ToolTrust
A0/100
Smithery

ic3moore-anchorregistry

mcpsmithery

@Smithery

AnchorRegistry is the open provenance layer for the agentic economy. Every digital artifact — code, research, data, models, media, agents, transactions — can be anchored to Base L2 with a permanent, machine-resolvable identifier (an AR-ID). When an AI assistant encounters an SPDX-Anchor or DAPX-Anchor tag in a README, paper, model card, or website, this MCP server lets it resolve the artifact's full provenance record in one call: who anchored it, when, what type it is, manifest hash, and whether the tree has been sealed, retracted, voided, or affirmed. This is the verify-only edition (v0.1). Three read-only, authless tools wrap the public AnchorRegistry verify endpoints. Free, no API key, no account, no rate limit beyond defaults.

By Smithery | 3 findings | Scanned 6/2/2026 | tooltrust-scanner/v0.3.13

3 Info

Risk Summary

Safe With Normal Controls

Dep Visibility is the main signal, but overall risk remains within an acceptable range.

Potential impact: This finding indicates the tool should be reviewed before it is trusted.

Recommended action: No high-risk findings were detected in this scan, but you should still apply least-privilege defaults and rescan after changes.

Suggested policy: keep this tool behind manual approval, do not allow unattended runs, and re-scan after narrowing risky permissions.

Security Findings (3)

  • InfoAS-014

    ℹ️Dependency Inventory Unavailable ×3

    Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

    ar_verify_aridar_verify_by_hashar_resolve_tree

    Fix: Review and remediate the identified issue.

Scan this tool yourself

Reproduce this audit locally, integrate into CI, or let your agent audit its own tools.

Install once, then scan any MCP server:

$ curl -sfL https://raw.githubusercontent.com/AgentSafe-AI/tooltrust-scanner/main/install.sh | bash
$ tooltrust-scanner scan --server "npx -y ic3moore-anchorregistry"

Adjust the package name if your npm registry name differs from the tool ID. View source

Add badge to your README

Copy this Markdown to show your ToolTrust grade on GitHub.

[![ToolTrust Grade A](https://raw.githubusercontent.com/AgentSafe-AI/tooltrust-directory/main/docs/badges/grade-a.svg)](https://github.com/AgentSafe-AI/tooltrust-directory)