CCM
/MCP
SkillsMCPMarketplacesDigestToolsAdvertise

This week in Claude

Every Monday: Claude Code, Agent SDK, MCP, and the Anthropic platform moves worth your time.

Skills by Category
Frontend DevelopmentBackend & APIsTesting & QASecurityDevOps & CI/CDGit & Pull RequestsDocumentationCode Review & QualityAI & Agent BuildingSkill Development
MCP Servers by Category
Sales & MarketingWeb & Browser AutomationDatabasesAI & LLM ToolsCloud & InfrastructureCommunication & MessagingDeveloper ToolsDesign & CreativeDocuments & KnowledgeSearch & Web Crawling
Marketplaces by Category
AI Agents & OrchestrationLLM IntegrationDevelopment ToolsFrontend & UIBackend & APIsDatabasesTesting & Code QualityDevOps & CloudSecurity & ComplianceGit & Version Control

Claude Code Marketplaces

Discover Claude Code plugins, extensions, and tools. Automatically updated directory of Anthropic Claude AI marketplaces with development tools, productivity plugins, and integrations.

Resources

  • Browse Skills
  • Browse MCP Servers
  • Browse Marketplaces
  • Plugins Reference

Community

  • About
  • Tools
  • Feedback
  • Privacy Policy
  • Advertise

Built for the Claude Code community with Claude Code by @mertduzgun

Independent project, not affiliated with Anthropic

Trustsource

surfether/trustsourcex402
authSTDIOregistry active
Summary

Exposes a single paid endpoint that returns domain trust scores from 0 to 100, breaking down age, TLD quality, DNS presence, and registrar reputation. Uses the x402 protocol for micropayments, charging 0.003 USDC per lookup via Base network without requiring API keys or accounts. Ships with testnet support out of the box so you can wire up Claude Desktop and test the payment flow before going to mainnet. Reach for this when your agent needs to evaluate whether a domain is established and legitimate before scraping it, following links, or making decisions based on third party content. The roadmap mentions future research and skill APIs, but right now it's just trustscore.

CodeRabbit
CodeRabbit
AI writes the code. CodeRabbit catches the slop.
Try For Free →
AI notepad for back-to-back meetings
AI notepad for back-to-back meetings
Notes, actions and memory. Without a meeting bot. First month 100% off.
Download for free →
Keep your Mac awake
Keep your Mac awake
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Email for Agents: Free tier availableEmail for Agents: Free tier available
Email for Agents: Free tier available
Give your AI agent a complete email layer—sending, inbound inboxes, and sandbox testing.
Get 4K emails/month free →
Context.devContext.dev
Context.dev
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
CodeScene MCP ServerCodeScene MCP Server
CodeScene MCP Server
Your agent targets a perfect 10 Code Health score. Deterministic. Every commit.
Try For Free →
Make your agent a DeFi expert
Make your agent a DeFi expert
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
AppSignal
AppSignal
Monitor with ease. Code with confidence.
Start Free Trial →
CodeRabbit
CodeRabbit
AI writes the code. CodeRabbit catches the slop.
Try For Free →
AI notepad for back-to-back meetings
AI notepad for back-to-back meetings
Notes, actions and memory. Without a meeting bot. First month 100% off.
Download for free →
Keep your Mac awake
Keep your Mac awake
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Email for Agents: Free tier availableEmail for Agents: Free tier available
Email for Agents: Free tier available
Give your AI agent a complete email layer—sending, inbound inboxes, and sandbox testing.
Get 4K emails/month free →
Context.devContext.dev
Context.dev
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
CodeScene MCP ServerCodeScene MCP Server
CodeScene MCP Server
Your agent targets a perfect 10 Code Health score. Deterministic. Every commit.
Try For Free →
Make your agent a DeFi expert
Make your agent a DeFi expert
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
AppSignal
AppSignal
Monitor with ease. Code with confidence.
Start Free Trial →

TrustSource API

x402-powered verification APIs for AI agents — URL safety, email authentication, domain trust, SSL/TLS, security headers, robots.txt. Pay per use, no API keys, no accounts.

Quick Start

1. Install dependencies

npm install

2. Configure environment

cp .env.example .env

Open .env and set at minimum:

PAY_TO_ADDRESS=0xYourBaseWalletAddress

Leave everything else as-is to run on Base Sepolia testnet (no real money).

3. Run the server

npm run dev

You should see the startup banner at http://localhost:3000.


