CertScore.ai
Open navigation menu
Developer docs

MCP server

Connect agents to the CertScore MCP server for website compliance review workflows using scan, status, finding, explanation, and latest-domain tools.

CertScore outputs are automated public-web observations for review. They are not legal advice, certification, or a compliance determination.

Install

Run the stdio server locally

CERTSCORE_API_KEY=<token> pnpm mcp:certscore

Client config

Example MCP configuration

{
  "mcpServers": {
    "certscore": {
      "command": "pnpm",
      "args": ["mcp:certscore"],
      "env": {
        "CERTSCORE_API_KEY": "<token>"
      }
    }
  }
}

Tools

Agent-facing tool surface

scan_site

Start or reuse a CertScore scan for a public URL.

get_scan

Retrieve an API v2 public-safe scan resource.

get_scan_status

Check a queued scan job or a stable API v2 scan ID.

list_findings

Return API v2 public-safe findings for handoff or review.

explain_finding

Explain one finding with evidence summaries, caveats, and next steps.

get_latest_domain_scan

Find the latest eligible public scan for a domain.

Workflow

Recommended agent sequence

1. scan_site with a public URL.
2. get_scan_status when a job is pending.
3. get_scan after a stable scanId is available.
4. list_findings for compact structured review.
5. explain_finding for evidence summaries and caveats.
6. get_latest_domain_scan when the user asks for the latest known scan.

MCP tools return compact public-safe JSON. They must not infer raw-signal findings or convert automated review signals into legal conclusions.