MCP servers have 97 million monthly SDK downloads. 10,000+ are in production. None of them check if the agent calling their tools has been reported for malicious behaviour.
An agent gets caught exfiltrating data from one system. The next system it connects to? No idea. There's no shared database of bad actors in the AI agent world. Every system starts from zero.
So I built one.
KYA Abuse Database
Two endpoints. Free. No API key. No rate limits on checks.
Check an agent:
curl https://agentscores.xyz/api/abuse/check?agent=some-agent
Returns:
{
"agent": "some-agent",
"status": "reported",
"report_count": 2,
"severity": "high",
"reasons": ["prompt_injection", "data_exfiltration"],
"recommendation": "CAUTION"
}
Report a bad agent:
curl -X POST https://agentscores.xyz/api/abuse/report \
-H "Content-Type: application/json" \
-d '{
"agent_identifier": "bad-agent",
"reason": "data_exfiltration",
"evidence": "Agent read /etc/passwd via MCP tool"
}'
Use it in your MCP server
npm install mcp-trust-guard
import { McpGuard } from 'mcp-trust-guard';
const guard = new McpGuard({
abuseCheck: true,
abuseBlockLevel: 'CAUTION',
});
app.use('/mcp', guard.middleware());
Every tools/call request is now checked against the abuse database before the tool executes.
Or standalone
npm install kya-abuse-check
import { checkAbuse } from 'kya-abuse-check';
const result = await checkAbuse('some-agent');
if (result.recommendation === 'BLOCK') {
// don't interact
}
Zero dependencies. One function. Fail-open.
The network effect
This only works if people use it. Every report makes the database more valuable for everyone. The database is empty right now. It won't stay that way.
Part of KYA (Know Your Agent)
The abuse database is one of six verification checks in KYA:
- Deployer — who built this agent
- Model — what LLM powers it
- Code — is the source auditable
- Abuse — has it been reported
- Permissions — what access does it need
- Deployment — how is it running
More at agentscores.xyz.
npm packages:
