I added agent verification to my MCP server in 3 minutes. Here's the before and after.

#tutorial #mcp #security #ai

I run an MCP server that exposes tools to AI agents. Last week I checked my logs. Agents I'd never heard of were calling my tools. No identity. No verification. Just raw JSON-RPC requests from unknown callers.

This is normal for MCP servers. The protocol has no built-in security. 10,000+ servers in production, and most accept connections from anything.

I fixed mine. Here's what changed.

Before

app.use(express.json());
app.post('/mcp', mcpHandler);

Any agent calls any tool. No questions asked.

After

import { McpGuard } from 'mcp-trust-guard';

const guard = new McpGuard({
  abuseCheck: true,
  rateLimit: { window: 60, max: 30 },
  rules: [
    { minTrust: 0,  tools: ['get_*', 'read_*'] },
    { minTrust: 30, tools: ['create_*', 'update_*'] },
    { minTrust: 60, tools: ['delete_*', 'execute_*'] },
  ],
  audit: true,
});

app.use(express.json());
app.use('/mcp', guard.middleware());
app.post('/mcp', mcpHandler);

Now every tools/call request goes through four checks before the tool executes:

Abuse database — is this agent known to be malicious?
Rate limit — is this caller flooding my server?
Trust score — does this agent have enough reputation for this tool?
Audit log — record who called what, when, and whether it was allowed

The first thing I saw in the logs after enabling it:

[mcp-guard] ALLOW known-agent → get_data (score: 42, band: MODERATE TRUST)
[mcp-guard] DENY  unknown-bot → delete_records (score: 0, band: ANONYMOUS)

An unknown agent was trying to call delete_records on my server. It had been doing it for days. I never knew.

The abuse database is the part that surprised me

When I enabled abuseCheck: true, the middleware started checking every caller against a community database. Turns out someone had already scanned the MCP ecosystem and flagged a package with a suspicious preinstall script. That finding was automatically in the database. My server knew about it before I did.

The database is free and open. Anyone can check, anyone can report:

# Check an agent
curl https://agentscores.xyz/api/abuse/check?agent=some-agent

# Report a bad one
curl -X POST https://agentscores.xyz/api/abuse/report \
  -H "Content-Type: application/json" \
  -d '{"agent_identifier":"bad-agent","reason":"data_exfiltration","evidence":"what happened"}'

Every report protects every server using the middleware. That's the network effect — the more people use it, the safer everyone gets.

I also scanned my own dependencies

Before I secured runtime access, I wanted to make sure my own packages were clean. The KYA scanner checks npm packages for install scripts, prompt injection in metadata, suspicious URLs, and dependency issues:

curl https://agentscores.xyz/api/scan?npm=my-mcp-server

Or use the visual scanner: agentscores.xyz/scan — type a package name, get a score and findings.

They scanned 195 MCP packages. 64% clean, 4% with install scripts, one flagged for modifying npm registry config in a preinstall hook. That's a real supply chain attack vector.

The full verification if you want it

Beyond the middleware, there's a full agent verification API. Six checks in one call:

curl -X POST https://agentscores.xyz/api/verify \
  -H "Content-Type: application/json" \
  -d '{"agent":"name","github":"deployer","model":"claude","tools":["read_file"],"transport":"http"}'

Returns: deployer identity (GitHub history), model identification, code auditability, abuse status, permission risk, and deployment context. Useful when your server needs to decide whether to trust an agent for a high-stakes operation.