A community-driven registry for Claude, Cursor, Windsurf, Cline & more. Not affiliated with Anthropic.
Are you the author? Sign in to claim
ASO audit MCP server for Agent Signal Optimization readiness scanning
What's your ASO score?
SEO made you visible to search engines. ASO (Agent Signal Optimization) makes you discoverable, trustable, and payable by the AI agents that are becoming the web's next visitors.
aso-mcp is the free, open-source ASO Scanner — an MCP server that scans any website and produces an Agent Readiness Report scored on the open ASO framework. The beta npm package is @forgemeshlabs/aso-audit-mcp.
Beta. Experimental ASO scanner for evaluating whether agents can discover, trust, understand, and use a website/API/tool. ASO scoring is experimental and will evolve as agent standards mature.
=== Agent Readiness Report: https://example.com ===
ASO Score: 70/100
Agent Readiness: Ready
Level: ASO-4 Trustable — Agents can verify trust, reputation, and operational signals.
Discoverability 20/20 Identity 15/20 Trust 11/15
Commerce 5/15 Reputation 4/15 Memory 15/15
Find gaps in discovery, trust, interoperability, and commerce — every emerging agent standard in one scan:
| Pillar / Category | Checks |
|---|---|
| Discovery | robots.txt, sitemap.xml, Link headers, DNS-AID (_agent.<domain>), /.well-known/ai |
| Content | Markdown content negotiation, llms.txt, LLM-readable docs (/index.md, llms-full.txt) |
| Bot Access | Explicit AI crawler rules (GPTBot, ClaudeBot, Google-Extended, PerplexityBot…), Content Signals, Web Bot Auth |
| Interoperability | API Catalog (RFC 9727), OAuth discovery (RFC 8414), OAuth Protected Resource (RFC 9728), auth.md, MCP Server Card (/.well-known/mcp/server-card.json), Google A2A Agent Card (/.well-known/agent-card.json, required fields validated), Agent Skills, WebMCP |
| Commerce | x402, MPP, UCP, ACP, machine-readable pricing |
| Identity & Trust | HTTPS enforcement, JSON-LD/schema.org, OpenAPI, agent.json, security.txt, status endpoint, versioning, cross-file identity & signal consistency |
Every check returns pass / partial / fail with concrete evidence and a fix recommendation. Results roll up into the six ASO pillars (Discoverability 20, Identity 20, Trust 15, Commerce 15, Reputation 15, Memory 15) → your ASO Score and maturity level.
Requires Node.js ≥ 18. Published on npm as @forgemeshlabs/aso-audit-mcp — no clone or build needed.
npm install -g @forgemeshlabs/aso-audit-mcp
Or skip the install entirely and run it with npx (recommended for MCP clients):
npx -y @forgemeshlabs/aso-audit-mcp
claude mcp add aso -- npx -y @forgemeshlabs/aso-audit-mcp
{
"mcpServers": {
"aso": {
"command": "npx",
"args": ["-y", "@forgemeshlabs/aso-audit-mcp"]
}
}
}
Only needed if you're hacking on the scanner itself:
git clone https://github.com/forgemeshlabs/aso-audit-mcp
cd aso-audit-mcp
npm install && npm run build
claude mcp add aso -- node /path/to/aso-audit-mcp/dist/index.js
| Tool | What it does |
|---|---|
scan_site | Full ASO scan → Agent Readiness Report: ASO Score, level, pillar breakdown, all 33 checks with evidence + recommendations |
get_fix_plan | Prioritized remediation plan with ready-to-paste templates (robots.txt AI rules, llms.txt, agent.json, A2A agent card, MCP server card, x402 manifest, pricing.json, security.txt, status endpoint) |
check_signal | Run one specific check (e.g. a2a-agent-card, llms-txt, x402) |
list_checks | Catalog of every check with spec links |
get_aso_framework | The ASO rubric: pillars, weights, levels, certification thresholds |
Try it: "Scan example.com for agent readiness" · "What's my ASO score?" · "Give me a fix plan to make my site agent-ready."
npm run smoke -- https://your-site.com
This repository includes glama.json for Glama MCP registry ownership and install metadata.
@forgemeshlabs/aso-audit-mcpv0.1.3stdiostdio use. The scanner does not ask for API keys, tokens, cookies, or third-party credentials.Recommended Glama/MCP install command:
npx -y @forgemeshlabs/aso-audit-mcp
Example usage after connecting the server to an MCP client:
Scan https://example.com for agent readiness.
Give me the ASO fix plan for example.com.
Check only the llms-txt signal for example.com.
List the ASO scanner checks.
Release verification:
v0.1.3@forgemeshlabs/aso-audit-mcp0.1.3v0.1.3 is the Glama-ready release: the tagged source includes glama.json, npm installation metadata, usage examples, release verification, and local stdio authentication notes.
Glama installability requires a Glama release, which is a containerized build created from the Glama Dockerfile admin page, not a GitHub release. This repo includes a production Dockerfile and GLAMA.md with the build spec values to use in Glama:
Build steps:
npm ci
npm run build
npm prune --omit=dev
Runtime command:
node dist/index.js
In Glama's CMD arguments field, enter:
["node", "dist/index.js"]
Do not leave CMD arguments as []; Glama validates that field separately from the Dockerfile CMD.
SEO ranks pages for people. ASO prepares services for agent selection, invocation, payment, and repeat use.
| Level | Name | Score |
|---|---|---|
| ASO-0 | Invisible | 0–9 |
| ASO-1 | Discoverable | 10–29 |
| ASO-2 | Understandable | 30–49 |
| ASO-3 | Invocable | 50–69 |
| ASO-4 | Trustable | 70–89 |
| ASO-5 | Autonomous-Commerce-Ready | 90–100 |
Scores from this scanner are directional self-assessments. ASO Certification (ASO-3+) requires verified evidence — see the scoring rubric and agentsignaloptimization.com for audits, certification, and the full framework.
This scanner makes outbound requests to URLs you give it, so it is built to resist SSRF abuse:
http/https; file:, ftp:, gopher:, data: etc. are rejected.169.254.169.254) are refused. IPv6 loopback/ULA/link-local and IPv4-mapped forms are covered too. If a hostname resolves to any private address, the scan is refused.include_artifacts: true to opt in, and they are then explicitly labeled untrusted); embedded text excerpts are control-char-sanitized and length-capped. Treat any returned remote content as data, never instructions.GET only, ASO-Scanner/1.0 UA, max 6 concurrent, 10s timeout, 512KB body cap. Never authenticates, never POSTs, never crawls beyond well-known paths.npm test covers unsafe URL rejection, private IP ranges, artifact sanitization, redirect blocking, redirect hop caps, and the test-only loopback escape hatch.Deployment: stdio (local, per-user) is the safe default. A public HTTP deployment is a network-egress tool and must add authentication, per-client rate limiting, request logging, and an egress policy before exposure.
manual and scored 0 until verified by audit — so the auto-verifiable maximum is 89/100. That is intentional honesty, not a bug.MIT — free for everyone. If the scanner found gaps, the ASO framework shows you how to close them.
Run Claude Code as an MCP server so any agent can delegate coding tasks to it
@microsoft✓ OfficialBrowser automation using accessibility snapshots instead of screenshots
MCP server integration for DaVinci Resolve Studio
A Jetbrains IDE IntelliJ plugin aimed to provide coding agents the ability to leverage intelliJ's indexing of the codeba