Skip to main content
Loadout
Explainer3 min read

MCP publisher reputation system: how trust will be priced into the MCP ecosystem

Reputation scores for MCP publishers are coming. Here is what the score will measure, how registries will compute it, and what publishers can do today to land on the right side of the curve.

Every npm package has a download count and a star count. They are weak signals against the supply chain attacks of 2026. The next generation of MCP marketplaces will publish reputation scores per publisher — a composite signal users can read at a glance. Here is what those scores will measure and why it matters now.

Why a new score

Existing signals are gameable or stale:

  • Downloads can be inflated by automation.
  • Stars lag adoption by months.
  • Vendor brand does not exist for solo maintainers.
  • CVE history is a lagging indicator.

A composite reputation score blends multiple signals, weights them, and updates continuously.

The components

A working score combines five signals:

1. Identity verification

The publisher proved control of a domain or org via DNS or GitHub. Worth a base 20 points.

2. Publishing history

Time on the registry, frequency of releases, version stability. Long-running publishers with steady cadence score higher than burst-publish-then-disappear.

3. Security posture

Signed packages, no postinstall scripts, dependencies audited, fast response to disclosed CVEs.

4. User signals

Adoption (real, deduplicated installs), reviews, dispute frequency, escalations resolved.

5. Operational evidence

Health endpoint uptime, SLA adherence (for hosted servers), audit-log integrity.

The score is a number out of 100, with a sub-score per component.

Sample reputation card

Publisher: data-platform@example.com
Reputation: 87 / 100

  Identity (20/20)         ✓ DNS-verified
  History  (16/20)         3 packages, 18 months
  Security (24/25)         signed, no postinstall, 1 fast-resolved CVE
  Users    (14/20)         1,200 monthly active installs
  Ops      (13/15)         99.4% health uptime

Hosts can refuse to install below a threshold; users can browse only above one.

How registries will compute it

Three patterns we are seeing in early 2026:

  • Open formula — registry publishes the algorithm. Trust through transparency.
  • Closed formula with audit trail — the score is opaque but the signals are visible.
  • User-weighted — each user picks how much each component matters to them. Niche but interesting.

Open formula wins for trust; closed wins for gaming-resistance. Most marketplaces will land on a hybrid.

What publishers should do today

Five actions, in order of impact:

  1. Verify your identity — link your publishing account to a DNS-verified domain or a GitHub org with provenance.
  2. Sign your packages — npm provenance, Sigstore, or registry-specific signing.
  3. Drop postinstall scripts — audit any nested dependencies that have them.
  4. Publish a SECURITY.md — disclosure address, response SLA, recent advisories.
  5. Wire up a health endpoint — for hosted servers; see health metrics.

Most of these are one-day changes that double your reputation score.

What will NOT count

  • Marketing spend — registries actively filter inflated download counts.
  • Star farming — same.
  • Big company affiliation — unless backed by identity verification of a verified org account.
  • Old activity — recency-weighted; 2-year-old work matters less than current.

How users will use the score

Three UI patterns to expect:

  • Sort by reputation in the catalogue.
  • Threshold-gated install — clients refuse to install publishers below 50.
  • Reputation diff on update — alert when the publisher's score drops materially.

The threshold gate is the most consequential. Below 30 means effectively invisible.

Failure modes of reputation

The system can be wrong:

  • Bias toward incumbents — new publishers can never beat 5-year veterans.
  • One-time event blow-ups — a single CVE can sink a year of trust.
  • Coordinated downvoting — competitors gaming the user signals.

Mature registries will publish appeal processes. Most will not.

Implications for buyers

Two adjustments to your evaluation process:

  • Add a reputation floor to your internal procurement criteria.
  • Audit the publishers you depend on quarterly. Falling reputation is a leading indicator of upcoming incidents.

Where this is heading

Three trends to expect by 2027: cross-registry reputation portability (your score follows you across marketplaces), insurance products priced on publisher reputation, and reputation-aware MCP discovery (hosts only consider trusted publishers). Build to the criteria above now and you stay ahead of the threshold gate.

Loadout

Build your AI agent loadout

The directory of MCP servers and AI agents that actually work. Pick the right loadout for Slack, Postgres, GitHub, Figma and 20+ integrations — with install commands ready to paste into Claude Desktop, Cursor or your own stack.

Contact
© 2026 Loadout. Built on Angular 21 SSR.