DEV Community: Anders

Nerq AI Agent Ecosystem Weekly Report for Week Ending 2026-05-11

Anders — Mon, 11 May 2026 04:00:19 +0000

Nerq AI Agent Ecosystem Weekly Report for Week Ending 2026-05-11

Summary

This week, the Nerq AI agent ecosystem continued to maintain its robust indexing capabilities, with no new agents or tools added. The total number of indexed assets remains steady, reflecting ongoing stability in the market. Key trends indicate a strong presence of established frameworks like Anthropic and OpenAI, while community and coding categories dominate the asset distribution.

This Week in Numbers

Total Agents & Tools Indexed: 259,200
Models & Datasets Indexed: 2,948,939
Total AI Assets Indexed: 4,152,725
New MCP Servers Added This Week: 0

Agent of the Week

No new agents or tools were added this week. The ecosystem remains robust with a diverse array of existing assets.

Framework Trends

The top frameworks in terms of indexed assets are Anthropic and OpenAI, each contributing significantly to the total count:

Anthropic: 7,512 assets
OpenAI: 6,333 assets

These frameworks continue to dominate the landscape, reflecting their widespread adoption and influence within the AI community.

MCP Server Growth

No new MCP servers were added this week. The current ecosystem remains stable with no significant changes in server contributions.

Trust & Compliance

The trust score distribution across agents and tools is as follows:

High: 3,176
Medium: 187,007
Low: 69,017

The average trust score is 49.7, indicating a balanced mix of high-trust and lower-trust assets in the ecosystem.

Outlook

The ongoing stability in the number of indexed assets suggests that the market for AI agents and tools remains steady. Continued focus on high-trust assets will be crucial to maintain user confidence and compliance within the ecosystem.

Originally published on nerq.ai

Nerq's AI Agent Ecosystem Weekly Report for Week Ending 2026-05-04

Anders — Mon, 04 May 2026 04:00:27 +0000

Nerq's AI Agent Ecosystem Weekly Report for Week Ending 2026-05-04

One-Paragraph Summary

This week, Nerq indexed an additional 1,514 agents and tools, bringing the total to 259,200. The ecosystem continues to grow with new additions in categories like community and infrastructure. Notable among the newcomers is "Container Use," which offers robust containerized development environments. Frameworks such as Anthropic and OpenAI remain dominant, while MCP servers continue to be a significant component of the indexed assets.

This Week in Numbers

Total Agents & Tools Indexed: 259,200
Models & Datasets Indexed: 2,948,939
Total AI Assets Indexed: 4,152,725
New MCP Servers Added This Week: 263

Agent of the Week

Container Use

Source: pulsemcp
Trust Score: 77.2
Stars: 3,687
Description: Provides containerized development environments that persist state across interactions through git-based storage and Dagger's container runtime, enabling isolated environments with custom toolchains, background services, and the ability to checkpoint environments as publishable container images.
GitHub URL

Framework Trends

The top frameworks remain largely unchanged this week:

Anthropic: 7,512 total assets
OpenAI: 6,333 total assets
Langchain: 2,680 total assets

These frameworks continue to dominate the landscape with consistent counts of indexed agents and tools.

MCP Server Growth

This week saw an increase in new MCP servers added:

New MCP Servers Added This Week: 263
Top New MCP Servers:
- Container Use (pulsemcp)
- ToolFront (pulsemcp)
- Flux GitOps (pulsemcp)
- DBHub (Universal Database Gateway) (pulsemcp)
- com.woopsocial/mcp (mcp_registry)

Trust & Compliance

The trust score distribution remains as follows:

High: 3,176
Medium: 187,007
Low: 69,017
Average Trust Score: 49.7

This indicates a mixed but generally medium to high level of trust across the indexed assets.

Outlook

The ecosystem continues to expand with new additions in various categories and frameworks. The focus on robust tools like "Container Use" suggests growing interest in containerized development environments, which is likely to drive further innovation and adoption in the AI agent space.

