Thank you for helping make MCP safer to use. Contributions of all sizes are welcome — especially to the threat data, which is plain, reviewable, and high-impact.
- Report a false positive / false negative. Open an issue with the offending tool metadata (redacted as needed) and the finding (or the finding you expected). These are gold.
- Add threat data. New injection patterns, capability keywords, protected packages, or known CVEs are just data files — see docs/architecture.md. Include a test.
- Add a detector. Implement the small
Detectorinterface, register it, catalogue its rules, add tests — see docs/architecture.md. - Improve docs or output.
npm install
npm run build
npm test # node:test — all suites must pass
npm run typecheckRun the tool locally without building:
npx tsx src/cli/index.ts scan test/fixtures/poisoned-server.json- Determinism is sacred. No
Date.now()/Math.random()in scoring or detectors. Same methodology version + same target must produce the same score. - Bump the methodology version (
src/version.ts) for any change that can move a score, so historical scores remain comparable. - Every finding needs a
confidence. Reserveconfirmedfor decoded/observed/exact-matched evidence — onlyconfirmedfindings can fire a hard grade gate. - Catalogue new rules in
src/data/ruleCatalog.ts(a test enforces this). - Add a test for every behavior change. Prefer a small fixture over prose.
- Keep the runtime dependency footprint near zero — this is a security tool.
- Keep PRs focused. One detector or one data theme per PR is ideal.
- Describe the threat you're addressing and cite a source where possible.
- CI must be green (
typecheck,build,teston Node 20/22/24).
See SECURITY.md — please do not open a public issue for a vulnerability in MCP Trust Checker itself.
By contributing you agree your work is licensed under the project's MIT license.