AI agents are connecting to production systems without verification. MCP servers, payment processors, enterprise APIs — all accepting agent connections on blind trust.
I built KYA (Know Your Agent). One API call. Six verification checks. Any agent, first time it shows up, no registration required.
The API
curl -X POST https://agentscores.xyz/api/verify \
-H "Content-Type: application/json" \
-d '{
"agent": "my-agent",
"github": "deployer-username",
"model": "claude-opus-4-6",
"repo": "owner/repo",
"tools": ["read_file", "write_file", "delete_record"],
"transport": "http",
"human_in_loop": false
}'
Returns overall score (0-100), risk level, and recommendation across six dimensions: deployer identity, model identification, code auditability, abuse history, permission analysis, and deployment context.
The Six Checks
1. Deployer — GitHub account age, repos, stars, activity.
GET /api/verify/deployer?github=username
2. Model — Known provider identification.
GET /api/verify/model?model=claude-opus-4-6
3. Code — Open source, licence, dependencies, maintenance.
GET /api/verify/code?repo=owner/repo&npm=package
4. Abuse — Community abuse database.
GET /api/abuse/check?agent=name
5. Permissions — Tool-by-tool risk classification.
POST /api/verify/permissions
6. Deployment — Local vs remote, human-in-loop, orchestration.
GET /api/verify/deployment?transport=http
Add to your MCP server
npm install mcp-trust-guard
const guard = new McpGuard({ abuseCheck: true });
app.use('/mcp', guard.middleware());
Why KYA
KYC verifies humans. KYA verifies AI agents. As agents make payments (Mastercard Agent Pay, March 2026) and call tools (MCP, 97M monthly downloads), someone needs to verify them. Free, open, no API key.
Docs: https://agentscores.xyz/docs
npm: https://www.npmjs.com/package/mcp-trust-guard
GitHub: https://github.com/Thezenmonster/mcp-guard
Top comments (0)