Monitor trust signals across your fleet of MCP servers.

AI Agents

Evaluate server trust programmatically before tool selection.

MCP Scorecard