How We Score MCP Repositories
Every score is deterministic, auditable, and traceable to a specific checker ID. No ML classifiers. No black boxes. Every point maps to a rule you can read.
Score Formula
The base score is a weighted sum of finding severities multiplied by a confidence factor, then a floor rule is applied based on the highest-risk finding category. Floors prevent CRITICAL findings from being buried by a large medium tail.
score = max(base, floor_from_finding_category)
score = min(score, 100)
confidence: AI-confirmed=1.0 · likely=0.8 · possible=0.5 · Known-FP checkers (CHK-133, CHK-108) do not trigger floor rules.
Score Bands
Floor Rules
Floor rules prevent a single severe finding from being undersold by a large low-severity distribution. Known false-positive checkers never trigger floors.
Checker Categories
OWASP MCP Top 10 Mapping
False Positive Control
Every checker ships with documented true positives and true negatives per ADR-010. We audit every high-volume checker against the live corpus before citing any statistics.