71
/ 100
8 days ago
glama

Charon

Self-hostable control plane for managing the full lifecycle of non-human identities (AI agents), with short-lived credential issuance, attestation, and an MCP authorization gateway for per-tool access control.

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
Open source with a license and README
Anyone can audit the code, the license is declared, and the publisher documents what it does.
🔐
You'll be asked for 2 credentials: CHARON_SIGNING_KEY, CHARON_CREDENTIAL
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
configCHARON_TRUST_DOMAIN
configCHARON_DB(override paths with / CHARON_SIGNING_KEY), so issued credentials
🔐 secretCHARON_SIGNING_KEY(override paths with CHARON_DB / ), so issued credentials
🔐 secretCHARON_CREDENTIAL
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 4 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/ninadrao0707-charon-12z16z)](https://m8ven.ai/mcp/ninadrao0707-charon-12z16z)
commit: 372fb0abfa6e88f3983803a2c5279fdb8d562fd9
code hash: e0b484cd1ed18f6600dc6dad231d3ffe0908ab10984a79e73ef28825e69b75b1
verified: 6/21/2026, 10:41:59 AM
view raw JSON →