Trust scores

Instant security scores for any npm MCP package

CVE posture, supply-chain signals, and plain-English guidance. Optional deep scan probes the live MCP server. Watch walkthrough →

1 · Look upType an npm package name (e.g. @playwright/mcp). Static analysis runs automatically.
2 · Deep scanOptionally probe the live MCP server for a richer score with runtime signals.
3 · EmbedCopy badge markdown from the score page into your README.

Recently scored packages

No cached scores yet. Look up a package above — scores are computed on demand from npm and CVE feeds.

Badge API: https://www.mastyf.ai/api/v1/badge/<package>