Testing the x402 Flow

Free endpoints (no payment needed)

curl http://localhost:3000/
curl http://localhost:3000/health

Paid endpoint — what an unpaid agent sees

curl http://localhost:3000/trustscore?domain=example.com
# Returns HTTP 402 with payment instructions in the PAYMENT-REQUIRED header

Paid endpoint — bypass payment for local dev testing

The x402 testnet facilitator at https://x402.org/facilitator accepts test payments. To fully test the payment flow, use an x402 client with a funded testnet wallet.

Get Base Sepolia testnet ETH: https://sepolia.base.org/faucet
Get testnet USDC: https://faucet.circle.com (select Base Sepolia)


Switching to Mainnet (Production)

  1. In .env, change:

    NETWORK=eip155:8453
    FACILITATOR_URL=https://api.cdp.coinbase.com/platform/v2/x402
    CDP_API_KEY_ID=your-key-id
    CDP_API_KEY_SECRET=your-key-secret
    
  2. Make sure your PAY_TO_ADDRESS Base wallet has some ETH for gas.

  3. Your endpoints auto-list in the Bazaar/Agentic.Market after the first paid call clears.


API Reference

GET /urlcheck

One composite CLEAR / REVIEW / BLOCK safety verdict on any URL, fusing domain trust, a live TLS check, and typosquat/lookalike detection.

Payment: 0.01 USDC per call (via x402)

Params:

  • ?url=https://example.com — URL to vet
  • ?domain=example.com — bare domain (alternative)

Response:

{
  "domain": "paypa1.com",
  "verdict": "BLOCK",
  "score": 12,
  "maxScore": 100,
  "reasons": ["possible lookalike of paypal.com (homoglyph_substitution, confidence 0.90)"],
  "signals": {
    "domainTrust": { "score": 12, "tier": "HIGH_RISK", "ageDays": 3, "newlyRegistered": true },
    "tls":         { "reachable": true, "valid": true, "tier": "VALID", "daysRemaining": 60 },
    "typosquat":   { "isLookalike": true, "nearestBrand": "paypal.com", "technique": "homoglyph_substitution", "confidence": 0.9 }
  },
  "meta": { "checkedAt": "...", "apiVersion": "1.0", "paidWith": "x402/USDC", "cached": false }
}

Verdicts: CLEAR (safe) · REVIEW (inspect before acting) · BLOCK (do not proceed)


GET /emailtrust

Email-authentication posture grade (SPF/DKIM/DMARC/BIMI/MX) — is this sender domain spoofable?

Payment: 0.003 USDC per call (via x402)

Params:

  • ?domain=example.com — sender domain (or user@example.com)

Response:

{
  "domain": "example.com",
  "grade": "C",
  "score": 45,
  "maxScore": 100,
  "spoofable": true,
  "spf":   { "present": true, "qualifier": "~all", "multiple": false },
  "dmarc": { "present": true, "policy": "none", "pct": 100, "rua": true },
  "dkim":  { "present": true, "selectorsFound": ["default"] },
  "bimi":  false,
  "mx":    ["mail.example.com"],
  "issues": ["dmarc_p_none_no_enforcement"],
  "meta": { "checkedAt": "...", "apiVersion": "1.0", "paidWith": "x402/USDC", "cached": false }
}

Grades: A/B = enforced, not spoofable · C/D = monitoring only, spoofable · F = no authentication


GET /trustscore

Returns a 0–100 trust score for any domain.

Payment: 0.003 USDC per call (via x402)

Params:

  • ?domain=example.com — bare domain
  • ?url=https://example.com/some/path — full URL (domain extracted)

Response:

{
  "domain": "example.com",
  "score": 80,
  "maxScore": 100,
  "tier": "TRUSTED",
  "breakdown": {
    "domainAge": 30,
    "tld": 20,
    "dnsPresence": 30,
    "registrar": 20
  },
  "details": {
    "age": { "days": 9720, "label": "established (5+ years)", "created": "...", "expires": "..." },
    "tld": ".com",
    "dns": { "hasARecord": true, "hasMxRecord": true, "mxRecords": ["mail.example.com"] },
    "registrar": "GoDaddy"
  },
  "meta": {
    "checkedAt": "2026-05-22T12:00:00.000Z",
    "apiVersion": "1.0",
    "paidWith": "x402/USDC"
  }
}

Tiers:

