npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

scorecard-ai-mcp

v3.1.0

Published

The official MCP Server for the Scorecard API

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

egdelturegdelturtwotautwotau

Keywords

Readme

Scorecard TypeScript MCP Server

It is generated with Stainless.

Installation

Direct invocation

You can run the MCP Server directly via npx:

export SCORECARD_API_KEY="My API Key"
export SCORECARD_ENVIRONMENT="production"
npx -y scorecard-ai-mcp@latest

Via MCP Client

There is a partial list of existing clients at modelcontextprotocol.io. If you already have a client, consult their documentation to install the MCP server.

For clients with a configuration JSON, it might look something like this:

{
  "mcpServers": {
    "scorecard_ai_api": {
      "command": "npx",
      "args": ["-y", "scorecard-ai-mcp"],
      "env": {
        "SCORECARD_API_KEY": "My API Key",
        "SCORECARD_ENVIRONMENT": "production"
      }
    }
  }
}

Cursor

If you use Cursor, you can install the MCP server by using the button below. You will need to set your environment variables in Cursor's mcp.json, which can be found in Cursor Settings > Tools & MCP > New MCP Server.

Add to Cursor

VS Code

If you use MCP, you can install the MCP server by clicking the link below. You will need to set your environment variables in VS Code's mcp.json, which can be found via Command Palette > MCP: Open User Configuration.

Open VS Code

Claude Code

If you use Claude Code, you can install the MCP server by running the command below in your terminal. You will need to set your environment variables in Claude Code's .claude.json, which can be found in your home directory.

claude mcp add scorecard_ai_mcp_api --env SCORECARD_API_KEY="My API Key" -- npx -y scorecard-ai-mcp

Code Mode

This MCP server is built on the "Code Mode" tool scheme. In this MCP Server, your agent will write code against the TypeScript SDK, which will then be executed in an isolated sandbox. To accomplish this, the server will expose two tools to your agent:

  • The first tool is a docs search tool, which can be used to generically query for documentation about your API/SDK.

  • The second tool is a code tool, where the agent can write code against the TypeScript SDK. The code will be executed in a sandbox environment without web or filesystem access. Then, anything the code returns or prints will be returned to the agent as the result of the tool call.

Using this scheme, agents are capable of performing very complex tasks deterministically and repeatably.

Usage Examples

Below are examples of prompts you can give to an AI assistant with this MCP server configured.

Example 1: Search Documentation

Prompt:

"How do I create a testset using the Scorecard TypeScript SDK?"

Tool Called: search_docs

{
  "query": "create testset",
  "language": "typescript"
}

The assistant searches SDK documentation and returns relevant code examples and API references.

Example 2: List Projects and Testsets

Prompt:

"List all my Scorecard projects and their testsets."

Tool Called: execute

async function run(client) {
  for await (const project of client.projects.list()) {
    console.log(`Project: ${project.id} - ${project.name}`);
    for await (const testset of client.testsets.list(project.id)) {
      console.log(`  Testset: ${testset.id} - ${testset.name}`);
    }
  }
}

Example 3: Create an Evaluation Run

Prompt:

"Create a new evaluation run for project '314' with testset '246' and metrics '789' and '101'."

Tool Called: execute

async function run(client) {
  const run = await client.runs.create('314', {
    testsetId: '246',
    metricIds: ['789', '101']
  });
  console.log('Run created:', run.id);
  console.log('View at:', run.url);
  return run;
}

For more SDK code examples, see the examples directory.

Running remotely

Launching the client with --transport=http launches the server as a remote server using Streamable HTTP transport. The --port setting can choose the port it will run on, and the --socket setting allows it to run on a Unix socket.

Authorization can be provided via the Authorization header using the Bearer scheme.

Additionally, authorization can be provided via the following headers: | Header | Equivalent client option | Security scheme | | --------------------- | ------------------------ | --------------- | | x-scorecard-api-key | apiKey | ApiKeyAuth |

A configuration JSON for this server might look like this, assuming the server is hosted at http://localhost:3000:

{
  "mcpServers": {
    "scorecard_ai_api": {
      "url": "http://localhost:3000",
      "headers": {
        "Authorization": "Bearer <auth value>"
      }
    }
  }
}

Privacy & Data Handling

This MCP server transmits data to external services to provide its functionality. By using this server, you acknowledge the following:

Data Transmitted

  • Code Execution (execute tool): When you use the execute tool, the code you provide is sent to the Stainless API (api.stainless.com) for execution in a sandboxed environment. Your Scorecard API key is also transmitted to authenticate requests made by the executed code.

  • Documentation Search (search_docs tool): Search queries are sent to the Stainless API to retrieve relevant SDK documentation.

API Credentials

  • Your SCORECARD_API_KEY is transmitted to the Stainless code execution sandbox to allow the executed code to make authenticated requests to the Scorecard API.
  • API keys are sent over HTTPS and are not logged by this MCP server.

Data Retention

Security Recommendations

  • Use environment variables to provide API keys rather than hardcoding them.
  • When running the server remotely, ensure TLS is enabled and use OAuth 2.0 or secure token-based authentication.
  • Rotate API keys periodically and revoke unused keys.

Contact

For security concerns, contact [email protected] or [email protected].