Certification Levels

Understanding certification levels 0 through 3

  3 min read  

Every MCP server published through MCP Hub is assigned a certification level based on automated security analysis. The certification level represents the depth of analysis that has been performed and the guarantees it provides.

Level 0: Integrity Verified

  • Score requirement: Any score
  • What it means: The package digest has been validated. The artifact distributed by the registry is exactly what the publisher submitted. Schema validation of the manifest has passed.
  • Guarantees:
    • Tamper-proof distribution via SHA-256 content addressing
    • Valid manifest structure and schema
    • Package identity verified (org, name, version)

Level 0 is the baseline. Every package that passes ingestion receives at least this level.

Level 1: Static Verified

  • Score requirement: >= 60
  • What it means: Basic static analysis has been completed. The code has been scanned for common vulnerability patterns and no critical issues were found.
  • Guarantees:
    • All Level 0 guarantees
    • Basic security scan passed
    • No critical vulnerability classes detected
    • Dependency manifest analyzed

Level 2: Security Certified

  • Score requirement: >= 80
  • What it means: Comprehensive security analysis has been performed with full evidence artifacts. Security controls have been verified across all 14 vulnerability classes. Supply chain analysis is complete.
  • Guarantees:
    • All Level 1 guarantees
    • Full vulnerability scan across all 14 classes (injection, exfiltration, privilege escalation, etc.)
    • Supply chain analysis (dependency CVEs, pinning, freshness)
    • SBOM (Software Bill of Materials) generated
    • Attestation and evidence artifacts included
    • Detailed findings report available

Level 2 is the recommended minimum for production workloads.

Level 3: Runtime Certified

  • Score requirement: >= 90
  • What it means: Dynamic analysis has verified the package’s behavior at runtime. This is the highest level of trust available.
  • Status: Reserved for future implementation.
  • Guarantees:
    • All Level 2 guarantees
    • Runtime behavior validation
    • Dynamic taint analysis
    • Actual execution profile verified against declared permissions

Visual Summary

Level 3 ──── Runtime Certified    (Score >= 90)  [Future]
Level 2 ──── Security Certified   (Score >= 80)  [Recommended for production]
Level 1 ──── Static Verified      (Score >= 60)  [Recommended for development]
Level 0 ──── Integrity Verified   (Any score)    [Baseline]

Recommendations

Use CaseRecommended Minimum
Personal experimentationLevel 0
Development and testingLevel 1
Production workloadsLevel 2
High-security environmentsLevel 2 (Level 3 when available)

How Levels Are Assigned

Certification levels are assigned automatically by the MCP Hub certification pipeline:

  1. The publisher submits code via smcp push, Git webhook, or file upload.
  2. The hub dispatches an analysis job to the scan worker.
  3. The scan worker performs static analysis and returns findings.
  4. The hub computes a security score from the findings.
  5. The score maps to a certification level:
    • Score < 60 –> Level 0
    • Score >= 60 –> Level 1
    • Score >= 80 –> Level 2
    • Score >= 90 –> Level 3 (when available)

Enforcing Certification Levels

Use the policy.min_cert_level setting in your configuration to require a minimum level:

policy:
  min_cert_level: 2
  cert_mode: "strict"

In strict mode, any attempt to run a package below the minimum level will be blocked with exit code 4. In warn mode, a warning is displayed but execution proceeds.

See Security Policies for complete policy configuration details.