ScoreTier
75–100TRUSTED
50–74MODERATE
25–49CAUTION
0–24HIGH_RISK

Project Structure

trustsource/
├── src/
│   ├── server.ts          # Express app + x402 middleware, rate limiting, logging
│   ├── openapi.ts         # OpenAPI 3.1 spec served at /openapi.json
│   ├── lib/
│   │   ├── net-guard.ts   # Shared SSRF guard (private-IP checks, resolve + pin)
│   │   ├── domain.ts      # Shared domain extraction/validation
│   │   ├── cache.ts       # Shared in-memory TTL cache
│   │   ├── domain-trust.ts # Domain trust scoring (used by /trustscore + /urlcheck)
│   │   ├── tls-check.ts   # TLS handshake + cert scoring (used by /sslcheck + /urlcheck)
│   │   ├── typosquat.ts   # Lookalike/typosquat detection (used by /urlcheck)
│   │   └── mailauth.ts    # SPF/DKIM/DMARC/BIMI/MX analysis (used by /emailtrust)
│   └── routes/
│       ├── urlcheck.ts    # Composite CLEAR/REVIEW/BLOCK URL verdict
│       ├── emailtrust.ts  # Email-auth posture grade
│       ├── trustscore.ts  # WHOIS + DNS + TLD + registrar scoring
│       ├── sslcheck.ts    # Live TLS handshake + certificate scoring
│       ├── headers.ts     # HTTP security-header audit
│       └── robots.ts      # robots.txt + AI-bot policy detection
├── mcp-server/            # MCP server wrapping the six APIs as tools
├── public/                # Landing page
├── .env.example
├── .env                   # Your config (git-ignored)
├── package.json
└── tsconfig.json

Roadmap

  • TrustScore API — domain trust scoring
  • SslCheck API — TLS/SSL certificate intelligence
  • Headers API — HTTP security-header audit
  • Robots API — robots.txt + AI-bot policy detection
  • UrlCheck API — composite CLEAR/REVIEW/BLOCK URL safety verdict
  • EmailTrust API — SPF/DKIM/DMARC/BIMI/MX spoofability grade
  • OpenAPI spec at /openapi.json
  • Bazaar / Agentic.Market discovery extension
  • MCP server (trustsource-mcp) wrapping all six APIs
  • /safefetch — injection-safe content firewall (flagship)
  • /phishcheck — typosquat + Certificate-Transparency detection
  • /kyb — official-registry business-identity verification
  • ResearchOracle (reshaped) — verification / source-trust oracle
Featured
CodeRabbit
CodeRabbit
AI writes the code. CodeRabbit catches the slop.
Try For Free →
AI notepad for back-to-back meetings
AI notepad for back-to-back meetings
Notes, actions and memory. Without a meeting bot. First month 100% off.
Download for free →
Keep your Mac awake
Keep your Mac awake
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Email for Agents: Free tier availableEmail for Agents: Free tier available
Email for Agents: Free tier available
Give your AI agent a complete email layer—sending, inbound inboxes, and sandbox testing.
Get 4K emails/month free →
Context.devContext.dev
Context.dev
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
CodeScene MCP ServerCodeScene MCP Server
CodeScene MCP Server
Your agent targets a perfect 10 Code Health score. Deterministic. Every commit.
Try For Free →
Make your agent a DeFi expert
Make your agent a DeFi expert
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
AppSignal
AppSignal
Monitor with ease. Code with confidence.
Start Free Trial →

Configuration

WALLET_PRIVATE_KEY*secret

Base Mainnet wallet private key holding USDC (fees) and ETH (gas).

TRUSTSOURCE_API_URL

Override the TrustSource API base URL. Optional.

Categories
Security & Pentesting
Registryactive
Packagetrustsource-mcp
TransportSTDIO
AuthRequired
UpdatedMay 28, 2026
View on GitHub

Related Security & Pentesting MCP Servers

View all →
Exploit Intelligence Platform — CVE, Vulnerability and Exploit Database

com.exploit-intel/eip-mcp

Real-time CVE, exploit, and vulnerability intelligence for AI assistants (350K+ CVEs, 115K+ PoCs)
Semgrep

semgrep/mcp

A MCP server for using Semgrep to scan code for security vulnerabilities.
666
Pentest

dmontgomery40/pentest-mcp

NOT for educational purposes: An MCP server for professional penetration testers including STDIO/HTTP/SSE support, nmap, go/dirbuster, nikto, JtR, hashcat, wordlist building, and more.
137
Notebooklm Mcp Secure

pantheon-security/notebooklm-mcp-secure

Security-hardened NotebookLM MCP with post-quantum encryption
68
Pentest Mcp Server

cyanheads/pentest-mcp-server

Offline methodology engine for authorized penetration testing, CTF, and security research.
1
AI Firewall MCP

io.github.akhilucky/ai-firewall-mcp

Multi-agent LLM security layer detecting prompt injection and jailbreaks.