AgentGraph Trust

Scan and verify trust for MCP servers, skills, and agent tools before you add them to Claude Code or Cursor.

Overview

AgentGraph Trust is a MCP server for the Ship phase that performs security scanning and trust verification on AI agent tools.

What is this MCP server?

Security scanning and trust verification focused on AI agent tools
Published as AgentGraph Trust MCP server v0.3.0 on PyPI (agentgraph-trust)
Stdio transport for integration with MCP-capable coding agents
Helps reduce supply-chain risk from unvetted skills and servers
From agentgraph-co with MCP schema 2025-12-11 metadata
MCP server version 0.3.0
Product title: AgentGraph Trust
Transport: stdio

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

You cannot easily tell if a new MCP server or agent skill is safe before it runs with access to your repo and environment.

Who is it for?

Solo builders curating skills and MCP servers from the open ecosystem who want a dedicated agent-tool trust scan.

Skip if: Teams with mandated enterprise SCA/SAST pipelines that already gate every dependency with legal and infra sign-off.

What do I get? / Deliverables

You run trust and security checks through MCP before installing third-party agent tooling.

Trust and security assessment outputs for agent tools via MCP
Clearer install/no-install decisions for third-party skills and servers
Reduced blind trust when expanding agent capability surface

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

HSM-backed vault secrets for AI agents (JIT fetch) plus prompt-injection and threat scanning.2 stars

1passwordCakeRepository/1Password-MCP

MCP server for 1Password service accounts — tools and resources for vaults and credentials16 stars

402sentinel Mcpkaditang/402sentinel-mcp

Assess an x402 counterparty's risk BEFORE paying: allow/review/block, scored on-chain (Base).1 stars

A2a Governance Bridge Mcp

A2A Governance Bridge MCP server. Tools: verify agent compliance, authorize a2a transaction, get tru

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

Remote MCP for A2A dependency inspector MCP, structured receipts, audit logs, and reviewer-ready evi

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

Remote MCP for A2A caller identity, scope policy, verdict receipts, and audit history.

Journey fit

Primary fit

Trust verification sits in Ship because the risk moment is installing third-party agent tooling right before it touches your codebase and secrets. Security subphase covers vetting unfamiliar tools—not full compliance programs, but the solo builder’s install-time gate.

How it compares

Agent-tool trust MCP scanner, not a runtime WAF or a generic dependency-only npm audit skill.

Common Questions / FAQ

Who is agentgraph-trust for?

Indie developers and agent power users evaluating MCP servers and skills before adding them to local agent configs.

When should I use agentgraph-trust?

Use it during ship/security review whenever you install or update third-party agent tools from GitHub, registries, or marketplaces.

How do I add agentgraph-trust to my agent?

Install the PyPI package agentgraph-trust, register it as a stdio MCP server in Claude Code or Cursor, and invoke trust verification tools on candidates before install.

AgentGraph Trust

Scan and verify trust for MCP servers, skills, and agent tools before you add them to Claude Code or Cursor.

Overview

AgentGraph Trust is a MCP server for the Ship phase that performs security scanning and trust verification on AI agent tools.

What is this MCP server?

Security scanning and trust verification focused on AI agent tools
Published as AgentGraph Trust MCP server v0.3.0 on PyPI (agentgraph-trust)
Stdio transport for integration with MCP-capable coding agents
Helps reduce supply-chain risk from unvetted skills and servers
From agentgraph-co with MCP schema 2025-12-11 metadata
MCP server version 0.3.0
Product title: AgentGraph Trust
Transport: stdio

Compatible agents: Claude Code, Cursor, Codex, any compatible agent

What problem does it solve?

You cannot easily tell if a new MCP server or agent skill is safe before it runs with access to your repo and environment.

Who is it for?

Solo builders curating skills and MCP servers from the open ecosystem who want a dedicated agent-tool trust scan.

Skip if: Teams with mandated enterprise SCA/SAST pipelines that already gate every dependency with legal and infra sign-off.

What do I get? / Deliverables

You run trust and security checks through MCP before installing third-party agent tooling.

Trust and security assessment outputs for agent tools via MCP
Clearer install/no-install decisions for third-party skills and servers
Reduced blind trust when expanding agent capability surface

Recommended MCP Servers

1Claw Vault1clawAI/1claw-mcp

HSM-backed vault secrets for AI agents (JIT fetch) plus prompt-injection and threat scanning.2 stars

1passwordCakeRepository/1Password-MCP

MCP server for 1Password service accounts — tools and resources for vaults and credentials16 stars

402sentinel Mcpkaditang/402sentinel-mcp

Assess an x402 counterparty's risk BEFORE paying: allow/review/block, scored on-chain (Base).1 stars

A2a Governance Bridge Mcp

A2A Governance Bridge MCP server. Tools: verify agent compliance, authorize a2a transaction, get tru

A2adependencyinspector Mcpclauxel/a2a-dependency-inspector-mcp

Remote MCP for A2A dependency inspector MCP, structured receipts, audit logs, and reviewer-ready evi

A2aidentitytoll Mcpclauxel/a2a-identity-toll-mcp

Remote MCP for A2A caller identity, scope policy, verdict receipts, and audit history.

Journey fit

Primary fit

How it compares

Agent-tool trust MCP scanner, not a runtime WAF or a generic dependency-only npm audit skill.

Common Questions / FAQ

Who is agentgraph-trust for?

Indie developers and agent power users evaluating MCP servers and skills before adding them to local agent configs.

When should I use agentgraph-trust?

Use it during ship/security review whenever you install or update third-party agent tools from GitHub, registries, or marketplaces.

How do I add agentgraph-trust to my agent?

Install the PyPI package agentgraph-trust, register it as a stdio MCP server in Claude Code or Cursor, and invoke trust verification tools on candidates before install.

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is agentgraph-trust for?

When should I use agentgraph-trust?

How do I add agentgraph-trust to my agent?

This week for builders

Overview

What is this MCP server?

What problem does it solve?

Who is it for?

What do I get? / Deliverables

Recommended MCP Servers

Journey fit

Who is agentgraph-trust for?

When should I use agentgraph-trust?

How do I add agentgraph-trust to my agent?