mintmark

mintmark

The trust layer for the MCP supply chain. mintmark fingerprints the MCP servers your AI clients use, records an approved baseline, and detects drift / rug-pulls - when a server silently changes its tool definitions after you approved it. Signing proves what code is; mintmark watches what a tool does.

Install

npm install -g mintmark
# or run without installing:
npx mintmark check

Usage

mintmark init     # discover configured servers and write an approved baseline (mcp.lock)
mintmark scan     # flag typosquatted names and prompt-injection patterns in tool metadata
mintmark check    # fail if any server has drifted from its baseline (CI-friendly exit code)

Common flags: --config <path...>, --lockfile <path>, --fail-on <none|low|medium|high>, --json.

mintmark scan --census also checks each server against the public Mintmark census (reputation/threat-intel). Opt-in; set the endpoint with --census-url or MINTMARK_CENSUS_URL (default http://localhost:8787).

What it detects (v0)

• Drift / rug-pull - added/removed tools, changed descriptions, widened schemas, scope escalation vs. the approved baseline.
• Poisoned metadata - prompt-injection patterns in tool descriptions.
• Typosquats - server names that closely resemble popular ones.

Privacy: v0 runs entirely locally. It only connects to the MCP servers you configured; it does not upload anything.