Canopii Trust Index

Canopii Trust Index

A trust index that security-scores MCP servers before your agents connect

Freemium
4.4 (10 reviews)

Gallery

About Canopii Trust Index

Canopii Trust Index is a public resource that gives MCP servers a security grade before an AI agent ever connects to one. Model Context Protocol servers let agents reach out to external tools and data, which also means an agent can be pointed at third-party code that reads sensitive information or runs commands on your behalf. That connection is powerful and also risky, because the server sits right between your agent and your systems. The Trust Index scores each server so the risk is visible up front, using a straightforward letter grade that runs from A at the top down to F. A grade is meant to be something you can read at a glance, without needing to audit the server's source yourself first.

The reason this matters is that the MCP ecosystem grew fast and most of it is unvetted. A server might look harmless on its listing and still hide a dangerous code path, a poisoned tool description, or a prompt injection waiting for an agent to read it and act on it. Canopii frames the danger bluntly in its research, noting that hundreds of servers ship confirmed dangerous code paths such as arbitrary eval, command injection, and unsafe deserialization. Without something checking, a team wiring agents up to tools has little way to tell a safe server from a risky one, and the cost of guessing wrong is an agent running attacker-controlled code inside a trusted context.

Under the hood the index continuously scans servers for tool poisoning, prompt injection, supply-chain, and credential risk, and it grades each server version rather than just the project as a whole, so a score reflects the exact build an agent would connect to instead of an average across releases. It has scored more than twelve thousand servers, with roughly 45 percent earning an A and about 8 percent landing in the D or F range, which gives a sense of how uneven the ecosystem really is. Alongside the grades it live-verifies endpoints, separating thousands of confirmed live servers from a large set it simply can't verify, and that inability to verify is treated as a signal in its own right.

For developers who want the scores inside their own workflow, Canopii exposes an API. The idea is that you can check any MCP server's security score from your own tools, whether that's a CI gate that blocks a build when a server drops below a grade, a procurement review before a vendor gets approved, or an agent allow-list that only permits servers above a certain threshold. That turns the index from a website you visit into a check you can automate and enforce, so the decision about whether a server is safe doesn't rely on someone remembering to look it up by hand.

The index is the public, free face of a larger platform. Canopii also sells an enterprise MCP control plane that governs, attributes, and audits every tool call a team's agents make, with per-user attribution that ties a call back to a specific person, searchable audit trails, policy written in plain language, and a security score on every server a team wants to enable. It can host pre-vetted servers for common tools like GitHub, Slack, Linear, Stripe, and Notion, or let a team bring its own. That side is aimed at organizations that need governance and a paper trail, and it sits behind a booked demo rather than a public price.

The audience is developers, DevOps and platform teams, and any organization rolling out AI agents that needs to know a server is safe before enabling it. Where it stands apart is the focus. Plenty of security tooling scans code or dependencies in general, but the Trust Index treats MCP servers as their own category with their own failure modes, the tool poisoning and prompt injection risks that don't show up in a normal dependency scan. It grades them continuously, so the picture stays current as servers change and republish rather than going stale after a single one-time audit. That continuous posture is the difference between a badge a project earned once and a grade that reflects the code an agent would actually pull today.

On access, the Trust Index itself is free to browse and is positioned as a research resource, so anyone can look up a server's grade without paying or signing up. The API and the enterprise control plane are the commercial side, and their pricing isn't published on the site, with enterprise inquiries routed through a demo. For a team just trying to decide whether a given MCP server is trustworthy before they let an agent connect to it, the free index is usable entirely on its own, and the deeper governance features are there for teams that need to prove control over what their agents are actually doing.