Originally published on nerq.ai

Nerq AI Agent Ecosystem Weekly Report for Week Ending 2026-04-27

Anders — Mon, 27 Apr 2026 04:00:24 +0000

Nerq AI Agent Ecosystem Weekly Report for Week Ending 2026-04-27

One-Paragraph Summary

This week, Nerq indexed an additional 9,441 agents and tools, bringing the total to 257,686. The ecosystem continues to grow with significant contributions from platforms like PulseMCP and AgentVerse. Key trends include a rise in community-based frameworks and a focus on cybersecurity tools. Panther Labs emerged as this week's Agent of the Week, highlighting the growing importance of security integrations.

This Week in Numbers

Total Agents & Tools Indexed: 257,686
New Agents & Tools Added: 9,441
Models & Datasets Indexed: 2,948,923
Total AI Assets Indexed: 4,151,195

Agent of the Week

Name: Panther Labs

Source: PulseMCP

Trust Score: 75.2

Stars: 42

Description: Integrates with Panther Labs' cybersecurity platform to enable security alert triage, data lake querying, detection rule management, and log source analysis for incident response and threat hunting workflows.

Link

Framework Trends

The top frameworks remain consistent, but there is a notable increase in the "community" category. Anthropic and OpenAI continue to dominate with 7,512 and 6,333 entries respectively. The community framework count has risen by 955 new additions this week.

MCP Server Growth

This week saw an addition of 553 new MCP servers, bringing the total to 4,151,195. Key new additions include:

BrowserStack: Integrates with testing infrastructure for cross-browser and mobile app verification.
Panther Labs: Enhances cybersecurity platform integration for alert triage and threat hunting.
Mobile Device Control: Enables remote control of Android and iOS devices for automated testing.

Trust & Compliance

The trust score distribution shows a balanced mix:

High: 5,127
Medium: 183,852
Low: 68,707

The average trust score is 49.9, indicating a generally high level of confidence in the indexed assets.

Outlook

The ongoing growth in community-based frameworks and cybersecurity tools suggests an increasing focus on collaborative development and enhanced security measures within the AI ecosystem.

Originally published on nerq.ai

Nerq AI Agent Ecosystem Weekly Report for Week Ending 2026-04-20

Anders — Mon, 20 Apr 2026 04:00:25 +0000

Nerq AI Agent Ecosystem Weekly Report for Week Ending 2026-04-20

One-Paragraph Summary

This week, Nerq's AI agent ecosystem continued to expand, indexing over 5,700 new agents and tools, bringing the total indexed assets to a staggering 4.1 million. Notable additions include Sourcebot, which received high trust scores from users and developers alike. Frameworks such as Anthropic and OpenAI remain dominant, while MCP servers like Sourcebot and Voice MCP are gaining traction with advanced functionalities.

This Week in Numbers

Total Agents & Tools Indexed: 248,246
Models & Datasets Indexed: 2,948,908
Total AI Assets Indexed: 4,141,740
New Agents/Tools Added This Week: 5,722

Agent of the Week

Sourcebot

Trust Score: 77.2
Stars on GitHub: 3,200
Description: Enables code search across multiple repository hosts including GitHub, GitLab, Gitea, Gerrit, and Bitbucket with advanced filtering options for exploring large codebases through natural language queries.
GitHub URL

Framework Trends

The top frameworks in the ecosystem remain Anthropic and OpenAI, each with over 7,000 indexed assets. Langchain follows closely with 2,680 entries, while MCP servers contribute 2,066 assets. Notable newcomers include Ollama and HuggingFace, both with 1,900 and 1,239 indexed assets respectively.

MCP Server Growth

This week saw the addition of 710 new MCP servers, with Sourcebot leading as a top newcomer. Other notable additions include Voice MCP, Read Website Fast, Auth0, DebuggAI, and OpenNutrition, all enhancing their respective functionalities through advanced features like code search, voice communication, and web content extraction.

Trust & Compliance

The trust score distribution remains balanced:

High: 8,355 agents
Medium: 171,827 agents
Low: 68,064 agents
Average Trust Score: 50.4

Outlook

Continued growth in the ecosystem is expected as more developers and organizations adopt AI tools and frameworks to enhance their operations and innovation capabilities.

