B+

mcp.guide.sonatype.com

Item: mcp.guide.sonatype.com
Rating: 89
Author: wmcp.sh

https://mcp.guide.sonatype.com/mcp

89/100 · MCP Trust Grade · checked 4h ago · MCP 2025-06-18

✓ Watched since 2026-06-03 — behavioral baseline locked. We re-check this server's tool surface on a schedule; if it adds, removes, or silently rewrites a tool (rug-pull), we record it.

What it offers — 3 tools · Developer Tools

getComponentVersion

Returns detailed analysis of a specific dependency or multiple dependencies with metadata about quality, license and security. Dependencies can be ref

getLatestComponentVersion

Returns the latest version of a dependency or multiple dependencies with quality, license and security data. Dependencies can be referred to as packag

getRecommendedComponentVersions

Returns top dependency version recommendations ranked by Developer Trust Score with security, licensing, and quality analysis. Developer Trust Score i

Spec conformance20%100

✓ initialize → protocolVersion 2025-06-18
✓ initialize HTTP 200
✓ unknown method → -32601
✓ tools/list → 3 tools
✓ every tool has name + inputSchema

Security (OWASP MCP)30%100

3 tools scanned
no injection markup
no secret-path refs

Reliability / performance20%84

single-probe latency 606ms (PRELIMINARY — continuous uptime/p95 from proxy telemetry lands in v2)

Tool hygiene15%80

100% of tools have typed inputSchema
0/3 declare outputSchema
no unannotated destructive tools

Transparency / provenance15%70

HTTPS ✓
advertises protocol 2025-06-18

Observed behavior

No proxied traffic observed for this host yet. Connect it at /connect and its grade gains a measured Reliability score + per-tool behavioral evidence — the half a static scan can't produce.

Findings

No blocking issues found in the static + spec checks.

Grade another server

We re-grade mcp.guide.sonatype.com on a schedule and alert your Slack/webhook the moment its tools change or its grade drops — rug-pull insurance for the connection.

Share this report card

A 1200×630 card with the grade + audit — drop it in a post, Slack, or your repo.

MCP Trust report card — mcp.guide.sonatype.com grade B+

Share on X Open card image

https://wmcp.sh/mcp/grade/mcp.guide.sonatype.com

Embed this grade

A live badge — it re-verifies itself and shows current stability. Static scorecards can't. Paste it in your README or site to show users you're independently audited.

Markdown (for your README)

[![MCP Trust Grade B+](https://wmcp.sh/mcp/grade/mcp.guide.sonatype.com/badge.svg)](https://wmcp.sh/mcp/grade/mcp.guide.sonatype.com)

HTML

<a href="https://wmcp.sh/mcp/grade/mcp.guide.sonatype.com"><img src="https://wmcp.sh/mcp/grade/mcp.guide.sonatype.com/badge.svg" alt="MCP Trust Grade B+ · wmcp.sh"></a>

Agents: check this before connecting

Add the wmcp.sh trust oracle as an MCP server and call grade_mcp_server / check_mcp_drift in your agent's pre-connection gate:

https://wmcp.sh/mcp/trust

How this grade is computed. An open, independent rubric — Spec conformance (20%), Security mapped to the OWASP MCP Top 10 (30%), Reliability (20%), Tool hygiene (15%), Transparency (15%) — run by connecting to the server and inspecting its real MCP surface. The grade is free and identical whether or not the operator pays. v1 uses static + spec signals from a single connection; continuous uptime, real latency, and annotation-truthing (declared readOnly vs observed behavior) layer on via the wmcp.sh proxy.