B

npm:mcacp

https://www.npmjs.com/package/mcacp
84/100 · MCP Trust Grade · checked 2h ago · MCP 0.1.3

What it offers — 24 tools · Search

list_installed_agents

List all locally installed ACP agents with their id, name, version, and description.

registry_search

Search configured ACP agent registries for available agents.

agent_install

Install an ACP agent from the registry.

agent_uninstall

Remove a locally installed ACP agent.

agent_check_upgrades

Check all installed agents for available version upgrades.

discover_agents

Scan editor configs (Zed settings.json, JetBrains acp.json) for ACP agents. Returns agents with command/args/env and source. To import, add them to ag

reload_config

Reload configuration from disk. Use after editing mcacp.json to pick up new agent_servers entries or changed settings. Returns the new config.

initialize

Spawn an ACP agent process and perform the initialize handshake. Must be called before creating sessions.

shutdown

Gracefully shut down a running ACP agent, closing all sessions.

new_session

Create a new ACP session on an initialized agent. Returns the agent

load_session

Resume a previously created session. Agent must support session loading.

list_sessions

List stored sessions. Does not require the agent to be running.

close_session

Close an active session. Session file preserved for future load_session.

prompt_start

Send a prompt to an active ACP session. Returns immediately with { status:

prompt_events

Non-blocking poll for prompt events. Returns all queued events (updates, permission requests, completion). May return empty array if no new events.

prompt

Block until at least one prompt event is available. Returns queued events including updates (with full ACP metadata), permission requests, and complet

events

Block until any prompted session produces events. Returns events stamped with sessionId and agentId. Supports optional Nagle-style coalescing to batch

grant_permission

Respond to a pending permission request (operator policy). The agent resumes; new events flow to the queue.

+6 more tools

Spec / packaging20%100
Security (OWASP MCP)30%70
Maintenance / popularity20%75
Tool hygiene15%95
Transparency / provenance15%90

Findings

INFO Static analysis of npm package mcacp@0.1.3 (stdio server — no remote endpoint). Reliability/behavioral signals require running it; not measured.
Grade another server

We re-grade npm:mcacp on a schedule and alert your Slack/webhook the moment its tools change or its grade drops — rug-pull insurance for the connection.

Share this report card

A 1200×630 card with the grade + audit — drop it in a post, Slack, or your repo.

MCP Trust report card — npm:mcacp grade B
Share on X Open card image

Embed this grade

A live badge — it re-verifies itself and shows current stability. Static scorecards can't. Paste it in your README or site to show users you're independently audited.

MCP Trust Grade B · wmcp.sh
[![MCP Trust Grade B](https://wmcp.sh/mcp/grade/npm%3Amcacp/badge.svg)](https://wmcp.sh/mcp/grade/npm%3Amcacp)
<a href="https://wmcp.sh/mcp/grade/npm%3Amcacp"><img src="https://wmcp.sh/mcp/grade/npm%3Amcacp/badge.svg" alt="MCP Trust Grade B · wmcp.sh"></a>

Agents: check this before connecting

Add the wmcp.sh trust oracle as an MCP server and call grade_mcp_server / check_mcp_drift in your agent's pre-connection gate:

https://wmcp.sh/mcp/trust
How this grade is computed. An open, independent rubric — Spec conformance (20%), Security mapped to the OWASP MCP Top 10 (30%), Reliability (20%), Tool hygiene (15%), Transparency (15%) — run by connecting to the server and inspecting its real MCP surface. The grade is free and identical whether or not the operator pays. v1 uses static + spec signals from a single connection; continuous uptime, real latency, and annotation-truthing (declared readOnly vs observed behavior) layer on via the wmcp.sh proxy.