Originally published on nerq.ai

Nerq's AI Agent Ecosystem Weekly Report for Week Ending 2026-04-13

Anders — Mon, 13 Apr 2026 04:00:28 +0000

Nerq's AI Agent Ecosystem Weekly Report for Week Ending 2026-04-13

Summary

This week, Nerq indexed an additional 6,835 agents and tools, bringing the total to 242,524. The ecosystem continues to grow with notable additions in categories such as community and infrastructure. The top newcomer is "ai.newzai.api/NewzAI," a MCP server that offers real-time news headlines across seven regions.

This Week in Numbers

Total Agents & Tools Indexed: 242,524
Models & Datasets Indexed: 2,976,947
Total AI Assets Indexed: 4,164,057
New MCP Servers Added This Week: 445

Agent of the Week

Agent Name: ai.newzai.api/NewzAI

Source: mcp_registry

Trust Score: 71.2

Description: News MCP: real-time headlines & custom news search across 7 regions. Free, just sign in with Google.

For more details, visit the GitHub repository.

Framework Trends

The framework trends remain stable this week. "openai" and "anthropic" continue to dominate with counts of 6,333 and 7,512 respectively. The "mcp" framework has a total count of 2,066.

MCP Server Growth

This week saw the addition of 445 new MCP servers, including notable entries such as:

io.github.shin1219-eng/browser-proof: Evidence-backed web verification for agents.
ai.newzai.api/NewzAI: Real-time headlines & custom news search across seven regions.

Trust & Compliance

The trust score distribution remains balanced with 50.4 as the average, but a significant portion of assets fall into the "low" category (67,791). High-trust assets total 8,836, while medium-trust assets account for 165,897.

Outlook

The ecosystem continues to expand with new additions in various categories. As more high-trust assets are indexed, the overall reliability of the AI agent ecosystem improves.

Originally published on nerq.ai

Nerq AI Agent Ecosystem Weekly Report - Week Ending 2026-04-06

Anders — Mon, 06 Apr 2026 04:00:35 +0000

Nerq AI Agent Ecosystem Weekly Report - Week Ending 2026-04-06

One-Paragraph Summary

This week, Nerq indexed an additional 10,325 new agents and tools, bringing the total to 235,689. The ecosystem continues to grow with a focus on community and coding categories, while MCP servers and trust scores provide insights into the reliability of the assets.

This Week in Numbers

Total Agents, Tools & MCP Servers Indexed: 235,689
Models & Datasets Indexed: 3,116,478
Total AI Assets Indexed: 4,338,354
New Agents/Tools Added This Week: 10,325

Agent of the Week

Name: io.github.agentndx/agentindex

Source: mcp_registry

Trust Score: 71.2

Description: Search 15K+ MCP services, A2A agents, and x402 APIs from 5 registries. Paid via x402 (USDC on Base).

URL: https://github.com/agentndx/agentndx

This week's Agent of the Week, io.github.agentndx/agentindex, offers a comprehensive search tool for MCP services and A2A agents across multiple registries. With a high trust score of 71.2, it stands out as an essential resource for users seeking diverse AI assets.

Framework Trends

Anthropic: Total 7,512, No New This Week
OpenAI: Total 6,333, No New This Week
LangChain: Total 2,680, No New This Week
MCP: Total 2,066, No New This Week
Ollama: Total 1,900, No New This Week
HuggingFace: Total 1,239, No New This Week
Autogen: Total 1,114, No New This Week
CrewAI: Total 809, No New This Week
LlamaIndex: Total 466, No New This Week
A2A: Total 191, No New This Week
Semantic Kernel: Total 166, No New This Week

The framework trends show a stable distribution with no new additions this week. Anthropic and OpenAI remain the most indexed frameworks, followed by LangChain and MCP.

