Install

Check every AI tool before you connect. Pick the path that fits how you work.

OpenClaw

Install as an OpenClaw skill

One command, no config, no Python required. Your agent will automatically check every AI tool against the registry before installing it.

clawhub install pestafford/credence

Now you can check any tool on demand:

# Use the slash command
/credence modelcontextprotocol/servers/filesystem

# Or just ask
"Check the trust score for owner/mcp-server before we install it"

The skill queries the public Credence registry. No API key, no account, no setup beyond the install command.

Make checks automatic

The install gives you the skill, but your agent won't use it by default. Add a standing instruction so it checks every tool before installing:

Before installing or connecting to any AI tool, use credence_check_server to verify its trust status. Do not proceed if the tool is not attested or has a score below 70.

Where this goes depends on your client: TOOLS.md for OpenClaw, CLAUDE.md for Claude Code, .cursorrules for Cursor.

MCP Server

Add Credence as an MCP server

Add Credence directly to your AI client. It gives your agent trust-checking tools through the MCP protocol.

First, install the package:

pip install git+https://github.com/pestafford/credence-registry.git#subdirectory=mcp-server

Then add it to your client's config so it loads on startup:

Claude Desktop

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "credence": {
      "command": "python3",
      "args": ["-m", "credence_mcp.server"]
    }
  }
}

Claude Code

claude mcp add credence -- python3 -m credence_mcp.server

Works with any MCP client: Cursor, Windsurf, Cline, or anything that supports stdio transport.

Make checks automatic

The config above makes Credence available to your agent, but it won't use it unless you ask. Add a standing instruction so it checks every tool before installing:

Before installing or connecting to any AI tool, use credence_check_server to verify its trust status. Do not proceed if the tool is not attested or has a score below 70.

Where this goes depends on your client: TOOLS.md for OpenClaw, CLAUDE.md for Claude Code, .cursorrules for Cursor.

Want the full CLI, CI integration, and system service setup? Switch to the developer guide.

OpenClaw

Install as a skill

If your team uses OpenClaw, Credence is available as a skill. No Python dependency, no MCP config — the skill queries the public registry via curl.

clawhub install pestafford/credence

The skill runs automatically on tool installs. Manual invocation:

# Slash command
/credence modelcontextprotocol/servers/filesystem

# Natural language
"Check the trust score for owner/mcp-server before we install it"
Install

pip install

Requires Python 3.10+. Installs the credence CLI and the MCP server module.

pip install git+https://github.com/pestafford/credence-registry.git#subdirectory=mcp-server

After install, credence is available on your PATH and python3 -m credence_mcp.server starts the MCP server.

MCP Server

Add Credence to your AI agent

Credence runs as an MCP server so your AI agent can check trust status before connecting to unknown tools.

Claude Desktop

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "credence": {
      "command": "python3",
      "args": ["-m", "credence_mcp.server"]
    }
  }
}

Claude Code

claude mcp add credence -- python3 -m credence_mcp.server

Other MCP clients

Any MCP client that supports stdio transport can run Credence:

# stdio transport (default)
python3 -m credence_mcp.server

# HTTP transport
python3 -m credence_mcp.server --transport http --port 8400

Available tools

credence_check_server

Check whether an AI tool has a Credence attestation and what its trust status is. Use this before installing or connecting to a tool you haven't used before.

credence_verify_hash

Verify a local source hash against the attestation on record. Confirms the code you have matches the code that was scanned.

credence_hash_local

Compute a Merkle tree hash of a local directory. Use this to get a hash you can compare against the attestation.

credence_list_servers

List all attested tools in the registry, with optional minimum score filter.

credence_audit_config

Audit all tools in your MCP client config. Checks each one against the registry and reports any that are unattested, flagged, or rejected.

CLI

Command reference

All commands accept tool identifiers in these formats: https://github.com/owner/repo, owner/repo, or the tool name from the registry.

