C+

npm:keyblind

https://www.npmjs.com/package/keyblind
77/100 · MCP Trust Grade · checked 4h ago · MCP 0.6.0

What it offers — 22 tools · Database

resolve_secret

Resolve a secret by name using the configured backend (local vault, 1Password, Bitwarden, or env vars). Returns the decrypted value at runtime. The se

store_secret

Store a secret in the encrypted vault. The value is encrypted with AES-256-GCM before storage. The secret value is never visible in the LLM conversati

list_secrets

List all stored secret names (names only — values are never revealed in this listing).

sandbox_env

Replace real values in your .env file with deterministic fake values. Real values are encrypted and backed up to the vault. AI agents reading .env fil

unsandbox_env

Restore real .env values from the vault. Reverses the sandbox operation.

delete_secret

Delete a secret from the vault.

audit_log

View the audit log of secret resolutions, stores, and deletes. Shows who accessed which secret and when.

totp_code

Generate a TOTP 2FA code for a stored secret. Returns the current 6 or 8 digit code and seconds remaining until rotation.

totp_store

Store a TOTP configuration from an otpauth:// URI (from QR code scan or manual entry).

totp_list

List all stored TOTP configurations.

totp_delete

Delete a stored TOTP configuration.

create_share_link

Create an encrypted, expiring share link for a secret. The secret is encrypted into the URL fragment and never sent to any server.

receive_share

Receive and decrypt a shared secret from a share URL fragment.

deadman_status

Check dead man

deadman_checkin

Check in to reset the dead man

team_init

Create a new shared team vault (encrypted SQLite). Requires a passphrase.

team_push

Push a local secret to the shared team vault.

team_pull

Import all secrets from the team vault into your local vault.

+4 more tools

Spec / packaging20%100
Security (OWASP MCP)30%25
Maintenance / popularity20%100
Tool hygiene15%95
Transparency / provenance15%100

Findings

WARNMCP08 References sensitive file paths / environment secrets.
INFO Static analysis of npm package keyblind@0.6.0 (stdio server — no remote endpoint). Reliability/behavioral signals require running it; not measured.
Grade another server

We re-grade npm:keyblind on a schedule and alert your Slack/webhook the moment its tools change or its grade drops — rug-pull insurance for the connection.

Share this report card

A 1200×630 card with the grade + audit — drop it in a post, Slack, or your repo.

MCP Trust report card — npm:keyblind grade C+
Share on X Open card image

Embed this grade

A live badge — it re-verifies itself and shows current stability. Static scorecards can't. Paste it in your README or site to show users you're independently audited.

MCP Trust Grade C+ · wmcp.sh
[![MCP Trust Grade C+](https://wmcp.sh/mcp/grade/npm%3Akeyblind/badge.svg)](https://wmcp.sh/mcp/grade/npm%3Akeyblind)
<a href="https://wmcp.sh/mcp/grade/npm%3Akeyblind"><img src="https://wmcp.sh/mcp/grade/npm%3Akeyblind/badge.svg" alt="MCP Trust Grade C+ · wmcp.sh"></a>

Agents: check this before connecting

Add the wmcp.sh trust oracle as an MCP server and call grade_mcp_server / check_mcp_drift in your agent's pre-connection gate:

https://wmcp.sh/mcp/trust
How this grade is computed. An open, independent rubric — Spec conformance (20%), Security mapped to the OWASP MCP Top 10 (30%), Reliability (20%), Tool hygiene (15%), Transparency (15%) — run by connecting to the server and inspecting its real MCP surface. The grade is free and identical whether or not the operator pays. v1 uses static + spec signals from a single connection; continuous uptime, real latency, and annotation-truthing (declared readOnly vs observed behavior) layer on via the wmcp.sh proxy.