Key Features

  • Letter-grade A to F security scores
  • Continuous scanning per server version
  • Tool-poisoning and prompt-injection detection
  • Supply-chain and credential risk checks
  • Live endpoint verification
  • Security-score API for CI and allow-lists

Pros & Cons

What we like

  • Public scores you can check before connecting an agent
  • Already covers thousands of MCP servers
  • Grades every server version, not just the project
  • API fits CI gates, procurement, and allow-lists

Room for improvement

  • Narrow focus on the MCP ecosystem
  • Full platform pricing isn't published
  • Enterprise features sit behind a demo
  • Younger product in a very new category

Frequently Asked Questions

What is the Canopii Trust Index?
It's a public resource that gives MCP servers a letter-grade security score from A to F before agents connect to them. It continuously scans servers for tool poisoning, prompt injection, supply-chain, and credential risk.
Is the Trust Index free?
The index itself is a free, public research resource, and Canopii has scored more than twelve thousand servers. Canopii also sells an enterprise MCP control plane and offers an API, and neither of those is priced on the page.
Who is Canopii for?
Developers, DevOps teams, and organizations that deploy AI agents and need to know whether an MCP server is safe to enable. It's aimed at anyone building agent allow-lists or reviewing third-party servers.
How does the scoring work?
Each MCP server version gets a grade from A to F based on continuous scans for risks like tool poisoning, prompt injection, unsafe code paths, and credential exposure. Canopii also live-verifies endpoints and flags servers it can't verify.

Best For

Vetting an MCP server before an agent connectsGating CI on a server's security gradeBuilding an allow-list of trusted MCP serversReviewing supply-chain risk during procurement

Featured in

Alternatives to Canopii Trust Index

View all

Reviews (10)

P
Priya Esposito

Two months in, no regrets

Started using Canopii Trust Index casually, now it is pinned in my dock. Their take on continuous scanning per server version is genuinely good. Support actually answered when I had a question, which surprised me. Recommending it to people in a similar spot.

6/6/2026 15 found this helpful
A
Aditya Singh Verified

Worth a look

Picked Canopii Trust Index for the price, stayed for the quality. What stands out is how it handles grades every server version, not just the project. Found it works best for vetting an mcp server before an agent connects.

7/6/2026 12 found this helpful
L
Louis Esposito Verified

Worth a look

Started using Canopii Trust Index casually, now it is pinned in my dock. It just works, day after day, without surprises. Found it works best for building an allow-list of trusted mcp servers. Would sign up again without thinking twice.

5/9/2026 10 found this helpful
D
Drew Okafor

Genuinely impressed

Found Canopii Trust Index on a Show HN thread and I am glad I clicked. Got real value out of api fits ci gates, procurement, and allow-lists. Recommending it to people in a similar spot.

4/22/2026 10 found this helpful
K
Kenji Okafor

Finally something that fits

Hadn't planned on switching, but Canopii Trust Index was hard to ignore. What stands out is how it handles supply-chain and credential risk checks. It just works, day after day, without surprises. Found it works best for gating ci on a server's security grade. Worth it for what I get out of it.

5/14/2026 7 found this helpful
Q
Quinn Meyer

Worth a look

Came to Canopii Trust Index after getting frustrated with what I had before. Where it really wins is live endpoint verification. No regrets so far.

4/23/2026 5 found this helpful
J
Jamie Petrov Verified

Powerful once it clicks

Hadn't planned on switching, but Canopii Trust Index was hard to ignore. Where it really wins is live endpoint verification. It fits well for reviewing supply-chain risk during procurement. The catch is younger product in a very new category.

3/18/2026 1 found this helpful
Y
Yara Ramirez Verified

Two months in, no regrets

Canopii Trust Index solves a real problem for me without making a fuss about it. The grades every server version, not just the project is more useful than I expected. It has shaved real time off my week. It earns its place in my stack.

4/25/2026
D
Diego Choi

Pulled its weight from week one

Hadn't planned on switching, but Canopii Trust Index was hard to ignore. The core workflow is smooth once you are set up.

3/30/2026
H
Hiroshi Pereira

It just works

Came to Canopii Trust Index after getting frustrated with what I had before. The defaults are sensible, so I was not fighting settings on day one. It does what it says, which is rarer than it should be.

3/17/2026