A practical guide to improving your MCP server's trust score. Follow these best practices across all 7 scoring factors.
Your server manifest should honestly and completely declare every tool, resource, and prompt it offers. CraftedTrust compares what you declare versus what it discovers.
Each tool your server provides must be listed in the MCP manifest with accurate name, description, and parameter schemas. Undiscovered tools that aren't declared reduce your score.
High ImpactResources (data sources your server exposes) must be listed with correct names, MIME types, and access levels. Don't hide read/write capabilities behind vague descriptions.
High ImpactEvery tool parameter should have a type, description, and required/optional flag. Missing schemas make it harder for agents (and auditors) to understand what the tool does.
Medium ImpactTool and resource descriptions should accurately reflect their behavior. Don't downplay destructive actions (like "manage_files" for a tool that can delete entire directories).
Medium ImpactServers that request only the permissions they need score higher. Overly broad access surface increases risk for users.
If your server only reads data, don't declare write tools. Each unnecessary permission scope reduces your minimality score.
High ImpactTools that accept arbitrary input (e.g., raw SQL queries, unrestricted file paths) score lower than tools with constrained parameters.
Medium ImpactInstead of one tool that does everything, provide separate read-only and write tools. This lets users grant minimal access.
Medium ImpactOutbound connections are one of the biggest risk factors. Every domain your server contacts should be declared and necessary.
Only connect to domains that are essential to your server's functionality. Every additional domain is a potential data exfiltration vector.
High ImpactIf your server connects to external APIs, list them in your documentation or manifest. Undeclared connections are the #1 red flag in our scans.
High ImpactNever make unencrypted HTTP requests. All outbound connections should use TLS 1.2 or higher.
High ImpactThird-party analytics libraries that phone home (Google Analytics, Mixpanel, etc.) in server-side code are detected and heavily penalized.
Medium ImpactOpen-source servers inherently score higher because users can inspect the code. Closed-source servers can improve by providing audit reports.
Publish your source code on GitHub, GitLab, or another public repository. Our scanner checks for a valid repo URL and verifies it's accessible.
High ImpactIf open-sourcing isn't possible, provide a third-party security audit report. Contact us to submit audit documentation.
Medium ImpactKnown publishers with established track records score higher. Build your reputation over time.
Register as a publisher on CraftedTrust and certify at least one server. Verified publishers get reputation bonuses on all their servers.
High ImpactIf your server is distributed via npm, maintain your package with regular updates, a README, and responsive issue tracking.
Medium ImpactIf a vulnerability is reported in your server, address it promptly. Abandoned servers with known issues get low reputation scores.
Medium ImpactThe connection between AI agents and your MCP server must be secure. This factor measures your transport-layer security.
Your HTTPS endpoint must support TLS 1.2 or 1.3. Servers that accept older TLS versions or allow downgrade attacks lose points.
High ImpactUse a certificate from a trusted CA (Let's Encrypt works great). Self-signed certificates are flagged.
High ImpactDon't use Access-Control-Allow-Origin: * unless your server is genuinely a public API. Restrict origins when possible.
Our threat database tracks known-malicious patterns, domains, and tool signatures. Avoiding these is critical.
Run npm audit or equivalent regularly. Known-vulnerable packages are flagged in our scans.
Our threat database tracks domains associated with data exfiltration, credential harvesting, and C2 communication. Any connection to these domains triggers critical alerts.
High ImpactTools that request seed phrases, private keys, passwords, or other credentials (especially as parameters) are heavily penalized. Never ask for credentials through MCP tool parameters.
High ImpactOnly distribute your server through established registries (npm, PyPI, Docker Hub). Side-loading from unknown sources reduces trust.
Medium ImpactSubmit your server for a free scan and see how you measure up.
Scan Your Server →