Trust Data

Query community trust scores, run security scans, and contribute anonymized findings to the OpenA2A trust registry.

Overview

The OpenA2A trust registry is a community-driven database of security scan results, trust scores, and known advisories for MCP servers, A2A agents, and AI tools. You can query trust data before installing a package, run scans that contribute back to the community, and verify package integrity.

Query Trust Data

Check a single package
npx ai-trust check server-filesystem
Audit all dependencies
npx ai-trust audit package.json --min-trust 3
Batch lookup
npx ai-trust batch express lodash chalk --min-trust 2

You can also query trust data through the OpenA2A CLI with the --registry flag:

Enrich scan results with community trust data
opena2a detect --registry
Direct registry lookup via CLI
opena2a registry express

Trust Levels

LevelLabelMeaning
0BlockedPackage is blocked due to security concerns
1WarningPackage has known issues or advisories
2ListedPackage is listed but not yet scanned
3ScannedPackage has been scanned by HackMyAgent
4VerifiedPackage is verified by the publisher

Contribute Scan Results

When you scan packages locally, you can contribute anonymized results back to the community registry. This helps other developers make informed decisions about the tools they install.

Register your tool with scan results
opena2a self-register
Submit behavioral baselines
opena2a baselines --package your-mcp-server
Claim ownership of a discovered agent
opena2a claim your-agent-name

Verify Package Integrity

SHA-256 hash comparison and signature verification
opena2a verify express
Query trust profile for a package
opena2a trust express

For the full ai-trust CLI reference and installation guide, see the ai-trust tool page.