Certification

Every bundle published to mpak is automatically scanned against the mpak Trust Framework (MTF), an open security standard for MCP server bundles. The results determine your bundle’s certification level (L1-L4).

Quick Reference

Level	Name	Controls	What It Means
L1	Basic	7	No secrets, no malware, valid manifest, SBOM
L2	Standard	26	+ Vuln scanning, pinned deps, author identity
L3	Verified	38	+ Signed bundles, build provenance, SLSA
L4	Attested	41	+ Behavioral sandbox, reproducible builds

Most well-structured servers achieve L1 or L2 automatically.

What Gets Checked

Controls span nine security domains:

Domain	Code	Examples
Artifact Integrity	AI	Valid manifest, content hashes, signatures
Supply Chain	SC	SBOM, vulnerability scan, dependency pinning
Code Quality	CQ	No secrets, no malware, static analysis
Capability Declaration	CD	Tool descriptions, permission scopes
Provenance	PR	Source repo, author identity, build attestation
Registry Operations	RG	Namespace governance, name pattern review
Publisher Identity	PK	Identity verification, key rotation
Installation	IN	Pre-install checks, user transparency
Update Lifecycle	UP	Version policy, deprecation process

MCP-Specific Threats

Three controls target AI attack surfaces that traditional tools miss:

CD-03: Tool description poisoning - prompt injection in tool descriptions
CD-04: Credential blast radius - overly broad OAuth scopes
CQ-06: Behavioral mismatch - runtime behavior differs from declarations

Slopsquatting (packages named after LLM hallucinations) is handled by RG-02 namespace governance.

Viewing Results

Every package page on mpak.dev shows:

Certification level badge
Risk score
Individual control results (pass/fail/skip)
Remediation guidance for failures

Next Steps

Scan Your Bundle Run the scanner locally before publishing

mpak Trust Framework Full specification and control reference