MCP Server Growth

New MCP Servers Added This Week: 580 Top New MCP Servers:
io.github.agentndx/agentindex - Search 15K+ MCP services, A2A agents, and x402 APIs from 5 registries.
com.truthifi/mcp - Connects AI agents to live, verified financial data from 18,000+ institutions.
io.github.mananmodi-product/caelian - Live competitive intelligence for B2B teams.
com.tapetide/stock-research-mcp - Indian stock market research: quotes, financials, technicals, screener, FII/DII and market insights.
io.github.asume21/music-theory-mcp - Scales, chords, progressions, key detection, and genre intelligence for your AI.

This week saw a significant addition of 580 new MCP servers, with several notable entries focusing on financial data, competitive intelligence, and music theory.

Trust & Compliance

High Trust Score Assets: 8,833
Medium Trust Score Assets: 162,387
Low Trust Score Assets: 64,469
Average Trust Score: 50.5

The trust score distribution indicates a balanced ecosystem with the majority of assets falling within the medium trust category.

Outlook

Nerq continues to expand its coverage and reliability, with steady growth in community and coding categories, as well as new MCP servers enhancing the diversity of available AI assets.

Originally published on nerq.ai

AI Agent Ecosystem Weekly — 2026-03-30

Anders — Mon, 30 Mar 2026 04:00:03 +0000

AI Agent Ecosystem Weekly — 2026-03-30

The Nerq index now tracks 225,604 agents, tools, and MCP servers alongside 3,151,283 models and datasets. This week, 7,982 new entries were added to the index.

This Week in Numbers

4,414,491 total AI assets indexed
7,982 new agents and tools this week
850 new MCP servers
50.4 average trust score

Agent of the Week

SceneView (pulsemcp) — Trust Score: 73.5

3D and AR scene management framework with tools for controlling cameras, nodes, lighting, and augmented reality experiences.

Top New Agents

Name	Source	Trust	Stars
SceneView	pulsemcp	74	1137
FirstData	pulsemcp	73	144
Todoist Extended	pulsemcp	72	6
io.github.mctx-ai/example-app	mcp_registry	71	—
io.carbone/carbone-mcp	mcp_registry	71	—

Framework Trends

Framework	Total Agents	New This Week
anthropic	7,543	+0
openai	6,358	+0
langchain	2,690	+0
mcp	2,068	+0
ollama	1,907	+0
huggingface	1,244	+0
autogen	1,122	+0
crewai	813	+0

Trust Distribution

High trust (70+): 8,891
Medium trust (40-69): 153,459
Low trust (<40): 63,254

Outlook

The agent ecosystem continues to expand. MCP adoption remains strong with 850 new servers this week.

Data from the Nerq index. Generated 2026-03-30.

Originally published on nerq.ai

AI Agent Ecosystem Weekly — 2026-03-23

Anders — Mon, 23 Mar 2026 05:00:03 +0000

AI Agent Ecosystem Weekly — 2026-03-23

The Nerq index now tracks 217,622 agents, tools, and MCP servers alongside 3,151,281 models and datasets. This week, 10,171 new entries were added to the index.

This Week in Numbers

4,403,428 total AI assets indexed
10,171 new agents and tools this week
2913 new MCP servers
50.3 average trust score

Agent of the Week

Apache AGE Graph (pulsemcp) — Trust Score: 75.2

Bridges Claude with PostgreSQL databases using Apache AGE graph extension, enabling natural language execution of Cypher queries for graph operations, relationship analysis, and data visualization without complex SQL.

Top New Agents

Name	Source	Trust	Stars
Apache AGE Graph	pulsemcp	75	3
Oracle v2	pulsemcp	70	41
Pica	pulsemcp	70	11
Antseer	pulsemcp	69	10
io.emc2ai/einstein	mcp_registry	68	—

Framework Trends

Framework	Total Agents	New This Week
anthropic	7,543	+0
openai	6,358	+0
langchain	2,690	+0
mcp	2,068	+0
ollama	1,907	+0
huggingface	1,244	+0
autogen	1,122	+0
crewai	813	+0

Trust Distribution

High trust (70+): 8,881
Medium trust (40-69): 146,317
Low trust (<40): 62,424

Outlook

The agent ecosystem continues to expand. MCP adoption remains strong with 2913 new servers this week.

