Construction Project Risk MCP Server

Construction project risk intelligence delivered directly to your AI agent via the Model Context Protocol. This MCP server scores contractor safety records, evaluates site hazards, forecasts schedule delays, and generates project underwriting reports — all from live government data sources, all in a single tool call.

Eight data sources feed four independent scoring models. A composite underwriting engine weighs contractor risk (30%), site risk (25%), schedule risk (20%), and regulatory compliance burden (25%) to produce an APPROVE, APPROVE_WITH_CONDITIONS, ENHANCED_REVIEW, or DECLINE verdict. Surety underwriters, construction lenders, and project owners get objective, auditable due diligence in seconds rather than weeks.

What data can you access?

Why use Construction Project Risk MCP Server?

Manual contractor due diligence requires pulling OSHA inspection reports, requesting EPA compliance histories, running corporate registry searches across multiple states, and commissioning site hazard assessments separately. A thorough pre-qualification for a single contractor takes 3-5 days and often costs $2,000-5,000 in staff time and consultant fees. The data still arrives in disparate formats with no composite score.

This MCP server automates the entire process. An AI agent calls one tool, eight government databases are queried in parallel, and structured risk scores arrive in under two minutes. No manual lookups, no fragmented reports, no spreadsheet assembly.

• AI agent native — tools are called directly from Claude, GPT-4, Cursor, Windsurf, or any MCP-compatible client without copy-pasting data between systems
• Pay per query — no subscription commitment; most due diligence workflows cost under $1.00 total
• Parallel data collection — all eight sources are queried simultaneously, not sequentially, minimizing latency
• Auditable scoring — every score includes the signal list that drove it, so underwriters can document their rationale
• Override logic — CRITICAL contractor risk or combined EXTREME site and HIGH contractor risk triggers automatic DECLINE regardless of composite score

Features

• Contractor Risk Score (0-100) — Four-component model: OSHA inspection severity (max 35 pts), EPA violation history (max 25 pts), corporate entity health (max 20 pts), and company research signals including litigation and bankruptcy indicators (max 20 pts)
• OSHA violation classification — Willful, repeat, serious, and failure-to-abate violations are identified and weighted 8 points each above the base per-inspection weight of 3 points
• EPA non-compliance detection — Facilities with four or more consecutive quarters of non-compliance trigger significant non-compliance flags worth 8 points each; standard violations score 4 points each
• Corporate health analysis — Dissolved, inactive, and struck-off entities score 5 points each; zero corporate registrations triggers a legitimacy flag worth 15 points
• Site Risk Matrix (0-100) — Seismic activity (USGS, max 30 pts), severe weather frequency (NOAA, max 30 pts), environmental contamination proximity (EPA, max 25 pts), area density proxy (max 15 pts)
• Seismic scoring — Earthquakes of magnitude 4.0+ count as significant events; magnitude 5.0+ triggers an additional 10-point penalty; each significant quake adds 5 points
• Weather delay forecasting — Extreme events (hurricanes, blizzards) estimate 5 work-day disruptions; severe events (floods, storms) estimate 3 days; standard alerts add 1 day
• Schedule Risk Indicator (0-100) — Weather-driven delay days (max 35 pts), Federal Register regulatory actions including proposed rules and enforcement actions (max 30 pts), OSHA stop-work violation potential (max 20 pts), compounding factor when both weather and violations are elevated (max 15 pts)
• Regulatory Compliance Burden (0-100) — Construction-specific Federal Register rules (max 30 pts), OSHA active enforcement zone density (max 30 pts), EPA permit and remediation requirements (max 25 pts), cumulative burden index (max 15 pts)
• Composite underwriting engine — Weighted blend of all four models produces a 0-100 composite score with four verdicts: APPROVE (≥70), APPROVE_WITH_CONDITIONS (50-69), ENHANCED_REVIEW (30-49), DECLINE (<30)
• Hardcoded decline triggers — CRITICAL contractor risk or EXTREME site risk combined with HIGH contractor risk forces a DECLINE verdict regardless of composite score
• Actionable recommendations — Each report generates specific mitigation steps: safety improvement plans, Phase I/II environmental assessments, seismic engineering reviews, regulatory counsel engagement
• Peer benchmarking — Compare a target contractor's OSHA and EPA record against sector peers with benchmark_contractor_peer

