← Index

io.github.vouch-protocol/vouch-mcp

io.github.vouch-protocol/vouch-mcp·v2.0.1·Other

Sign and verify W3C Verifiable Credentials so AI agents can cryptographically authorize actions.

Trust verdict · v1 advisory · method
NOT YET SCREENEDno verdict on file

Verdict not yet evaluated for this tool. The semantic screen takes adversarial cases first; coverage rolls out as the corpus expands (15/150 labels to graduation). The deterministic conformance probe is built but has not yet run on the public corpus, so a recorded verdict here is REVIEW or UNVERIFIED, never a clearing ALLOW. Until a verdict is recorded, an agent should treat this tool as not-yet-cleared and fall back to its own checks. Method: the eval, four-state verdict, honest limits.

Own this server? Screen its description →

Environment variables
VOUCH_PRIVATE_KEY
requiredsecret

The agent's signing key as a JWK JSON string, held only in this server process.

VOUCH_DID
required

The agent's DID, e.g. did:web:agent.example.com

VOUCH_MCP_TRANSPORT

Transport to serve: 'stdio' (default), 'http' (Streamable HTTP), or 'sse'.

VOUCH_MCP_HOST

Bind host when VOUCH_MCP_TRANSPORT=http (default 127.0.0.1).

VOUCH_MCP_PORT

Bind port when VOUCH_MCP_TRANSPORT=http (default 8080).

MCP quality score · maturity, not trust · methodology
freshness
25
completeness
10
installability
25
documentation
15
stability
10
Alternatives in Other