# AgentScore — MCP Security Trust Layer

## What is this?
AgentScore scans MCP packages for security issues and provides trust verdicts, exposure mapping, and continuous monitoring for the MCP ecosystem.

## Quick Start

### Scan a package
```
GET https://agentscores.xyz/api/scan?npm=exa-mcp-server
```

### Get a trust verdict (allow/warn/block)
```
GET https://agentscores.xyz/api/verdict?npm=exa-mcp-server
```

### Check incident exposure
```
GET https://agentscores.xyz/api/exposure?npm=axios
```

### Security advisories
```
GET https://agentscores.xyz/api/advisories
```

## Capabilities
- MCP package scanning (metadata, source code, provenance posture, tool extraction)
- Trust verdicts: allow / warn / block
- Incident exposure mapping: which MCP servers depend on a compromised package
- Continuous monitoring of 250+ MCP packages
- Auto-published security advisories with RSS feed
- Abuse database

## No API key required for read endpoints.

Full docs: https://agentscores.xyz/docs