Getting Started with the Oathe MCP Server
Install the Oathe MCP server in Claude Desktop, Claude Code, or Cursor. Five tools, zero config, zero API key. Check any AI agent skill before you install it.
The Oathe MCP server gives your AI agent direct access to Oathe’s behavioral security engine. Five tools. No API key. No configuration. Your agent can check any third-party skill’s trust score, submit new audits, and read full behavioral reports — all without leaving its workflow.
This is the fastest way to build a pre-install security check into any MCP-compatible agent.
Quick Start
One command. That’s it.
npx oathe-mcpThis pulls the latest version of oathe-mcp from npm and starts the MCP server over stdio. No install step, no config file, no API key. The server connects to the Oathe API automatically.
Now wire it into your agent.
Configure in Claude Desktop
Add this to your Claude Desktop MCP configuration file (claude_desktop_config.json):
{
"mcpServers": {
"oathe": {
"command": "npx",
"args": ["-y", "oathe-mcp"]
}
}
}Restart Claude Desktop. You’ll see the Oathe tools available in the tool list. Done.
Configure in Claude Code
One command from your terminal:
claude mcp add oathe -- npx -y oathe-mcpClaude Code registers the server and makes all five tools available immediately. No restart needed.
Configure in Cursor
Create or edit .cursor/mcp.json in your project root:
{
"mcpServers": {
"oathe": {
"command": "npx",
"args": ["-y", "oathe-mcp"]
}
}
}Restart Cursor. The tools show up in the MCP tool list.
Example: Check a Popular MCP Server
The fastest way to check a skill is get_skill_summary. It returns the trust score, verdict, and recommendation from the most recent completed audit — no need to submit a new one.
Ask your agent:
“Check if the modelcontextprotocol/servers repo is safe to install.”
The agent calls get_skill_summary with owner: "modelcontextprotocol" and repo: "servers". The response looks like this:
{
"skill_slug": "modelcontextprotocol/servers",
"score": 82,
"verdict": "SAFE",
"recommendation": "INSTALL",
"findings_count": 0,
"critical_findings": 0,
"high_findings": 0,
"audited_at": "2026-02-20T14:30:00Z",
"report_url": "/api/skill/modelcontextprotocol/servers/latest"
}The key decision field is recommendation. Two supporting fields provide context:
recommendation— The actionable output:INSTALL,INSTALL_WITH_CAUTION,REVIEW_BEFORE_INSTALL, orDO_NOT_INSTALL.verdict— The risk classification:SAFE,CAUTION,DANGEROUS, orMALICIOUS.score— The composite behavioral score, 0-100.
The agent acts on the recommendation:
| Recommendation | Agent Action |
|---|---|
INSTALL | Proceed with installation. |
INSTALL_WITH_CAUTION | Install, but inform the user of minor flags. |
REVIEW_BEFORE_INSTALL | Surface findings to the user. Wait for confirmation. |
DO_NOT_INSTALL | Refuse the install. Explain why. |
For the full report with dimension-level scores and individual findings, use get_audit_report instead.
Example: Audit a New or Unknown Skill
If a skill hasn’t been audited yet, get_skill_summary returns an error indicating no audit exists. Your agent submits a new audit.
Step 1: Submit the audit.
The agent calls submit_audit with skill_url: "https://github.com/some-org/some-skill". This returns an audit_id:
{
"audit_id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"queue_position": 1
}If the skill was already submitted recently, the response includes "deduplicated": true with the existing audit_id instead. No duplicate work.
Step 2: Poll for completion.
The agent calls check_audit_status with the audit_id, polling every 5 seconds. Statuses progress through: queued -> scanning -> analyzing -> summarizing -> finalizing -> complete.
When it hits complete, the response includes the full audit report — trust score, verdict, findings, category-level scores, everything.
Step 3: Read the full report.
Once the audit is complete, the agent can also call get_audit_report with the owner and repo to retrieve the latest report at any time. This returns the full breakdown: every finding, every dimension score, every detected threat code from the Open Threat Classification (docs).
All 5 Tools
| Tool | Purpose | Key Parameters |
|---|---|---|
get_skill_summary | Quick safety check — trust score, verdict, recommendation | owner, repo |
get_audit_report | Full behavioral report with all findings and dimension scores | owner, repo |
submit_audit | Submit a new skill for behavioral audit | skill_url, optional force_rescan |
check_audit_status | Poll audit progress until complete or failed | audit_id |
search_audits | Search all completed audits, filter by verdict or score | optional verdict, min_score |
get_skill_summary is the tool your agent will use most. It’s the quickest path to a go/no-go decision. Use submit_audit + check_audit_status only when the skill hasn’t been audited before or you want a fresh scan (pass force_rescan: true).
What’s Next
The MCP server is one piece of a broader security strategy for agent skills. Once you’re checking skills before installation, consider:
- Gate your CI/CD pipeline. Run behavioral audits on every push so regressions never ship.
- Add the trust badge. If your skill passes, prove it with a badge in your README.
- Read the threat model. Understand the 10 threat codes and 6 dimensions Oathe scores against.
- Understand why behavioral analysis matters. Static analysis can’t catch what agents do at runtime.
- See what LLMs actually do when given autonomy. The models will lie, collude, and manipulate if the incentives line up.
- Learn our LLM-aware security strategy. How we’re making AI systems themselves aware of Oathe — through llms.txt, SKILL.md, and the MCP server you just installed.
The full API documentation is at oathe.ai/docs. The MCP server source is on GitHub. Everything is free while we’re in beta.
Run npx oathe-mcp and stop installing skills blind.