DEV Community

Cyber Craft
Cyber Craft

Posted on

How to Add Trust Verification to Your AI Agent in 60 Seconds

#agents #ai #mcp #security

Add One Line to Your MCP Config and Your Agent Will Verify Every Server Before Connecting

MCP servers are the new API layer for AI agents. Your agent connects to them, calls their tools, and trusts the results. But how do you know the server is safe?

Most agents don't check. They connect to whatever server the user points them at — even if that server is running malicious tools, stealing credentials, or poisoning tool descriptions with hidden instructions.

CraftedTrust fixes this with one line of config.

The Setup

Add CraftedTrust to your agent's MCP server configuration:

{
  "mcpServers": {
    "craftedtrust": {
      "url": "https://mcp.craftedtrust.com/api/v1/mcp",
      "description": "Check trust scores before connecting to MCP servers"
    }
  }
}
Enter fullscreen mode Exit fullscreen mode

This works with Claude Desktop, Cursor, Windsurf, and any MCP-compatible client. Your agent now has access to 6 tools:

Tool What it does
check_trust Look up trust score (0-100), grade (A-F), 12-factor breakdown
scan_server Trigger a live security scan
search_registry Search 4,200+ indexed MCP servers
get_stats Ecosystem statistics
pay_for_certification Initiate USDC certification payment
verify_payment Verify on-chain payment

The Pattern: Trust-Gated Connections

Before your agent connects to any new MCP server, make it check CraftedTrust first:

# Your agent needs to connect to mcp.example.com
result = call_tool("craftedtrust", "check_trust", {
    "server_url": "https://mcp.example.com/mcp"
})

if result["grade"] in ("D", "F"):
    return f"Refused: {result['url']} scored {result['grade']} ({result['score']}/100)"

# Safe to connect
connect_to_server("https://mcp.example.com/mcp")
Enter fullscreen mode Exit fullscreen mode

That's it. Three lines of logic and your agent won't connect to dangerous servers.

What Gets Checked

CraftedTrust scores every server across 12 security categories aligned with the CoSAI (Coalition for Secure AI) framework:

  • Identity & Auth — Does the server properly authenticate callers?
  • Permission Scope — Are permissions narrowly scoped?
  • Transport Security — TLS, HSTS, certificate validation
  • Tool Integrity — Hidden instructions, tool poisoning, rug-pull detection
  • Input Validation — Schema validation, injection resistance
  • Data Protection — PII exposure, data flow analysis
  • Network Behavior — Undeclared outbound connections
  • Supply Chain — Dependency hygiene, known CVEs
  • And 4 more categories...

Each category contributes to a score out of 100. Scores map to grades:

Grade Score Your agent should...
A 90-100 Connect confidently
B 75-89 Connect normally
C 60-74 Connect with caution
D 40-59 Refuse or warn the user
F 0-39 Never connect

Working Examples

We published reference implementations in Python and TypeScript:

Python (LangGraph)

def check_trust_node(state):
    trust = trust_gated_connect(state["target_server"])
    return {
        **state,
        "trust_check": trust,
        "action": "connect" if trust["allowed"] else "refuse",
    }
Enter fullscreen mode Exit fullscreen mode

TypeScript

const gate = await trustGatedConnect(serverUrl);
if (!gate.allowed) {
  console.log(`Refused: ${gate.reason}`);
  return;
}
// Safe to proceed
Enter fullscreen mode Exit fullscreen mode

Full working examples: github.com/cybercraftsolutionsllc/trust-gated-agent-example

Why This Matters

The MCP ecosystem is growing fast. There are over 4,200 servers indexed in CraftedTrust's registry. Some are well-built. Some have critical security issues. Some are actively malicious.

Without trust verification, your agent is one bad MCP server away from:

  • Credential theft — Tools that harvest API keys, passwords, seed phrases
  • Tool poisoning — Hidden instructions in tool descriptions that manipulate agent behavior
  • Data exfiltration — Undeclared outbound connections sending your data to unknown endpoints
  • SSRF attacks — Tools that probe internal networks through your agent

CraftedTrust catches all of these. The 12-factor assessment runs automatically and scores are available via a single MCP tool call.

Compliance Built In

CraftedTrust assessments map to major compliance frameworks:

  • CoSAI — Coalition for Secure AI threat categories
  • OWASP Top 10 — For agentic applications
  • EU AI Act — Articles 9-15 (high-risk AI requirements)
  • NIST AI RMF — Govern, Map, Measure, Manage
  • AIUC-1 — The first AI agent security standard

If you're building agents for enterprise, these mappings matter.

Get Started

  1. Add the MCP config above to your agent
  2. Call check_trust before connecting to any new server
  3. Gate on grade D/F

That's the "SSL for agents" pattern. One line of config, three lines of logic.

Full API docs: mcp.craftedtrust.com/api-docs.html

Built by Cyber Craft Solutions LLC. CraftedTrust is the security trust layer for the MCP ecosystem.

Top comments (0)