Trust Data

Trust verification for AI packages. Query community trust scores, run security scans on demand, and contribute anonymized findings to the OpenA2A trust registry.

Overview

The OpenA2A trust registry is a community database of security scan results, trust scores, and known advisories for MCP servers, A2A agents, skills, AI tools, and LLMs. The ai-trust CLI queries the registry before a package is installed, runs scans on demand when a package is not yet in the registry, and contributes anonymized results back to the community.

Scope: AI packages only

ai-trust verifies trust for AI-native packages: MCP servers, A2A agents, skills, AI tools, and LLMs. General-purpose libraries (express, lodash, typescript, chalk) are out of scope and route to HackMyAgent instead. Running ai-trust check express on a general-purpose library returns an "out of scope" verdict with a redirect to hackmyagent check express. This is intentional.

Your package is...	Use
MCP server, A2A agent, skill, AI tool, LLM	ai-trust
General-purpose library (express, chalk, typescript)	hackmyagent check <pkg>
Full codebase security audit	hackmyagent secure .

ai-trust audit package.json audits AI packages in the trust table and separately lists libraries in an "Out of scope" section with a HackMyAgent pointer.

Query trust data

bash · check a single package

ai-trust check @modelcontextprotocol/server-filesystem

bash · audit a dependency file (default min-trust 3)

ai-trust audit package.json

bash · batch lookup of multiple AI packages

ai-trust batch @modelcontextprotocol/server-filesystem @modelcontextprotocol/server-postgres

Ecosystem detection

The audit command parses dependency files for both npm and PyPI. It supports .json (package.json format) and .txt (requirements.txt format), and the ecosystem is detected from the file format. Libraries are partitioned into an "Out of scope" section in either case.

bash · audit an npm dependency file

ai-trust audit package.json

bash · audit a PyPI dependency file

ai-trust audit requirements.txt

bash · custom trust threshold (default 3)

ai-trust audit package.json --min-trust 2

MCP server shorthand

A server-* name resolves to @modelcontextprotocol/server-*, so server-filesystem and @modelcontextprotocol/server-filesystem are equivalent. Third-party mcp-server-* packages are looked up by their actual name and do not resolve to the @modelcontextprotocol scope.

bash · shorthand resolves to the @modelcontextprotocol scope

ai-trust check server-filesystem

bash · third-party servers use their own package name

ai-trust check mcp-server-kubernetes

bash · scoped third-party MCP server

ai-trust check @supabase/mcp-server-supabase

Scan on demand

When a package is not in the registry, ai-trust can download and scan it locally using HackMyAgent. In interactive mode, ai-trust prompts before scanning. In CI, use the flags below to control the behavior without a prompt. Local scans run HackMyAgent with NanoMind semantic analysis enabled by default; pass --no-deep for static-only.

bash · auto-scan a missing package and share the result

ai-trust check mcp-server-xyz --scan-if-missing --contribute

bash · registry lookup only, skip scanning entirely

ai-trust check server-filesystem --no-scan

bash · scan unknown AI packages during a project audit

ai-trust audit package.json --scan-missing --contribute

bash · JSON output for scripting

ai-trust check express --json

Flag	When it applies
--scan-if-missing	CI flag for `check`. Scans a package locally when it is not in the registry, without prompting.
--scan-missing	For `audit`. Scans unknown AI packages found in the dependency file.
--contribute	Shares the scan result as anonymized telemetry for this run. Useful in non-interactive or CI contexts.
--no-scan	Disables scanning entirely. Registry lookup only.
--no-deep	Runs a local scan static-only, with NanoMind semantic analysis off.
--json	Emits JSON output for scripting. Available on `check` and `audit`.

Trust levels

Level	Label	Description
0	Blocked	Package is blocked due to security concerns
1	Warning	Package has known issues
2	Listed	Package is listed but not yet scanned
3	Scanned	Package has been scanned by HackMyAgent
4	Verified	Package is verified by the publisher

Contribute scan results

Every scan can improve trust data for the community. Scan results are shared as anonymized telemetry: check pass/fail and severity only. No file paths, source code, or descriptions. On the first scan, ai-trust asks whether to contribute, and the choice is saved in ~/.opena2a/config.json and shared across the OpenA2A tools (opena2a-cli, hackmyagent). More scans contributed means packages move from "Listed" to "Scanned" faster.

bash · contribute for a single scan (non-interactive / CI)

ai-trust check chalk --contribute

bash · opt in to contribution globally

opena2a config set contribute true

bash · opt out of contribution globally

opena2a config set contribute false

Using with opena2a-cli

opena2a-cli is the unified CLI for the OpenA2A security toolchain. ai-trust powers opena2a trust.

bash · install the unified CLI

npm install -g opena2a-cli

bash · trust verdict for an AI package via opena2a

opena2a trust @modelcontextprotocol/server-filesystem

bash · full security dashboard

opena2a review

For the full ai-trust CLI reference and installation guide, see the ai-trust tool page.