Data from the Nerq index. Generated 2026-03-23.

Originally published on nerq.ai

Adding Trust Score Checks to Your CI/CD Pipeline

Anders — Mon, 16 Mar 2026 12:30:37 +0000

Your CI pipeline runs linters, tests, and type checkers. But it does not tell you if the AI package someone just added to requirements.txt has a trust score of 29 and two unpatched CVEs. Adding a trust score check takes five minutes and catches problems before they reach production.

Here is how to add Nerq's preflight API to your CI/CD pipeline.

The Preflight API

Nerq exposes a simple REST endpoint for trust verification:

curl "https://nerq.ai/v1/preflight?target=langchain"

Response:

{
  "target": "langchain",
  "trust_score": 82,
  "grade": "A",
  "recommendation": "PROCEED",
  "risk_level": "low",
  "known_cves": 0,
  "license": "MIT",
  "last_commit_days_ago": 2,
  "alternatives": [],
  "response_time_ms": 12.3
}

No API key required. No authentication. The endpoint supports CORS and returns results in under 50ms for cached queries.

For multiple packages, use the batch endpoint:

curl -X POST "https://nerq.ai/v1/preflight/batch" \
  -H "Content-Type: application/json" \
  -d '{"targets": ["langchain", "openai", "sketchy-agent"]}'

The batch endpoint handles up to 50 packages per request.

GitHub Actions Integration

Here is a workflow step that checks all Python dependencies and fails if any score below a threshold:

# .github/workflows/trust-check.yml
name: Dependency Trust Check
on:
  pull_request:
    paths:
      - 'requirements*.txt'
      - 'pyproject.toml'

jobs:
  trust-check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - name: Extract dependencies
        id: deps
        run: |
          # Extract package names from requirements.txt
          PACKAGES=$(grep -v '^#' requirements.txt | sed 's/[>=<].*//' | tr '\n' ',' | sed 's/,$//')
          echo "packages=$PACKAGES" >> $GITHUB_OUTPUT

      - name: Nerq Preflight Check
        run: |
          THRESHOLD=50
          FAILED=0
          IFS=',' read -ra PKGS <<< "${{ steps.deps.outputs.packages }}"
          for pkg in "${PKGS[@]}"; do
            pkg=$(echo "$pkg" | xargs)  # trim whitespace
            [ -z "$pkg" ] && continue
            RESULT=$(curl -s "https://nerq.ai/v1/preflight?target=$pkg")
            SCORE=$(echo "$RESULT" | jq -r '.trust_score // 0')
            GRADE=$(echo "$RESULT" | jq -r '.grade // "?"')
            REC=$(echo "$RESULT" | jq -r '.recommendation // "UNKNOWN"')
            echo "$pkg: $SCORE/100 ($GRADE) — $REC"
            if [ "$SCORE" -lt "$THRESHOLD" ]; then
              echo "::error::$pkg has trust score $SCORE (below threshold $THRESHOLD)"
              FAILED=1
            fi
          done
          if [ "$FAILED" -eq 1 ]; then
            echo "::error::One or more dependencies failed the trust check."
            exit 1
          fi

This workflow runs on every PR that modifies dependency files. It extracts package names, queries the preflight API for each one, and fails the check if any score falls below the threshold.

Shell Script for Any CI System

Not on GitHub Actions? Here is a standalone script that works with any CI:

#!/bin/bash
# trust-check.sh — fail if any dependency scores below threshold
THRESHOLD=${1:-50}
FAILED=0

while IFS= read -r line; do
  pkg=$(echo "$line" | sed 's/[>=<].*//' | xargs)
  [ -z "$pkg" ] || [[ "$pkg" == \#* ]] && continue

  result=$(curl -s "https://nerq.ai/v1/preflight?target=$pkg")
  score=$(echo "$result" | jq -r '.trust_score // 0')
  grade=$(echo "$result" | jq -r '.grade // "?"')
  rec=$(echo "$result" | jq -r '.recommendation // "UNKNOWN"')

  if [ "$score" -lt "$THRESHOLD" ]; then
    echo "FAIL: $pkg — $score/100 ($grade) $rec"
    FAILED=1
  else
    echo "OK:   $pkg — $score/100 ($grade) $rec"
  fi
done < requirements.txt

exit $FAILED

Run it in any CI: bash trust-check.sh 50

npm / Node.js Variant

For package.json, extract dependencies with jq:

