scorecard-mcp

steiza/scorecard-mcp

3.2

If you are the rightful owner of scorecard-mcp and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

The Scorecard MCP Server is an example server for the OpenSSF Scorecard, designed to provide context-informed answers to security-related questions about open-source projects.

scorecard_mcp

Install with uvx in VS Code

This is an example MCP server for OpenSSF Scorecard.

You can use it to ask questions like:

Is urllib3/urllib3 secure?

That's not an endorsement of asking a LLM with limited context if something is secure, but if users are going to ask they should get back an answer informed by context. A better phrased question would be:

What security best practices does node-semver follow?

Installation

There are several ways to install, depending on what editor you're using; see the installation instructions on the example fetch MCP server.

I recommend using:

...
    "command": "uxv",
    "args": ["scorecard-mcp"]
...

So if you're using Visual Studio Code you'd create a .vscode/ directory in your project and add a mcp.json file that looks like this:

{
    "servers": {
        "scorecard": {
            "type": "stdio",
            "command": "uvx",
            "args": ["scorecard-mcp"]
        }
    }
}