hvtracker-mcp 0.1.1

MCP server for HVTracker trust checks.

HVTracker MCP

MCP server for checking supply-chain trust before connecting to AI agents, frameworks, or MCP servers.

The hosted remote server is:

{
  "mcpServers": {
    "hvtracker": {
      "url": "https://hvtracker.net/mcp"
    }
  }
}

This repository also provides a local stdio package for clients that prefer package-based installation.

Tools

• verify_mcp_server: pre-connect trust verdict for an MCP server, package, GitHub repo, or agent name.
• check_agent_trust: compact trust profile for a tracked AI agent or framework.
• search_agents: search the HVTracker registry by name, repo, description, or category.

Local Install

With npm:

npm install -g hvtracker-mcp

With PyPI:

python3 -m pip install hvtracker-mcp

Example MCP client config:

{
  "mcpServers": {
    "hvtracker": {
      "command": "hvtracker-mcp"
    }
  }
}

Development

python3 -m pip install -e ".[dev]"
python3 -m pytest
hvtracker-mcp

Use a different HVTracker base URL while testing:

HVTRACKER_BASE_URL=http://localhost:8080 hvtracker-mcp

Registry Publishing

The official MCP Registry manifest is server.json.

mcp-publisher login github
mcp-publisher publish

In GitHub Actions, run the "Publish MCP Registry" workflow after the npm, PyPI, and GHCR packages for the same version are live.

The server name is:

io.github.YugantM/hvtracker-mcp

Claude Desktop Extension

Tagged releases build an .mcpb bundle for Claude Desktop from manifest.json. To build it locally:

npm ci --omit=dev
npx @anthropic-ai/mcpb@2.1.2 pack

Privacy

HVTracker MCP sends the user-supplied search string or server identifier to https://hvtracker.net to fetch public trust data. It does not require an API key and does not write to user systems. See the HVTracker site for current data and methodology, and see PRIVACY.md for the repository privacy note.