Use cases for construction project risk intelligence

Surety bond underwriting and prequalification

Surety underwriters need objective contractor safety and financial health data before issuing performance and payment bonds. Manual prequalification questionnaires are self-reported and easily manipulated. This MCP server pulls OSHA citations, EPA violations, and corporate registry data from government sources that contractors cannot edit. Use assess_contractor_risk for rapid prequalification screening and generate_project_underwriting_report for full bond decisions.

Construction lending and project finance due diligence

Construction lenders face dual risk: the contractor completing the project and the site itself. A borrower may present an experienced GC who has three willful OSHA violations and two EPA significant non-compliance periods. Use generate_project_underwriting_report to evaluate both dimensions before loan commitment. The composite score and APPROVE/DECLINE verdict maps directly into credit memos.

Subcontractor and trade partner screening

General contractors qualifying subcontractors for large projects need scalable safety screening. Manually pulling OSHA data for 30 subcontractor candidates takes days. Use audit_safety_record in batch to surface candidates with serious or willful violations before final invitation to bid. Firms with multiple repeat violations or $100K+ in OSHA penalties are flagged automatically.

Site selection and construction feasibility analysis

Owners selecting between candidate sites need objective hazard comparisons before committing to land acquisition. Use evaluate_site_hazards with each candidate address to score seismic risk, weather exposure, and environmental contamination proximity. Sites near Superfund facilities or in high-magnitude earthquake zones receive elevated scores that feed directly into go/no-go recommendations.

Owner's representative project monitoring

Owner's representatives overseeing active construction projects can use forecast_regulatory_impact to monitor Federal Register activity for proposed OSHA standards or EPA rules that may affect ongoing work. New proposed construction regulations and enforcement actions update the schedule risk score, giving early warning of potential stop-work risk.

Insurance risk engineering and policy review

Property and casualty insurers underwriting construction all-risk or builder's risk policies can use this MCP server to benchmark the contractor's safety record before binding coverage. OSHA penalty history and EPA compliance status correlate with claims frequency. A contractor scoring ELEVATED or above on the Contractor Risk model may warrant higher premiums or exclusions.

MCP tools reference

How to connect this MCP server

Claude Desktop

Add this to your claude_desktop_config.json:

{
  "mcpServers": {
    "construction-project-risk": {
      "url": "https://construction-project-risk-mcp.apify.actor/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_APIFY_TOKEN"
      }
    }
  }
}

Cursor, Windsurf, or Cline

Add the same URL and token to your MCP server settings. The server uses the MCP Streamable HTTP transport, which all major MCP clients support.

Programmatic (HTTP / Python / JavaScript)

import httpx

response = httpx.post(
    "https://construction-project-risk-mcp.apify.actor/mcp",
    headers={
        "Authorization": "Bearer YOUR_APIFY_TOKEN",
        "Content-Type": "application/json"
    },
    json={
        "jsonrpc": "2.0",
        "method": "tools/call",
        "params": {
            "name": "generate_project_underwriting_report",
            "arguments": {
                "contractor": "Pinnacle General Contractors",
                "location": "Houston, TX",
                "sector": "commercial"
            }
        },
        "id": 1
    }
)

report = response.json()["result"]["content"][0]["text"]
print(report)

const response = await fetch("https://construction-project-risk-mcp.apify.actor/mcp", {
  method: "POST",
  headers: {
    "Authorization": "Bearer YOUR_APIFY_TOKEN",
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    jsonrpc: "2.0",
    method: "tools/call",
    params: {
      name: "assess_contractor_risk",
      arguments: { contractor: "Meridian Construction Group", location: "Dallas, TX" }
    },
    id: 1
  })
});