# Check trust status of a tool
credence check <server>

# Hash local code and verify against attestation
credence verify <server> [--path .]

# List all attested tools
credence list [--min-score N]

# Audit all tools in your MCP client config
credence audit [--config PATH]

# Gate an install on a trust check
credence guard <server> [-- cmd]

# Watch config for changes, alert on unattested tools
credence watch [--config PATH]

Examples

# Check by GitHub URL
$ credence check https://github.com/owner/mcp-server

# Check by shorthand
$ credence check owner/mcp-server

# Verify local clone matches attestation
$ credence verify owner/mcp-server --path ./my-local-clone

# List tools scoring 70+
$ credence list --min-score 70

# Audit your Claude Desktop config
$ credence audit

# Audit a custom config path
$ credence audit --config ~/custom/claude_desktop_config.json

# Only install if trusted
$ credence guard owner/mcp-server -- claude mcp add my-server

Exit codes

Code Meaning
0 Attested, safe to install
1 Not attested or error
2 Attested but flagged — review recommended
3 Rejected or hash mismatch — do not install
4 Audit found unattested or flagged tools
CI / Scripting

Automate trust checks

Use credence guard and exit codes to gate installs in CI pipelines, shell scripts, and orchestration tools.

Guard an install

credence guard checks trust status first. If the tool is attested and not rejected, it runs the command after --. Otherwise it exits without running anything.

# Only install if the tool is attested
credence guard modelcontextprotocol/servers/filesystem -- claude mcp add filesystem-server

Shell script with exit codes

#!/bin/bash
credence check owner/mcp-server
status=$?

if [ $status -eq 0 ]; then
  echo "Trusted — installing"
  claude mcp add my-server -- python3 -m my_server
elif [ $status -eq 2 ]; then
  echo "Flagged — review before installing"
  exit 1
else
  echo "Not attested or rejected — skipping"
  exit 1
fi

Exit codes are stable and intended for programmatic use. See the exit codes table above.

Persistent Protection

Always-on trust checks

Configure Credence once so every new AI tool gets checked automatically — across reboots, new terminals, and new projects.

Standing instruction (AI agent users)

Add a standing instruction to your client's system prompt or project instructions:

Before installing or connecting to any AI tool,
use credence_check_server to verify its trust status.
Do not proceed if the tool is not attested or has a score below 70.

Where this goes depends on your client: TOOLS.md for OpenClaw, CLAUDE.md for Claude Code, .cursorrules for Cursor. Adjust the score threshold to your risk tolerance.

Shell function (CLI users)

Add to your shell profile so mcp-install is always available. The first argument is the tool identifier; everything after is the install command that runs only if the tool is attested.

# Add to ~/.bashrc or ~/.zshrc
mcp-install() {
  credence guard "$1" -- "${@:2}"
}

# Usage
mcp-install owner/mcp-server npm install @owner/mcp-server
mcp-install owner/mcp-server pip install mcp-server

Background watcher (system service)

Run credence watch as a system service so it starts on boot and monitors your MCP client config file for changes. Alerts you when a new unattested tool appears.

macOS (launchd)

# ~/Library/LaunchAgents/com.credence.watch.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
  "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>Label</key>
  <string>com.credence.watch</string>
  <key>ProgramArguments</key>
  <array>
    <string>credence</string>
    <string>watch</string>
  </array>
  <key>RunAtLoad</key><true/>
  <key>KeepAlive</key><true/>
  <key>StandardOutPath</key>
  <string>/tmp/credence-watch.log</string>
  <key>StandardErrorPath</key>
  <string>/tmp/credence-watch.log</string>
</dict>
</plist>

# Load
launchctl load ~/Library/LaunchAgents/com.credence.watch.plist

Linux (systemd)

# ~/.config/systemd/user/credence-watch.service
[Unit]
Description=Credence MCP config watcher
After=network.target

[Service]
ExecStart=credence watch
Restart=on-failure
RestartSec=10

[Install]
WantedBy=default.target

# Enable and start
systemctl --user daemon-reload
systemctl --user enable --now credence-watch
Configuration

Environment & config

Environment variables

Variable Default Description
CREDENCE_CACHE_TTL 300 Registry cache lifetime in seconds
CREDENCE_REGISTRY_URL GitHub raw Override the registry.json URL
CREDENCE_PUBLIC_KEY_URL GitHub raw Override the public key URL for signature verification

Config auto-detection

The credence audit and credence watch commands automatically find your MCP client config. Detected paths:

# macOS
~/Library/Application Support/Claude/claude_desktop_config.json

# Linux
~/.config/Claude/claude_desktop_config.json

# Windows
%APPDATA%\Claude\claude_desktop_config.json

# Claude Code
~/.claude.json

Use --config PATH to point at a custom config file instead.