PACKAGES=$(jq -r '.dependencies // {} | keys[]' package.json)
for pkg in $PACKAGES; do
  curl -s "https://nerq.ai/v1/preflight?target=$pkg" | \
    jq -r '"  \(.target): \(.trust_score)/100 (\(.grade)) — \(.recommendation)"'
done

What the API Returns

Each preflight response includes:

trust_score: 0-100 composite score
grade: A+ through F
recommendation: PROCEED (score >= 60), CAUTION (40-59), DENY (below 40)
risk_level: low, medium, high
known_cves: count of known vulnerabilities
license: detected license type
alternatives: higher-scored packages in the same category (when score is low)

Try It Now

Pick a package and run the curl command. No signup, no API key:

curl "https://nerq.ai/v1/preflight?target=your-package-here"

Add the GitHub Actions step to your next PR and see what your dependency tree actually looks like from a trust perspective.

Nerq indexes 5M+ AI assets with trust scores. Available as a browser extension, VS Code extension, GitHub App, MCP Server, and API. nerq.ai

Check AI Package Trust Scores Without Leaving VS Code

Anders — Mon, 16 Mar 2026 12:30:01 +0000

I spend most of my day in VS Code. When I add a new dependency, I do not want to switch to a browser, search for the package, check its GitHub, scan for CVEs, and then come back. I want the trust signal right there in my editor.

So I built a VS Code extension that shows trust scores for AI packages and tools inline, without breaking my flow.

The Workflow Problem

Here is what adding a dependency usually looks like:

You hear about a package or an AI assistant suggests one
You add it to package.json or requirements.txt
You run npm install or pip install
Maybe you check the GitHub page. Maybe you do not.
You move on

Step 4 is where the security decision should happen, but it rarely does because it requires context-switching. By the time you have checked the repo, read the issues, and searched for CVEs, you have lost 5 minutes and your focus.

How the Extension Works

The Nerq VS Code extension adds trust scoring directly into your editor:

Inline annotations: When you open a package.json, requirements.txt, pyproject.toml, or go.mod file, the extension annotates each dependency with its trust score and grade. You see the score right next to the package name as a CodeLens annotation.

Hover details: Hover over any dependency to see the full trust breakdown — maintenance score, security flags, license type, last commit date, and recommendation (PROCEED/CAUTION/DENY).

Command palette: Run "Nerq: Check Package" from the command palette to look up any package by name. Useful when you are evaluating options before adding a dependency.

Status bar: The status bar shows a summary for the current file — how many dependencies are in each trust tier (green/amber/red).

Installation

Install from the VS Code Marketplace or from a .vsix file:

From Marketplace:

Open VS Code
Go to Extensions (Ctrl+Shift+X)
Search "Nerq Trust Score"
Click Install

From .vsix (for pre-release or offline):

Download the latest .vsix from nerq.ai/vscode
In VS Code, open the command palette (Ctrl+Shift+P)
Run "Extensions: Install from VSIX..."
Select the downloaded file

No API key needed. The extension calls the public Nerq API.

What You See

Open a requirements.txt that looks like this:

langchain==0.1.0
openai==1.12.0
sketchy-agent==0.0.3

The extension adds CodeLens annotations:

langchain==0.1.0        # Trust: 82/100 (A) PROCEED
openai==1.12.0          # Trust: 88/100 (A+) PROCEED
sketchy-agent==0.0.3    # Trust: 31/100 (D) DENY — 2 CVEs, no license

Hovering over sketchy-agent shows:

Trust Score: 31/100 (Grade: D)
Recommendation: DENY
Last commit: 14 months ago
License: None detected
Known CVEs: 2 (1 high, 1 medium)
Alternatives: crewai (78), autogen (75)

Configuration

The extension is zero-config by default, but you can customize it in VS Code settings:

{
  "nerq.threshold": 50,
  "nerq.showInline": true,
  "nerq.showStatusBar": true,
  "nerq.highlightDeny": true
}

Set nerq.threshold to control which score triggers a warning. Set nerq.highlightDeny to add a red underline to packages with a DENY recommendation.

