OpenA2A: CLI Β· HackMyAgent Β· Secretless Β· AIM Β· Browser Guard Β· DVAA
Trust verification CLI for AI packages. MCP servers, A2A agents, skills, AI tools, LLMs. Queries the OpenA2A Registry trust graph for security scans, community consensus, dependency risk, and known advisories. Apache 2.0.
Website Β· Registry Β· Discord
For general-purpose libraries (express, typescript, chalk, etc.) use HackMyAgent instead. ai-trust is scoped to AI-native packages only.
npx ai-trust check @modelcontextprotocol/server-filesystem @modelcontextprotocol/server-filesystem mcp_server Β· scanned 2 days ago
No known issues
Trust ββββββββββββββββββββ 87/100
Level Scanned (3/4)
Blocked > Warning > Listed > Scanned > Verified
ββ Next Steps ββββββββββββββββββββββββββββββββββββββββββββββ
Fresh scan: ai-trust check @modelcontextprotocol/server-filesystem
Full project audit: ai-trust audit package.json
npx ai-trust check <pkg> # run once, no install
npm install -g ai-trust # install globallyRequires Node.js 18 or later.
brew install opena2a-org/tap/ai-trustgit clone https://github.com/opena2a-org/ai-trust.git
cd ai-trust
npm install
npm run build
node dist/index.js check expressEvery release publishes via npm Trusted Publishing with SLSA v1 provenance. No long-lived NPM_TOKEN. GitHub Actions exchanges its OIDC token with npm at publish time.
npm view ai-trust dist.attestations --json
# Expects non-empty result with predicateType "https://slsa.dev/provenance/v1"ai-trust verifies trust for AI-native packages. For everything else, use HMA.
| Your package is... | Use |
|---|---|
| MCP server, A2A agent, skill, AI tool, LLM | ai-trust |
| General-purpose library (express, chalk, typescript, etc.) | hackmyagent check <pkg> |
| Full codebase security audit | hackmyagent secure . |
ai-trust audit package.json audits AI packages in the trust table and separately lists libraries in an "Out of scope" section with an HMA pointer.
Running ai-trust check express on a general-purpose library returns an "out of scope" verdict with a redirect to hackmyagent check express. Intentional. ai-trust is for AI packages only.
Look up the trust verdict for a single AI package.
ai-trust check @modelcontextprotocol/server-filesystem
ai-trust check my-custom-agent --type a2a_agent
ai-trust check @modelcontextprotocol/server-postgres --json
ai-trust check mcp-server-xyz --scan-if-missing --contribute # download + scan + share
ai-trust check server-filesystem --no-scan # registry lookup only
ai-trust check /path/to/local --scan-path /path/to/local # scan a local directoryFlags: --type, --scan-if-missing, --contribute, --no-scan, --no-deep, --scan-path, --json.
# These are equivalent:
ai-trust check server-filesystem
ai-trust check @modelcontextprotocol/server-filesystem
# Third-party MCP servers use their own package names:
ai-trust check mcp-server-kubernetes
ai-trust check @supabase/mcp-server-supabase
ai-trust check @cloudflare/mcp-server-cloudflareserver-* resolves to @modelcontextprotocol/server-*. Third-party mcp-server-* packages are looked up by their actual name.
When a package is not in the registry, ai-trust can download and scan it locally using HackMyAgent. In interactive mode, you are prompted. In CI:
ai-trust check mcp-server-xyz --scan-if-missing --contribute # auto-scan + share
ai-trust check server-filesystem --no-scan # skip scanning entirelyLocal scans run HMA with NanoMind semantic analysis enabled by default. Pass --no-deep for static-only.
Parse dependency files and audit AI packages. Supports .json (package.json format) and .txt (requirements.txt format). Libraries get partitioned into an "Out of scope" section.
ai-trust audit package.json
ai-trust audit requirements.txt
ai-trust audit package.json --min-trust 2 # custom threshold (default 3)
ai-trust audit package.json --scan-missing --contribute # scan unknown AI packagesExample output (mixed AI + libraries):
5 AI packages audited Β· 9 libraries out of scope
PACKAGE TYPE VERDICT TRUST SCORE SCAN
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
@modelcontextprotocol/sdk mcp_server SAFE Scanned ββββββββ 87 passed
@opena2a/aim-core a2a_agent SAFE Scanned ββββββββ 81 passed
...
ββ Out of scope (libraries) ββββββββββββββββββββββββββββββββ
ai-trust is for AI packages. For general security, use HackMyAgent.
@noble/ed25519, @noble/post-quantum, commander, js-yaml, onnxruntime-node + 4 more
ββ Next Steps ββββββββββββββββββββββββββββββββββββββββββββββ
Library security: npx hackmyagent secure .
Look up trust verdicts for multiple AI packages at once. Non-AI packages get partitioned into the "Out of scope" footer.
ai-trust batch @modelcontextprotocol/server-filesystem @modelcontextprotocol/server-postgres
ai-trust batch my-server-a my-server-b --type mcp_server
ai-trust batch react vue express lodash chalkFlags: --type, --min-trust.
ai-trust check express --json # JSON output for scripting
ai-trust audit package.json --json # JSON audit output
ai-trust check express --no-color # disable colored output
ai-trust check express --registry-url http://localhost:8080 # custom registry endpoint| Level | Label | Description |
|---|---|---|
| 0 | Blocked | Package is blocked due to security concerns |
| 1 | Warning | Package has known issues |
| 2 | Listed | Package is listed but not yet scanned |
| 3 | Scanned | Package has been scanned by HackMyAgent |
| 4 | Verified | Package is verified by the publisher |
| Code | Meaning |
|---|---|
| 0 | All queried packages are safe and meet the trust threshold |
| 1 | Operational error (network failure, file not found, server error) |
| 2 | Policy signal: one or more packages have warning or blocked verdict, or fall below --min-trust |
Every scan you run can improve trust data for the entire community. Scan results are shared as anonymised telemetry: check pass/fail and severity only. No file paths, source code, or descriptions.
On first scan, ai-trust asks whether you want to contribute. Your choice is saved in ~/.opena2a/config.json and shared across all OpenA2A tools (opena2a-cli, hackmyagent).
ai-trust check chalk --contribute # contribute for this scan (non-interactive / CI)
opena2a config set contribute true # opt in globally
opena2a config set contribute false # opt out globallyMore scans contributed means packages move from "Listed" to "Scanned" faster, reducing risk for everyone.
opena2a-cli is the unified CLI for the OpenA2A security toolchain. ai-trust powers opena2a trust.
npm install -g opena2a-cli
opena2a trust @modelcontextprotocol/server-filesystem
opena2a review # full security dashboard| Guide | Time |
|---|---|
| Check if a package is safe before installing | 2 min |
| Verify an MCP server's trust score | 3 min |
| Contribute trust data to the community | 3 min |
Full index: docs/USE-CASES.md.
Apache 2.0. PRs from outside the org welcome.
git clone https://github.com/opena2a-org/ai-trust.git
cd ai-trust && npm install && npm run build && npm testSecurity issues: info@opena2a.org (coordinated disclosure, response within 24 hours).
- Website
- OpenA2A Registry. Trust scores and scan data.
- OpenA2A CLI. Unified security CLI.
- HackMyAgent. Local scanning for unverified packages.
- aicomply. Inline PII, credential, and regulated-data classification for agent I/O before it reaches an LLM.
Part of the OpenA2A security platform.
Apache-2.0.
