Security intelligence for MCP trust decisions.
CraftedTrust helps buyers evaluate MCP servers, helps publishers prove what is true, and publishes research that supports both.
What this is
CraftedTrust is not the registry of record. It is a security overlay for the MCP ecosystem.
The public product is intentionally narrow: registry evaluation, publisher verification, and MCP-specific research through Touchstone.
How the public product stays simple
Everything public fits into one of three jobs.
Registry overlay
Search servers, compare trust signals, inspect scan coverage, and review linked research before connecting.
Publisher workflow
Run a free public scan, fix issues, use guided review when needed, and apply for certification only when the evidence needs to go deeper.
Touchstone
Read advisories, disclosure updates, and the check reference behind registry findings and deeper publisher reviews.
Who builds this
CraftedTrust is built by Jeremy Kenitz, founder and operator of CraftedTrust and Cyber Craft Solutions LLC.
His background is hands-on: cybersecurity engineering, application and AI security, compliance and risk work, and building systems that have to be explainable to real buyers and operators. He leads product direction, methodology, and disclosure work behind CraftedTrust.
Paid review does not buy a higher score
- Paid review pays for review work, not for a passing result.
- Certification is earned. It is not guaranteed.
- Research and public findings can still be published when warranted.
Trust signals support judgment
- Scores are point-in-time assessments based on available evidence.
- Coverage depth changes confidence, and some environments remain partially observable.
- Buyers still need to decide whether a server fits their own risk tolerance and workflow.