Evidence-based public website scanner for pre-consent cookies, tracking, consent surfaces, and GDPR/ePrivacy disclosure signals. 11 MCP tools: scan, status, findings, pre-consent cookies/trackers, report, evidence, and domain-latest resources. Self-serve API key at certscore.ai. Outputs are automated review signals, not legal advice or a compliance determination.
Overview
CertScore.ai MCP Server
CertScore.ai scans public websites for evidence-based signals mapped to GDPR and ePrivacy requirements — pre-consent tracking, third-party requests, cookie and storage activity, consent surface behavior, and disclosure alignment.
Tools
scan_site— Start or reuse a scan for a public URLget_scan— Retrieve scan resource by stable scan IDget_scan_status— Check scan status by scanId or jobIdget_report— Retrieve a summary Pulse reportget_evidence— Retrieve structured evidence JSONexport_findings— Return structured findings from a reportlist_findings— List findings projected for a scanget_pre_consent_cookies_trackers— Pre-consent cookies and trackers tableexplain_finding— Explain a finding with evidence and reviewer next stepsget_latest_domain_scan— Latest eligible scan for a domainget_latest_domain_pre_consent_cookies_trackers— Latest pre-consent cookies/trackers for a domain
Setup
Requires a self-serve API key from certscore.ai. Install via npm or Homebrew.
CertScore.ai outputs are automated review signals, not legal advice, certification, or a compliance determination.
Server Config
{
"mcpServers": {
"certscore": {
"command": "certscore-mcp",
"env": {
"CERTSCORE_API_KEY": "<your-token>",
"CERTSCORE_BASE_URL": "https://certscore.ai"
}
}
}
}