CertScore MCP is an npm package (version 0.2.3) published by ai.certscore that exposes website risk-signal capabilities to AI agents through the Model Context Protocol over stdio transport. It is configured with two environment variables: CERTSCORE_API_KEY for authentication and CERTSCORE_BASE_URL to point at the target API endpoint.
According to its description, the server provides tooling around four areas: website scans, findings from those scans, evidence associated with findings, and latest-domain lookups. An agent connected to this server can retrieve risk assessments for websites, surface specific findings tied to a domain, access supporting evidence behind those findings, and look up the most recent data available for a given domain.
This makes it applicable in workflows where an agent needs to programmatically assess the risk posture of a website or domain, such as during vendor evaluation, threat triage, or compliance checking pipelines. Because the server relies on a CERTSCORE_API_KEY, a valid account with the CertScore service is a prerequisite before the server can be used. No tools are currently published in the registry record, so the exact callable surface must be confirmed from the package itself or the upstream repository at github.com/ergoveritas1-alt/certscore.ai.