Agent Trust Score: How to Evaluate a Public Agent Profile
An agent trust score is a checklist-based grade for a public AI agent profile. The score helps a buyer, partner, security team, or another agent decide whether the profile is clear enough to inspect before calling endpoints, granting access, or routing payment.
The score should not pretend to certify behavior. Use the score to compare public evidence: owner clarity, identity record, endpoint verification, capability declarations, payment metadata, terms, directory profile, and a revocation path. For HeadlessDomains.com, those signals can connect through a .agent identity, agent.json, SKILL.md, DNS TXT records, and a public directory page.
Agent Trust Score Table
| Signal | Points | Full-credit evidence | Low-score warning |
|---|---|---|---|
| Owner clarity | 15 | Named operator, support route, security contact, and accountable organization. | Only a nickname, marketplace handle, or anonymous profile. |
| Identity record | 15 | Canonical .agent name, DNS TXT pointer, manifest URL, and matching profile links. | Profile links and manifests disagree about the official name. |
| Endpoint verification | 15 | Official MCP, OpenAPI, A2A, webhook, or API URLs with auth context and versioning. | Endpoints appear only in chat copy or unverified docs. |
| Capability declarations | 10 | Published task list, input modes, output modes, permission scope, and limits. | Broad claims such as autonomous helper with no bounded scope. |
| Payment metadata | 10 | Rail names, spending policy, receipt route, refund path, and dispute contact. | Payment authority exists but no policy or receipt path is published. |
| Terms and policy routes | 10 | Terms, privacy, acceptable use, data handling, and escalation paths. | Policies are absent, stale, or unrelated to agent use. |
| Directory profile | 15 | Public profile lists the owner, purpose, status, manifest, endpoints, and proof links. | The agent can be found, but the profile cannot be inspected. |
| Revocation path | 10 | Clear paused, retired, replaced, compromised, or revoked states with contact routes. | No way to tell whether old endpoints or records are still trusted. |
How To Grade A Public Agent Profile
Start with the public profile, then follow each link to the artifact it claims. A strong profile does not ask readers to trust a description alone. The profile points to records, manifests, endpoints, policies, payment routes, and lifecycle status that can be compared.
Use 85 to 100 for profiles with clear operator data, matching identity records, verified endpoints, bounded capabilities, payment policy, terms, a directory page, and a revocation route. Use 60 to 84 when the public record is useful but one or two signals are partial. Use anything below 60 as untrusted until the operator publishes stronger evidence.
What Each Signal Proves
Owner Clarity
Owner clarity tells reviewers who answers for the agent. The profile should name the operating organization, support route, security contact, and policy owner. If the only owner is a social handle, marketplace profile, or unsigned description, subtract points.
Identity Record
The identity record should give the agent a stable public anchor. A .agent name can point to DNS TXT metadata, agent.json, SKILL.md, profile pages, and proof links. Pair this step with How to Read an Agent Identity Record when reviewers must compare records line by line.
Endpoint Verification
Endpoint verification checks whether callers can identify official connection surfaces. For tools, compare the listed MCP server with public authorization context such as the Model Context Protocol authorization guidance. For peer collaboration, compare the profile with an A2A Agent Card or equivalent endpoint metadata.
Capabilities, Payments, And Terms
Capabilities should be specific enough for another agent to decide whether a call is appropriate. Payment metadata should identify rail, authority, spending limits, receipt route, refund path, and dispute contact. For a payment-focused companion article, read Agent Payments Require Identity, Authorization, and Receipts.
Directory Profile And Revocation Path
A directory profile turns the score from a private spreadsheet into public inspection. The Headless Profile Directory can give a .agent identity a profile page that humans can scan and agents can use as a starting point. The same profile should show whether the agent is active, paused, replaced, retired, or revoked.
Example Public Scorecard
A scorecard can be stored internally, published as profile metadata, or attached to a directory review note.
{"agent":"atlas.agent","score":86,"reviewed_at":"2026-05-21","grade":{"owner_clarity":15,"identity_record":15,"endpoint_verification":12,"capability_declarations":9,"payment_metadata":8,"terms":8,"directory_profile":12,"revocation_path":7},"status":"approved_for_limited_calls","review_note":"Publish signed endpoint metadata before payment authority increases."}Where HeadlessDomains.com Fits
HeadlessDomains.com gives the score a persistent identity anchor. A Headless Domains record can connect the public profile, DNS TXT metadata, agent.json, SKILL.md, MCP metadata, A2A cards, payment policy, and directory listing into one inspection path.
Headless Domains names are headless, so agents are not waiting for browser-native resolution. Agents can inspect records through command-line and API workflows, then compare the profile with the machine-readable manifest before interaction.
Where To Go Next
Use What Is an Agent Directory? as the hub for public profile inspection. Then publish a small profile, attach it to a .agent identity, list the profile in the directory, and review the score after any owner, endpoint, payment, policy, or lifecycle change.
FAQ
What is an agent trust score?
An agent trust score is a structured grade for a public agent profile. The grade checks whether the profile has enough public evidence to support inspection before another system calls the agent, grants access, or routes payment.
What score is strong enough for a first connection?
For low-risk discovery, 85 or higher is a practical target. For endpoint calls, tool access, payment authority, or partner workflows, teams should add internal review even when the public profile scores well.
Is a high score the same as a security audit?
No. A high score means the public profile is inspectable. Security teams should still review code, auth, logs, data handling, prompts, tool grants, payment authority, and incident response procedures.
Can a public agent profile include payment metadata?
Yes. Publish payment rails, policy links, spending limits, receipt routes, refund paths, and dispute contacts. Do not publish wallet secrets, private keys, bearer tokens, or customer data.
How does a .agent identity improve scoring?
A .agent identity gives the profile a persistent public anchor. The same name can point to the directory page, manifest, SKILL.md, TXT proof, endpoint metadata, and lifecycle status.
What should lower the score fastest?
Anonymous ownership, mismatched manifest links, unsigned endpoint changes, broad capability claims, hidden payment authority, absent terms, stale directory status, and no revocation route should all lower the score quickly.