# MCP-Scorecard > Deterministic CI scanner and surface-risk scoring for MCP (Model Context Protocol) servers. - **URL**: https://www.freshcrate.ai/projects/MCP-Scorecard - **Author**: aak204 - **Category**: MCP Servers - **Latest version**: `v1.0.0` (2026-04-09) - **License**: Apache-2.0 - **Source**: https://github.com/aak204/MCP-Scorecard - **Language**: Python - **GitHub**: 28 stars, 3 forks - **Registry**: github - **Tags**: `agentic-ai`, `ci-cd`, `devsecops`, `llm-agents`, `mcp`, `model-context-protocol`, `python`, `security` ## Description Deterministic CI scanner and surface-risk scoring for MCP (Model Context Protocol) servers. ## Recent releases | Version | Date | Urgency | Changes | | --- | --- | --- | --- | | `v1.0.0` | 2026-04-09 | High | # MCP Scorecard v1.0.0 `v1.0.0` is the first stable release of `MCP Scorecard`. This release takes the existing deterministic scanner and hardens it into a release-grade CI-first scorecard for MCP servers. The core philosophy stays the same: local discovery, deterministic checks, stable scoring, and machine-readable output. What changes in `v1.0.0` is the contract quality, naming consistency, and release surface. ## Highlights - stable V1 JSON scorecard report contract - explicit | | `v0.5.0` | 2026-03-31 | Medium | # MCP Trust Kit v0.5.0 `v0.5.0` is a narrow integration-driven release. The scanner contract from `v0.4.0` stays intentionally stable: local `stdio` discovery, deterministic rules, predictable scoring, terminal summary, JSON, SARIF, and GitHub Actions. The main reason for `v0.5.0` is to make Layer 1 baseline output easier to consume by downstream systems that care about scan freshness and temporal decay. ## Highlights - explicit `scan_timestamp` field in JSON output - matching times | | `v0.4.0` | 2026-03-29 | Medium | # MCP Trust Kit v0.4.0 `v0.4.0` is the first practically useful public release of `MCP Trust Kit`. This release keeps the product intentionally narrow: local `stdio` MCP discovery, deterministic rules, predictable scoring, terminal summary, JSON, SARIF, and GitHub Actions. The main change is not "more features for the sake of it". The main change is that the score now behaves more like a review signal and less like a demo number. ## Highlights - deterministic surface-risk scoring | ## Dependency audit - **Score**: 80/100 - **Total deps**: 3 - **Resolved**: 0 - **Unresolved**: 3 - **License conflicts**: 0 - **Warnings**: 0 - **Scanned**: 2026-05-04 ## Citation - HTML: https://www.freshcrate.ai/projects/MCP-Scorecard - Markdown: https://www.freshcrate.ai/projects/MCP-Scorecard.md - Dependencies JSON: https://www.freshcrate.ai/api/projects/MCP-Scorecard/deps _Generated by freshcrate.ai. Indexes github releases for AI-agent ecosystem packages._