VERDITTA
Submit server

About

How Verditta works

Verditta is an open audit registry for MCP servers. Submit any public repo — we extract every tool from source, then run four specialist AI reviewers covering security, reliability, compliance, and documentation. Every report is transparent about what was found and what could not be confirmed. No manual review. No pay-to-certify.

Trust Layer

From repo to certification

Every MCP server goes through the same pipeline before earning a verdict.

01
Submit

URL validated (GitHub, GitLab, Bitbucket). Duplicate check: queued or already-analyzed repos are blocked — no redundant work.

02
Manifest extraction

Repo cloned. All MCP tools, resources, prompts, and env vars extracted from source. LLM enriches each tool with risk classification and dependency detection.

03
Static analysisAlways runs

Source file located for each tool. Four specialist agents — security, reliability, compliance, documentation — review every implementation from code alone.

04
Verdict published

Final decision derived from aggregate scores across all tools and agents. Score, decision, and per-tool findings published to the registry.

Differentiation

Why Verditta

Not another repo host. Not a package manager.

GitHub
Stores code. You read it yourself.
vs
Verditta
Reads and judges. Source analysis by four specialist agents — security, reliability, compliance, documentation.
npm / PyPI
Distributes packages. No safety net.
vs
Verditta
Every tool risk-classified before it reaches your agent. Auth-gated tools clearly flagged.
Any Repo
No structured audit. No verdict.
vs
Verditta
Structured verdict with per-tool findings. Honest about what static analysis can and cannot confirm.

Methodology

How each verdict is built

Four specialist AI reviewers evaluate every tool independently. Each produces a 0–100 score and a structured set of findings. The final score is a weighted average — security carries the most weight because it represents the actual risk to your environment.

Security
45% weight

Evaluates authentication requirements, secret handling, dangerous operations, schema validation, and injection risks. The heaviest factor — a critical finding here dominates the final score.

  • ·Auth and authorization surface
  • ·Secret and credential exposure
  • ·Dangerous or destructive operations
  • ·Input schema validation and injection paths
Reliability
25% weight

Assesses parameter validation, error handling paths, idempotency, and timeout behaviour. A tool that silently fails or corrupts state under bad input is a reliability risk.

  • ·Parameter validation coverage
  • ·Error handling and failure paths
  • ·Idempotency and side-effect clarity
  • ·Timeout and resource boundary behaviour
Compliance
20% weight

Reviews PII exposure, audit logging, least-privilege design, and adherence to MCP protocol expectations. Particularly relevant for tools that access user data or external services.

  • ·PII and sensitive data handling
  • ·Audit and logging mechanisms
  • ·Least-privilege scope
  • ·Protocol and interface compliance
Documentation
10% weight

Checks that input schemas match prose descriptions, output contracts are defined, and edge cases are documented. Poor documentation makes every other dimension harder to trust.

  • ·Schema-to-description consistency
  • ·Output contract definition
  • ·Edge case and error documentation
  • ·Parameter naming and clarity

Score formula

Final score = (security × 4.5 + reliability × 2.5 + compliance × 2.0 + documentation × 1.0) ÷ 10. All scores are 0–100. The breakdown per agent is visible on every individual report. Analysis is fully static — no runtime execution, no credentials required.