We Audited 23,000 MCP Servers. Here's What We Found.
AgentForge Trust is live. Every public MCP server scored on five dimensions β security, code health, behavior, community, EU compliance. 23,402 servers indexed, 1,964 audited. Free public API and npm package.
The Problem
The MCP ecosystem exploded in 2025 β and in 2026 it's at 20,000+ public servers across awesome-mcp-servers, mcp.so, glama.ai, and countless GitHub repos. That's more tools than any human can vet. When your AI agent decides to connect to random-financial-mcp@0.0.3 to process invoices, who verified it doesn't leak your Stripe keys?
Nobody. Until today.
AgentForge Trust β Live Now
Today we're launching AgentForge Trust β the first audit layer for the MCP ecosystem. Every public MCP server gets a 0β100 Trust Score computed across five independent dimensions:
| Dimension | Weight | Signal |
|---|---|---|
| Security Scan | 30% | GitHub Advisory API, dependency CVEs, secret leaks in source |
| Code Health | 20% | Commit recency, issue-to-star ratio, license, archived state |
| Behavioral Audit | 20% | Claude-powered source review β what it really does vs. README claims |
| Community Trust | 15% | Stars (log-scaled), forks, organization backing |
| EU Compliance | 15% | GDPR, AI Act readiness, data residency disclosure |
The Numbers
- 23,402 MCP servers indexed from AgentForge, awesome-mcp-servers, and glama.ai
- 1,964 audited on code_health + community_trust (91% of the long-tail awesome-mcp set)
- Security scans rolling out across all indexed servers this week
- Behavioral audits running on the top 1,000 by community score
Biggest single finding from day one: scores are highly bimodal. Top-100 servers cluster at 85β100 overall, while the long tail drops off sharply below 40. The middle is almost empty. Enterprise procurement guide: set min_overall: 70 and you lose 60% of volume but eliminate nearly all risk.
Four Ways to Use It
1. The /trust landing
Visit agentforge.community/trust for a live leaderboard and the full methodology. Top scorers right now: mindsdb, bytedance/UI-TARS-desktop, and several official Anthropic servers β all at 95+.
2. The public API
Three zero-auth endpoints:
GET /api/v1/trust?slug=β¦β full scorecard for a single serverPOST /api/v1/trust/evaluateβ allow/deny gate with custom policyGET /api/v1/trust/list?category=&min_trust=80β filtered directory
Cached at the edge, EU-hosted, 300s TTL.
3. The MCP tool
Published today on npm:
npx -y agentforge-trust-mcpDrop into your Claude Desktop / Cursor / Foundry agent config and your agent gets four new tools: check_trust, evaluate_policy, list_trusted, recommend. The agent can audit an upstream server before connecting to it, refuse to call servers below a policy threshold, or find alternatives by natural-language query.
4. Enterprise policy dashboard
Coming to enterprise tier in Q3: define organization-wide policies like "only servers with β₯80 overall, EU-licensed, no secrets_leaked badge" β AgentForge Trust enforces it at discovery time across every agent in your stack.
How It Complements Microsoft Foundry
Microsoft just launched Hosted Agents in Foundry β hypervisor-isolated sandboxes for running agents at enterprise scale. Foundry solves agent runtime safety. AgentForge Trust solves tool supply chain safety. They're complementary layers: you run the agent on Foundry, you filter its tool discovery through AgentForge Trust. Drop agentforge-trust-mcp into your Foundry Dockerfile and enterprise policy becomes one API call.
Partial Audits, Honest Scores
Most servers today have code_health + community_trust scored, while security_scan and behavioral_audit are still rolling out. We don't punish servers for unfinished audits β the headline score is a weighted average over only the completed dimensions, reported with partial: true. When you see Partial audit Β· 2/5 dimensions in the UI, the number you see is fair; it just isn't comprehensive yet.
Methodology Is Open
Everything is MIT-licensed and auditable:
- mcp-trust-server source β the npm package
- scoring scripts β ingest, code-health, security scan, behavioral audit
- migration 036 β the trust_scores schema + the compute_overall_trust function
We publish our rubric, our weights, and our audit code. You can disagree, fork, or submit a better version β we actively want PRs on the scoring rules.
What's Next
- Full security scans across all 23,402 servers β done by end of week
- Behavioral audits for the top 1,000 β running now on Claude Sonnet 4.6
- mcp.so integration β adding their catalog on top of glama + awesome-mcp
- Enterprise tier β custom policies, on-demand re-audits, SSO β Q3 2026
- Signed attestations β Ed25519-signed trust reports you can verify offline
Try It Now
Pick your entry point:
- Visit the landing: agentforge.community/trust
- Query the API:
curl 'https://agentforge.community/api/v1/trust/list?min_trust=80&limit=10' - Install the MCP tool:
npx -y agentforge-trust-mcp
The agent economy isn't just about what tools exist. It's about which tools you can trust. Today, that's a solved problem.