Read the rules.
Audit the math.
Every weight, every engine, every CVSS bucket — published in the open. If you can't reproduce the score on your own machine, it doesn't count as a verdict.
Overview
MCPAmpel is a trust-light for the Model Context Protocol ecosystem. It runs sixteen scanners against any MCP server and produces one number — and a green, amber, or red light. These docs explain what's measured, how, and how to integrate the results into your workflow.
How scoring works
Sixteen sub-scores, fixed published weights, one nonlinearity (a critical CVE floors the result). Read the math.
Read →~7 min 02 · MethodologyEngine catalog
What each of the sixteen engines tests, its weight, its rule set, and where to read its source.
Browse →16 engines 03 · IntegrationEmbed the badge
Drop a live trust-light SVG into your README. Updates on every push. Cached for 60s; signed by Sigstore.
Copy snippet →~2 min 04 · IntegrationGitHub Action
Block PRs on score regressions. Post the diff as a sticky comment. Fail the build below your floor.
Install →~5 min 05 · IntegrationWebhooks
POST on score change, alert fire, or scheduled rescan. HMAC-signed payloads, retries with backoff.
Configure →~6 min 06 · ComplianceNIS2 mapping
Which engine evidence maps to which Article 21 control. PDF report exporter included.
Read mapping →~10 min