15,536 MCP servers scored. Real confidence metrics. One API call.
This isn't a mockup. Hit the button and watch the Resonance Engine score MCP tools in real time.
# Resolve the best MCP tool for an intent curl -X POST https://api.xluxx.net/resolve-tool \ -H "Content-Type: application/json" \ -d '{"intent":"search the web"}'
{
"best_server": "brave-search",
"confidence": 0.94,
"fallback": "tavily-search",
"risk_flags": [],
"resonance_score": 0.91,
"fractal_reliability": 0.96,
"coherence_drift": 0.02
}
Live response from api.xluxx.net:
If your AI agents call external tools, you need trust scoring.
Building with LangChain, CrewAI, or AutoGen? Add a trust gate before every tool call. Know which MCP server to route to — and which to avoid — before your agent acts.
Ship trust signals with your server. Show users your reliability score, uptime history, and coherence metrics. Stand out in a crowded registry.
Running AI workflows in production? Monitor tool reliability drift, get fallback routing, and catch behavioral changes before they break your pipelines.
Four independent signals, combined into a single trust score. Every metric is transparent and auditable.
Multi-scale pattern detection across 1h, 24h, 7d, and 30d windows. Servers that are reliable at every timescale score higher than those with intermittent spikes.
Measures how much a server's behavior has changed from its established baseline. Low drift = predictable. High drift = something changed — investigate.
How well does this tool work in combination with others? Tools that amplify their neighbors' reliability score higher than isolated performers.
Is there a reliable alternative? A high fallback stability score means your agent has a safe Plan B if the primary tool degrades.
Weights adapt per-query based on intent criticality. Default: w=[0.35, 0.25, 0.20, 0.20]
Pulled live from the XLUXX API on page load.
No credit card required for the free tier. Upgrade instantly via Stripe.
SDKs for Python and Node.js. Or just use the REST API.
from xluxx import TrustClient client = TrustClient(api_key="your-key") result = client.resolve("search the web") # result.best_server â "brave-search" print(f"Use {result.best_server} (confidence: {result.confidence})")
import { TrustClient } from 'xluxx-trust'; const client = new TrustClient({ apiKey: 'your-key' }); const result = await client.resolve('search the web'); console.log(result.best_server); // "brave-search"
# claude_desktop_config.json { "mcpServers": { "xluxx-trust": { "command": "npx", "args": ["xluxx-trust-mcp"] } } }
Every server in our registry gets a passive security assessment — no exploitation, no noise. CVE matching, SSH version detection, secret scanning, DNS recon, and OSINT profiling.
Detected framework versions are cross-referenced against OSV.dev and a curated CVE database. Every match gets a CVSS v3 score and CWE classification.
Public GitHub repositories are scanned for exposed API keys, tokens, and credentials — Stripe, AWS, OpenAI, Anthropic, GitHub PATs, private keys, and more.
Passive TCP port probing detects unexpected exposed services. SSH banners are fingerprinted — OpenSSH versions checked against regreSSHion (CVE-2024-6387) and Terrapin.
RDAP/WHOIS for registrar and expiry data. Developer username checked across GitHub, npm, Docker Hub, PyPI, GitLab, HuggingFace. Email checked via Gravatar and HaveIBeenPwned.
SPF, DMARC, MX and NS records audited. Missing email authentication policies flagged — domain spoofing and phishing risks quantified with CWE-346.
All scans are passive and non-destructive. We read public data — no exploitation attempts, no unauthorized access, no active attacks. Research-grade intelligence within legal bounds.
Ranked by composite trust score. Updated every hour from live monitoring data.
| # | Server | Trust Score | Reliability | Drift | Category |
|---|---|---|---|---|---|
| Loading leaderboard from API… | |||||