Your AI agent needs a payment processor. It searches the web, finds an MCP server, connects, and starts sending transactions.
Who built that server? Is it signed? Has anyone reported it as malicious?
Your agent has no idea. Neither do you.
The problem
There are now thousands of MCP servers in the wild. Registries list them. Marketplaces promote them. But none of them answer the only question that matters: should your agent trust this tool?
I indexed over 1,900 sources across every major MCP registry. 99.4% are unsigned. No cryptographic identity. No verifiable author. No way to distinguish a legitimate tool from a supply chain attack.
That is the state of agent tool discovery in 2026.
AgenticSearch: trust-scored tool discovery
AgenticSearch is a search engine built for AI agents. It indexes MCP servers, agent tools, and API endpoints across the ecosystem, scores them by cryptographic trust, and surfaces warnings before your agent connects to anything.
It is not a registry. It is not a marketplace. It is a trust layer over every registry.
The key difference: results are ranked by cryptographic trust, not popularity or SEO.
Use it as an MCP server
AgenticSearch is itself an MCP server. Your agent can search for tools, check trust levels, and read warnings -- all through standard MCP tool calls.
Add this to your Claude Desktop config (claude_desktop_config.json):
{
"mcpServers": {
"agentsearch": {
"command": "npx",
"args": ["-y", "@proofxhq/agentsearch", "serve"]
}
}
}
That is it. Your agent now has three tools:
agentsearch_find
Search for MCP servers and agent tools by capability. Returns trust-scored results ranked by cryptographic trust.
> agentsearch_find({ query: "payment processing" })
3 results:
stripe-mcps [L2] SIGNED
Stripe MCP integration with AgentPass trust verification
Capabilities: payments, subscriptions, invoicing
No warnings
some-payment-api [L0] UNSIGNED
Generic payment gateway wrapper
Capabilities: payments
WARNINGS: No cryptographic identity, Unverified author
agentsearch_check
Check the trust level and warnings on a specific source before your agent connects to it.
> agentsearch_check({ sourceId: "stripe-mcps" })
stripe-mcps
Trust: L2 (80%)
Signed: true
Warnings: None
Capabilities: payments, subscriptions, invoicing
agentsearch_stats
Get index statistics -- how many sources indexed, how many signed, how many unsigned.
Trust levels
AgenticSearch uses a five-tier trust model:
| Level | Meaning |
|---|---|
| L0 | Unknown. No identity. No signature. Proceed with extreme caution. |
| L1 | Claimed. Author has registered but not proven cryptographic ownership. |
| L2 | Signed. ECDSA P-256 key pair verified. The author can prove they control this source. |
| L3 | Verified. Domain ownership or organizational identity confirmed. |
| L4 | Audited. Third-party security audit completed and on record. |
99.4% of the ecosystem sits at L0. That is the problem we are solving.
The trust model and scoring methodology are documented at agentsearch.cybersecai.co.uk/trust.
Register your MCP server
If you maintain an MCP server and want to move from L0 to L2:
npx @proofxhq/agentsearch register your-server-name
This generates an ECDSA P-256 key pair, submits a cryptographic challenge, and proves ownership. Your private key never leaves your machine.
Why this matters
The MCP ecosystem is growing fast. OWASP's MCP Top 10 lists tool poisoning and supply chain attacks as critical risks. IETF drafts are addressing agent identity and transport security. The industry knows this is a problem.
But agents are connecting to unsigned tools right now, today, in production.
AgenticSearch gives your agent the ability to check before it connects. That is a basic capability that should have existed from day one.
Links
- Search engine: agentsearch.cybersecai.co.uk
- Trust model: agentsearch.cybersecai.co.uk/trust
- npm: @proofxhq/agentsearch
- GitHub: razashariff/agentsearch-sdk
Raza Sharif
CEO, CyberSecAI Ltd
contact@agentsign.dev | cybersecai.co.uk
Top comments (0)