Privacy

The extension sends only package names to nerq.ai/v1/preflight. No code, no file contents, no telemetry. Requests are cached locally for 5 minutes to minimize network calls.

Try It

Install the extension and open any dependency file. The trust scores appear automatically. If a package looks risky, hover for details and alternatives.

Nerq indexes 5M+ AI assets with trust scores. Available as a browser extension, VS Code extension, GitHub App, MCP Server, and API. nerq.ai

Building a Trust Score MCP Server for Claude and Cursor

Anders — Mon, 16 Mar 2026 12:29:25 +0000

The Model Context Protocol (MCP) lets AI assistants call external tools. Claude, Cursor, Windsurf, and other MCP-compatible clients can discover and invoke tools at runtime — which means your AI assistant can check whether a package is safe before it recommends it to you.

I built an MCP server that exposes Nerq's trust scoring engine as a set of tools any MCP client can call. Here is how to set it up and what it can do.

What MCP Is (30-Second Version)

MCP is a standard for connecting AI assistants to external data and tools. Instead of the assistant guessing or hallucinating, it calls a tool that returns real data. An MCP server exposes tools with JSON Schema inputs and returns structured results. Claude Desktop, Cursor, Windsurf, and others support it natively.

The Nerq MCP Server

The server exposes four tools:

discover_agents — Find AI agents and tools by describing what you need. Returns ranked results with trust scores.
trust_gate — Check if a specific agent or package meets a trust threshold. Returns approve/reject with the score and grade.
trust_compare — Compare two agents side-by-side on trust score, grade, and recommendation.
agent_index_stats — Get current index statistics: total assets, categories, sources.

Setup

Add Nerq to your MCP client configuration. For Claude Desktop, edit ~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "nerq": {
      "command": "python",
      "args": ["-m", "agentindex.mcp_server"]
    }
  }
}

For Cursor, add the same block to your MCP settings. For any MCP client that supports stdio transport, the config is identical.

Install the server:

pip install agentindex

Or run from source:

git clone https://github.com/nerq-ai/agentindex.git
cd agentindex
pip install -e .

Using It

Once configured, your AI assistant can call the tools directly. Here are some example interactions:

"Is langchain safe to use?"

The assistant calls trust_gate with name: "langchain" and returns:

langchain — Trust Score: 82/100 (Grade: A)
Recommendation: PROCEED
Maintenance: Active (last commit 2 days ago)
License: MIT
Known CVEs: 0

"Find me an agent for code review"

The assistant calls discover_agents with need: "code review" and returns a ranked list:

1. codex (Score: 85, Grade: A) — OpenAI code review agent
2. crewai (Score: 78, Grade: B+) — Multi-agent framework
3. aider (Score: 76, Grade: B+) — AI pair programming

"Compare autogen and crewai"

The assistant calls trust_compare with both names:

autogen: 75/100 (B+) vs crewai: 78/100 (B+)
Winner: crewai by 3 points
Both: PROCEED

Why This Matters

AI assistants recommend packages constantly. "Use this library," "install this tool," "try this agent." Without trust scoring, those recommendations are based on popularity and training data — not on current maintenance status, security posture, or license compliance.

With the Nerq MCP server, the assistant checks before it recommends. If a package has a trust score of 31 and two unpatched CVEs, the assistant knows that and can suggest alternatives.

This is especially important for agentic workflows. When an agent autonomously selects and invokes other agents, trust scoring is not optional — it is the difference between a working pipeline and a supply chain incident.

The Trust Gate Pattern

The most useful tool is trust_gate. It takes a name and an optional threshold (default 60) and returns a binary approve/reject decision. You can use this in any agentic workflow:

Agent A wants to call Agent B
Agent A calls trust_gate(name="agent-b", threshold=70)
If approved, proceed. If rejected, find an alternative.

