DEV Community

Michael Kayode Onyekwere
Michael Kayode Onyekwere

Posted on

AGENTSCORE-2026-0001: `@agenttrust/mcp-server` risk change detected

#security #mcp #npm #supplychain

@agenttrust/mcp-server updated from 1.1.1 to 1.2.0. Score changed 95/100 to 85/100 (-10). Risk: LOW to LOW. 2 findings.

Package

  • Name: @agenttrust/mcp-server
  • Version: 1.1.1 to 1.2.0
  • Score: 95/100 to 85/100
  • Risk: LOW to LOW

Findings

  • [MEDIUM] no_repository: Package has no repository link — source code is not verifiable
  • [LOW] no_provenance: Package is not published with provenance attestations or trusted publishing. Published by: agenttrust

Full advisory: AGENTSCORE-2026-0001

Verdict API: curl https://agentscores.xyz/api/verdict?npm=%40agenttrust%2Fmcp-server

Auto-published by AgentScore MCP security monitoring.

Top comments (0)