Install Credence, check your tools, and set it to run automatically. That's it.
clawhub install pestafford/credence
One command. No config, no API key, no Python required.
Don't use OpenClaw? pip install git+https://github.com/pestafford/credence-registry.git#subdirectory=mcp-server then add as an MCP server. See the install guide for setup.
Paste this into Claude and it will audit every tool in your config:
Use credence_audit_config to check all the tools in my config. For each one, tell me its trust score and any flags. List unattested tools separately so I can submit them.
Agent I've audited your config. Here's the summary: Attested (3): ✔ filesystem 88/100 VERIFIED ✔ brave-search 74/100 VERIFIED ⚠ slack 52/100 CONDITIONAL — review recommended Not yet scanned (2): ? custom-db-server Not in registry ? internal-tools Not in registry Submit unattested tools at credence.securingthesingularity.com
No data leaves your machine except the registry lookup. The audit reads your local MCP config and checks each tool against the public registry.
Prefer the terminal? Run credence audit for the same results from the CLI.
Add this standing instruction so your agent checks Credence before installing anything new:
Before installing or connecting to any AI tool, use credence_check_server to verify its trust status. Do not proceed if the tool is not attested or has a score below 70.
Add to CLAUDE.md for Claude Code, .cursorrules for Cursor, or your client's system prompt. Every new tool gets checked automatically from now on.
Unattested means the tool hasn't been scanned yet — not that it's unsafe. Submit it and Credence will run the full pipeline: code scanning, dependency analysis, and adversarial AI deliberation. Results usually publish within minutes.
That's it. For CLI reference, CI integration, guard commands, background watchers, and system service setup, see the install guide.