Canopii Trust Index
A trust index that security-scores MCP servers before your agents connect
Gallery
About Canopii Trust Index
Canopii Trust Index is a public resource that gives MCP servers a security grade before an AI agent ever connects to one. Model Context Protocol servers let agents reach out to external tools and data, which also means an agent can be pointed at third-party code that reads sensitive information or runs commands on your behalf. That connection is powerful and also risky, because the server sits right between your agent and your systems. The Trust Index scores each server so the risk is visible up front, using a straightforward letter grade that runs from A at the top down to F. A grade is meant to be something you can read at a glance, without needing to audit the server's source yourself first.
The reason this matters is that the MCP ecosystem grew fast and most of it is unvetted. A server might look harmless on its listing and still hide a dangerous code path, a poisoned tool description, or a prompt injection waiting for an agent to read it and act on it. Canopii frames the danger bluntly in its research, noting that hundreds of servers ship confirmed dangerous code paths such as arbitrary eval, command injection, and unsafe deserialization. Without something checking, a team wiring agents up to tools has little way to tell a safe server from a risky one, and the cost of guessing wrong is an agent running attacker-controlled code inside a trusted context.
Under the hood the index continuously scans servers for tool poisoning, prompt injection, supply-chain, and credential risk, and it grades each server version rather than just the project as a whole, so a score reflects the exact build an agent would connect to instead of an average across releases. It has scored more than twelve thousand servers, with roughly 45 percent earning an A and about 8 percent landing in the D or F range, which gives a sense of how uneven the ecosystem really is. Alongside the grades it live-verifies endpoints, separating thousands of confirmed live servers from a large set it simply can't verify, and that inability to verify is treated as a signal in its own right.
For developers who want the scores inside their own workflow, Canopii exposes an API. The idea is that you can check any MCP server's security score from your own tools, whether that's a CI gate that blocks a build when a server drops below a grade, a procurement review before a vendor gets approved, or an agent allow-list that only permits servers above a certain threshold. That turns the index from a website you visit into a check you can automate and enforce, so the decision about whether a server is safe doesn't rely on someone remembering to look it up by hand.
The index is the public, free face of a larger platform. Canopii also sells an enterprise MCP control plane that governs, attributes, and audits every tool call a team's agents make, with per-user attribution that ties a call back to a specific person, searchable audit trails, policy written in plain language, and a security score on every server a team wants to enable. It can host pre-vetted servers for common tools like GitHub, Slack, Linear, Stripe, and Notion, or let a team bring its own. That side is aimed at organizations that need governance and a paper trail, and it sits behind a booked demo rather than a public price.
The audience is developers, DevOps and platform teams, and any organization rolling out AI agents that needs to know a server is safe before enabling it. Where it stands apart is the focus. Plenty of security tooling scans code or dependencies in general, but the Trust Index treats MCP servers as their own category with their own failure modes, the tool poisoning and prompt injection risks that don't show up in a normal dependency scan. It grades them continuously, so the picture stays current as servers change and republish rather than going stale after a single one-time audit. That continuous posture is the difference between a badge a project earned once and a grade that reflects the code an agent would actually pull today.
On access, the Trust Index itself is free to browse and is positioned as a research resource, so anyone can look up a server's grade without paying or signing up. The API and the enterprise control plane are the commercial side, and their pricing isn't published on the site, with enterprise inquiries routed through a demo. For a team just trying to decide whether a given MCP server is trustworthy before they let an agent connect to it, the free index is usable entirely on its own, and the deeper governance features are there for teams that need to prove control over what their agents are actually doing.
Key Features
- Letter-grade A to F security scores
- Continuous scanning per server version
- Tool-poisoning and prompt-injection detection
- Supply-chain and credential risk checks
- Live endpoint verification
- Security-score API for CI and allow-lists
Pros & Cons
What we like
- Public scores you can check before connecting an agent
- Already covers thousands of MCP servers
- Grades every server version, not just the project
- API fits CI gates, procurement, and allow-lists
Room for improvement
- Narrow focus on the MCP ecosystem
- Full platform pricing isn't published
- Enterprise features sit behind a demo
- Younger product in a very new category
Frequently Asked Questions
What is the Canopii Trust Index?
Is the Trust Index free?
Who is Canopii for?
How does the scoring work?
Best For
Featured in
Alternatives to Canopii Trust Index
View all
1Password
Password and secrets manager for individuals, families, and developer teams with strong CLI and SSH agent support.
Clerk
Drop-in authentication and user management for modern apps

Tailscale
WireGuard-based mesh VPN that connects your devices, servers, and cloud resources into one private network in minutes.

BackPedal
UK bike theft protection that sends recovery agents after your stolen bike
Reviews (10)
Two months in, no regrets
Started using Canopii Trust Index casually, now it is pinned in my dock. Their take on continuous scanning per server version is genuinely good. Support actually answered when I had a question, which surprised me. Recommending it to people in a similar spot.
Worth a look
Picked Canopii Trust Index for the price, stayed for the quality. What stands out is how it handles grades every server version, not just the project. Found it works best for vetting an mcp server before an agent connects.
Worth a look
Started using Canopii Trust Index casually, now it is pinned in my dock. It just works, day after day, without surprises. Found it works best for building an allow-list of trusted mcp servers. Would sign up again without thinking twice.
Genuinely impressed
Found Canopii Trust Index on a Show HN thread and I am glad I clicked. Got real value out of api fits ci gates, procurement, and allow-lists. Recommending it to people in a similar spot.
Finally something that fits
Hadn't planned on switching, but Canopii Trust Index was hard to ignore. What stands out is how it handles supply-chain and credential risk checks. It just works, day after day, without surprises. Found it works best for gating ci on a server's security grade. Worth it for what I get out of it.
Worth a look
Came to Canopii Trust Index after getting frustrated with what I had before. Where it really wins is live endpoint verification. No regrets so far.
Powerful once it clicks
Hadn't planned on switching, but Canopii Trust Index was hard to ignore. Where it really wins is live endpoint verification. It fits well for reviewing supply-chain risk during procurement. The catch is younger product in a very new category.
Two months in, no regrets
Canopii Trust Index solves a real problem for me without making a fuss about it. The grades every server version, not just the project is more useful than I expected. It has shaved real time off my week. It earns its place in my stack.
Pulled its weight from week one
Hadn't planned on switching, but Canopii Trust Index was hard to ignore. The core workflow is smooth once you are set up.
It just works
Came to Canopii Trust Index after getting frustrated with what I had before. The defaults are sensible, so I was not fighting settings on day one. It does what it says, which is rarer than it should be.
Related Tools
Clerk
Drop-in authentication and user management for modern apps
Doppler
Centralized secrets manager that syncs config and credentials across local dev, CI, and production environments.

Cipher & Row
Real-time carrier and broker verification for North American freight

Capsule
Send files with a short link, no accounts, optional end-to-end encryption, gone in an hour