Is the trustmcp MCP server actively maintained?

The trustmcp MCP server was last committed today and has 1 contributor. Issue health: 98% of issues resolved. AgentRank freshness score reflects real-time maintenance activity.

trustmcp MCP Server

Name: Gujiassh/trustmcp
Rating: 4.0 (1 reviews)
Author: Gujiassh

Gujiassh/trustmcp

Score: 74.1 Rank #2 MCP Server

Are you the maintainer of Gujiassh/trustmcp? Claim this listing →

CLI and GitHub Action for static security scanning of JavaScript/TypeScript Model Context Protocol (MCP) server repositories.

Add AgentRank to Claude Code Discover and compare tools like Gujiassh/trustmcp — your AI finds the right one automatically

Get API Access →

claude mcp add agentrank -- npx -y agentrank-mcp-server

Overview

Gujiassh/trustmcp is a TypeScript MCP server licensed under MIT. CLI and GitHub Action for static security scanning of JavaScript/TypeScript Model Context Protocol (MCP) server repositories. Topics: ai-security, cli, developer-tools, mcp, model-context-protocol, security, static-analysis, typescript.

Ranked #2 out of 124 indexed tools.

In the top 2% of all indexed tools.

Actively maintained with commits in the last week.

Ecosystem

TypeScript MIT

ai-securityclideveloper-toolsmcpmodel-context-protocolsecuritystatic-analysistypescript

Score Breakdown

Stars 15% 1

1 stars → early stage

Freshness 25% today

Last commit today → actively maintained

Issue Health 25% 98%

40/41 issues closed → responsive maintainer

Contributors 10% 1

1 contributor → solo project

Dependents 25% 0

No dependents → no downstream usage

npm Downloads N/A

PyPI Downloads N/A

Forks 0

Description Good

License MIT

Weights: Freshness 25% · Issue Health 25% · Dependents 25% · Stars 15% · Contributors 10% · How we score →

How to Improve

Description low impact

Expand your description to 150+ characters for better discoverability

Contributors medium impact

Single-contributor projects carry bus-factor risk — welcoming contributors boosts confidence

Dependents medium impact

No downstream dependents detected yet — adoption by other projects is the strongest trust signal

Badge all embed codes →

Markdown

[![AgentRank](https://agentrank-ai.com/api/badge/tool/Gujiassh--trustmcp)](https://agentrank-ai.com/tool/Gujiassh--trustmcp/?utm_source=badge&utm_medium=readme&utm_campaign=agentrank_badge)

HTML

<a href="https://agentrank-ai.com/tool/Gujiassh--trustmcp/?utm_source=badge&utm_medium=readme&utm_campaign=agentrank_badge"><img src="https://agentrank-ai.com/api/badge/tool/Gujiassh--trustmcp" alt="AgentRank"></a>

Embed Widget docs →

HTML

<script src="https://agentrank-ai.com/embed.js" data-tool="Gujiassh/trustmcp"></script>

Details

Stars: 1
Forks: 0
Open Issues: 1
Closed Issues: 40
Contributors: 1
Dependents: —
Language: TypeScript
License: MIT
Last Commit: today

Matched Queries

"mcp server""mcp-server""model context protocol""model-context-protocol"

From the README

# TrustMCP — MCP server security scanner for JavaScript and TypeScript

> CLI and GitHub Action for static security scanning of Model Context Protocol (MCP) server repositories.

TrustMCP is an MCP server security scanner for JavaScript and TypeScript repositories. It works as both a CLI and a GitHub Action, and it flags risky MCP server capabilities before you run unknown code locally or wire it into CI.

If `npm audit` is the mental model that brought you here, keep the comparison specific: TrustMCP scans source code for risky MCP server capabilities, not dependency CVEs. Unlike a sandbox, it does **not** execute the server.

If you want the fuller comparison, check out [What TrustMCP scans, and how it differs from npm audit](./docs/what-trustmcp-scans.md).

Canonical repository: https://github.com/Gujiassh/trustmcp

Release history: [CHANGELOG.md](./CHANGELOG.md)

## Install and release readiness

TrustMCP is usable today from source checkout and local build. It is **not published t

Read full README on GitHub →