ToolTrust Scanner
by agentsafe-aicommunityv1.0.9
15
6
ToolTrust Scanner is a static security scanner for MCP tool definitions that assigns trust grades (A–F) to tools before they are called by an agent, helping to identify potential security risks.
From the registry: Scans MCP servers for prompt injection, data exfiltration, and privilege escalation.
Install & configure
Install in your client
Paste into the AI you're chatting with — it will figure out the rest
Please install the `tooltrust-scanner` MCP server into my current AI client (that's you).
Canonical MCP server config (stdio transport):
- command: `npx`
- args: ["-y","tooltrust-mcp"]
Note: Static security scanner for MCP tool definitions. 16 analysis rules, trust grades A-F. Also available as CLI: curl -sfL https://raw.githubusercontent.com/AgentSafe-AI/tooltrust-scanner/main/install.sh | bash
Add this MCP server to my current client's config in the correct format for you. If you need secrets or credentials I haven't provided, ASK me — do not invent values or leave raw placeholders. After adding it, tell me how to verify the server is connected.Note: Static security scanner for MCP tool definitions. 16 analysis rules, trust grades A-F. Also available as CLI: curl -sfL https://raw.githubusercontent.com/AgentSafe-AI/tooltrust-scanner/main/install.sh | bash
Tools (5)
tooltrust_scan_config
Scans all MCP servers in your .mcp.json or ~/.claude.json.
tooltrust_scan_server
Launch and scan a specific MCP server by command.
tooltrust_scanner_scan
Scans a raw JSON blob of tool definitions.
tooltrust_lookup
Looks up a server's trust grade from the ToolTrust Directory.
tooltrust_list_rules
Lists all built-in security rules.
Packages
tooltrust-mcp
npmv1.0.9transport: stdio
Details
- Language
- Go
- License
- MIT
- Released
- Mar 31, 2026
- Last commit
- Apr 8, 2026
- Registry name
- io.github.AgentSafe-AI/tooltrust-scanner