This is the simplest form of agent-to-agent trust verification. No API keys, no complex setup — just a tool call.

Try It

Install the MCP server, add it to your Claude or Cursor config, and ask your assistant about a package. The trust data is live and covers 5M+ AI assets.

Nerq indexes 5M+ AI assets with trust scores. Available as a browser extension, VS Code extension, GitHub App, MCP Server, and API. nerq.ai

Automated Dependency Trust Reports on Every PR

Anders — Mon, 16 Mar 2026 12:28:22 +0000

Every dependency change in a pull request is a security decision. But most teams review dependency bumps by glancing at the diff in package.json or requirements.txt and clicking merge. There is no context about whether that new package is maintained, has known vulnerabilities, or even has a license.

I built a GitHub App that fixes this. Every time a PR touches a dependency file, it posts a trust report as a comment with scores, grades, and recommendations for every added or changed package.

The Problem

Your CI pipeline checks if the code compiles and if tests pass. It does not tell you that the new ai-agent-helper package you just added has a trust score of 23/100, no commits in 14 months, and two unpatched CVEs. That context matters more than whether the tests are green.

How It Works

The Nerq GitHub App watches for pull requests that modify dependency files:

package.json / package-lock.json (npm)
requirements.txt / pyproject.toml / Pipfile (Python)
go.mod (Go)
Cargo.toml (Rust)
pom.xml / build.gradle (Java)

When it detects a change, it extracts the added or modified packages, batch-queries the Nerq preflight API, and posts a PR comment with a trust report.

Example Output

Here is what the comment looks like on a PR that adds two new Python packages:

## Nerq Dependency Trust Report

| Package         | Score | Grade | Recommendation | Flags              |
|-----------------|-------|-------|-----------------|--------------------|
| langchain       |  82   |  A    | PROCEED         |                    |
| sketchy-agent   |  31   |  D    | DENY            | No license, 2 CVEs |

Summary: 1 of 2 packages flagged. Review sketchy-agent before merging.

Safer alternatives for sketchy-agent:
  → crewai (Score: 78, Grade: B+)
  → autogen (Score: 75, Grade: B+)

The report includes:

Trust score (0-100) and letter grade (A+ to F)
Recommendation: PROCEED, CAUTION, or DENY
Flags: missing license, known CVEs, abandoned maintenance, excessive permissions
Alternatives: higher-scored packages in the same category

Setup

Install the GitHub App from nerq.ai/github-app:

Click "Install" and select the repositories you want to monitor
The app requests read access to pull requests and code (to parse dependency files) and write access to PR comments
That is it — no configuration file needed. The next PR that touches a dependency file gets a trust report.

You can customize behavior with a .nerq.yml file in your repo root:

# .nerq.yml
threshold: 50          # Flag packages below this score
deny_below: 30         # Block merging below this score (requires branch protection)
ignore:
  - internal-package   # Skip specific packages
report_on:
  - added              # Only report on new packages (not updates)

Under the Hood

The app uses the Nerq batch preflight endpoint:

POST https://nerq.ai/v1/preflight/batch
Content-Type: application/json

{
  "targets": ["langchain", "sketchy-agent"],
  "caller": "github-app"
}

Each target returns a trust score, grade, recommendation, and enrichment data including known CVEs, license info, and cheaper or safer alternatives. The batch endpoint handles up to 50 packages per request, which covers most PRs.

Why Not Just Use Dependabot?

Dependabot alerts you to known CVEs in existing dependencies. It does not evaluate new packages being added. It does not tell you if a package is abandoned, unlicensed, or poorly maintained. The Nerq GitHub App complements Dependabot — it covers the gap between "no known CVE" and "actually trustworthy."

Get Started

Install the app at nerq.ai/github-app or try the API directly:

curl "https://nerq.ai/v1/preflight?target=langchain"

No API key required. Free for public repositories.

Nerq indexes 5M+ AI assets with trust scores. Available as a browser extension, VS Code extension, GitHub App, MCP Server, and API. nerq.ai