const data = await response.json();
const risk = JSON.parse(data.result.content[0].text);
console.log(`Risk score: ${risk.contractorRisk.score} — ${risk.contractorRisk.riskLevel}`);

curl -X POST "https://construction-project-risk-mcp.apify.actor/mcp" \
  -H "Authorization: Bearer YOUR_APIFY_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "method": "tools/call",
    "params": {
      "name": "evaluate_site_hazards",
      "arguments": { "location": "2801 N. Houston Ave, Houston TX 77009" }
    },
    "id": 1
  }'

Output example

The generate_project_underwriting_report tool returns a structured JSON report. Below is a representative output for a commercial contractor in a weather-exposed Gulf Coast location.

{
  "entity": "Meridian Construction Group",
  "compositeScore": 58,
  "verdict": "APPROVE_WITH_CONDITIONS",
  "contractorRisk": {
    "score": 41,
    "oshaViolations": 6,
    "seriousViolations": 2,
    "epaViolations": 1,
    "corporateEntities": 4,
    "riskLevel": "ELEVATED",
    "signals": [
      "2 serious/willful OSHA violations — major safety concern",
      "6 OSHA inspections — frequent regulatory attention",
      "$87K in OSHA penalties — pattern of non-compliance"
    ]
  },
  "siteRisk": {
    "score": 38,
    "seismicEvents": 1,
    "weatherAlerts": 7,
    "environmentalFlags": 2,
    "riskLevel": "ELEVATED",
    "signals": [
      "7 weather alerts — weather-challenged location",
      "2 environmental contamination indicators near site"
    ]
  },
  "scheduleRisk": {
    "score": 44,
    "weatherDays": 14,
    "regulatoryActions": 3,
    "riskLevel": "MODERATE_DELAYS",
    "signals": [
      "Estimated 14 weather-affected days — significant schedule impact",
      "2 serious violations — stop-work order risk"
    ]
  },
  "regulatoryCompliance": {
    "score": 31,
    "regulationCount": 3,
    "oshaRequirements": 6,
    "epaRequirements": 2,
    "burdenLevel": "ELEVATED",
    "signals": [
      "3 construction-specific regulations — dense regulatory environment",
      "2 environmental permits required — EPA compliance overhead"
    ]
  },
  "allSignals": [
    "2 serious/willful OSHA violations — major safety concern",
    "6 OSHA inspections — frequent regulatory attention",
    "$87K in OSHA penalties — pattern of non-compliance",
    "7 weather alerts — weather-challenged location",
    "2 environmental contamination indicators near site",
    "Estimated 14 weather-affected days — significant schedule impact",
    "2 serious violations — stop-work order risk",
    "3 construction-specific regulations — dense regulatory environment",
    "2 environmental permits required — EPA compliance overhead"
  ],
  "recommendations": [
    "Require safety improvement plan and third-party safety monitor",
    "Build weather contingency buffer into project timeline",
    "Engage regulatory counsel — dense compliance environment",
    "Phase I/II environmental site assessment recommended"
  ]
}

Output fields

Risk score interpretation

How much does it cost to run construction project risk assessments?

Construction Project Risk MCP Server uses pay-per-event pricing — you pay $0.045 per tool call. Platform compute costs are included.

You can set a maximum spending limit per run to control costs. The actor stops when your budget is reached.

Compare this to traditional contractor prequalification services at $150-500 per report, or dedicated risk platforms like Procore, Dodge Data, or ISN at $5,000-20,000 per year. Most underwriting workflows with this MCP server cost under $0.50 total.

How Construction Project Risk MCP Server works

Data collection phase

When a tool is called, runActorsParallel dispatches simultaneous HTTP calls to up to eight sub-actors on the Apify platform. Each sub-actor is allocated 512MB memory with a 120-second timeout. OSHA inspections, EPA ECHO records, OpenCorporates filings, USGS earthquake events, NOAA weather alerts, Nominatim geocoding, Federal Register documents, and Company Deep Research outputs are all fetched concurrently — not sequentially — so total latency is bounded by the slowest single source rather than the sum.

Scoring engine

Four independent scoring models process the collected data:

Contractor Risk weights OSHA violations using violation type classification. The strings "willful", "repeat", "serious", and "failure to abate" are matched against each citation's violation_type field. Each serious violation adds 8 points; each inspection adds 3 points; the ceiling is 35 points from OSHA alone. EPA significant non-compliance is detected by checking qtrs_in_nc >= 4 or compliance_status containing "significant" — each adds 8 points. Corporate health checks company_status for "dissolv", "inactive", and "struck" patterns across all returned OpenCorporates entities.

Site Risk combines seismic magnitude thresholds (M4.0 significant, M5.0 high, scored via mag field from USGS), NOAA alert severity classification ("extreme", "severe", and event type keywords), and EPA proximity contamination using six keyword flags: hazardous waste, contamination, toxic, superfund, violation, and penalty.

Schedule Risk converts weather alerts to estimated lost work days: extreme events map to 5 days, severe events to 3 days, and standard alerts to 1 day. Federal Register documents are classified as proposed rules or enforcement actions by matching the type and title fields against "proposed", "enforcement", "penalty", and "stop work" patterns.

Regulatory Compliance identifies construction-applicable Federal Register rules by matching title fields against "construction", "building", "safety", and "osha". EPA records are classified for permit type (NPDES permits) and remediation activity (cleanup, remediation, superfund).

Composite underwriting and verdict logic

The composite score inverts each risk score (100 - score) before weighting: Contractor Risk 30%, Site Risk 25%, Schedule Risk 20%, Regulatory Compliance 25%. This means a contractor who scores 0 on all risk axes produces a composite of 100 (maximum approvability). Two hardcoded override rules can force a DECLINE regardless of composite score: CRITICAL contractor risk level (score 80+) or EXTREME site risk (score 80+) combined with HIGH contractor risk (score 60+). The recommendations engine checks ten specific threshold conditions and generates targeted mitigation language for each triggered condition.

Tips for best results

1. Include location with contractor name for assess_contractor_risk — The location parameter appends city and state to the Company Deep Research query, significantly improving the relevance of litigation and news signals for contractors with common names.

2. Use audit_safety_record before assess_contractor_risk for large bid lists — The safety audit costs the same and surfaces the most critical disqualifiers (serious/willful OSHA violations) without running the full four-source contractor risk assessment. Screen out hard rejects cheaply first.

3. Pass street addresses to evaluate_site_hazards — A specific street address produces better geocoding precision in Nominatim, which improves the geographic relevance of USGS earthquake and EPA proximity queries compared to a city name alone.

4. Specify the sector in forecast_regulatory_impact — The Federal Register query uses the sector string directly: "commercial construction", "residential construction", "infrastructure construction", "industrial construction". Matching the Federal Register's language returns more relevant regulatory documents.

5. Run generate_project_underwriting_report for final decisions, targeted tools for screening — The underwriting report calls all eight data sources and all four scoring models in a single $0.045 charge. For initial screening of many contractors, the individual tools are equally priced but faster because they call fewer sub-actors. Use individual tools to filter, then the full report to underwrite the finalists.

6. Check recommendations before writing conditions — The recommendations array surfaces the specific mitigation steps triggered by the scoring thresholds: seismic engineering reviews, Phase I/II environmental assessments, safety improvement plans. These map directly to standard underwriting conditions language.

Combine with other Apify actors

Limitations

• OSHA data is US-only — The OSHA inspection database covers US-regulated worksites. International construction projects will not have OSHA citation records regardless of the contractor's activity history abroad.
• EPA ECHO is US-only — Environmental compliance data covers facilities regulated under US EPA programs. Projects in Canada, Mexico, or other jurisdictions require alternative environmental compliance sources.
• OpenCorporates coverage varies by jurisdiction — All 50 US states and 140+ global jurisdictions are included, but filing completeness and update frequency varies. Some US states have incomplete historical filings.
• Company Deep Research reflects public web data — Litigation signals, bankruptcy indicators, and fraud flags are extracted from publicly indexed web content. Private litigation or non-publicized financial distress may not appear.
• USGS seismic data reflects historical activity — Earthquake risk scoring uses historical seismic event data near the site location. It is not a geotechnical engineering assessment and does not replace a site-specific seismic hazard analysis.
• NOAA alerts are current and near-term — Weather alert data reflects active and recent advisories. Historical climate analysis for long-duration project planning requires supplemental climate data sources.
• Federal Register monitoring has a publication lag — Rules are indexed in the Federal Register after agency publication. Pre-decisional regulatory activity (internal agency drafts) is not captured.
• Scoring models produce relative risk rankings, not actuarial probabilities — The 0-100 scores indicate relative risk magnitude. They are not calibrated loss probability estimates and should be used alongside underwriter judgment, not as standalone approval criteria.
• No real-time inspection status — OSHA inspections are published after the inspection process concludes. Active, in-progress investigations or informal settlements not yet reflected in public records will not appear.

Integrations

• Apify API — Call any MCP tool programmatically from Python, JavaScript, or any HTTP client to integrate construction risk checks into loan origination or bond management systems
• Webhooks — Trigger alerts when a contractor's risk score exceeds a threshold, or when new OSHA or EPA records appear
• Make (Integromat) — Connect construction project risk checks to project management workflows, Procore, or SharePoint document generation
• Zapier — Automate contractor screening when new bid submissions arrive via email, form, or CRM entry
• Google Sheets — Export contractor risk scores and signals to bid tracking or underwriting workbooks
• LangChain / LlamaIndex — Embed construction risk tools in agent pipelines that combine document analysis (loan applications, contracts) with live risk data

Troubleshooting

No OSHA records returned despite known contractor history — The OSHA Inspections Database indexes records by establishment name as filed with OSHA. Contractors operating under a DBA, subsidiary name, or joint venture entity may have records under a different legal name than the one entered. Try the contractor's exact legal entity name from their contractor's license or corporate filing.

Composite score does not match individual model scores — The composite score is calculated from inverted risk scores (100 minus each model's score), weighted and summed. A contractor with a high 80-point Contractor Risk score contributes (100-80) x 0.30 = 6 points to the composite — reflecting high risk. The composite measures approvability, not risk, so a high composite score means low overall risk.

generate_project_underwriting_report taking longer than expected — This tool queries all eight sub-actors in parallel with a 120-second timeout each. The overall response time is bounded by the slowest sub-actor, typically 30-90 seconds. If the call times out, retry once — transient API timeouts on individual government data sources are the most common cause.

DECLINE verdict on a contractor you expected to approve — Check the contractorRisk.riskLevel field. If it reads CRITICAL (score 80+), the hardcoded override rule forces DECLINE regardless of site and regulatory scores. Review allSignals for the specific OSHA or EPA records driving the CRITICAL rating.

Site hazard scores differ from expected for a known low-risk location — USGS earthquake queries use the location string to search proximity to the site. Vague location strings (city names only) may return seismic events from a broader radius than the actual project site. Pass a street address for more precise geographic filtering.

Responsible use

• All data sources used by this MCP server are US government public databases (OSHA, EPA, USGS, NOAA, Federal Register) or publicly available corporate registry data.
• Contractor risk scores are derived from objective public records. Do not use scores as the sole basis for adverse action without reviewing the underlying data.
• Comply with applicable fair lending, FCRA, and procurement regulations when using risk scores in lending or bonding decisions. This tool does not constitute a consumer report under FCRA.
• For guidance on web scraping and data use legality, see Apify's guide.

FAQ

How does construction project risk scoring work in this MCP server? The server runs four independent scoring models — Contractor Risk, Site Risk, Schedule Risk, and Regulatory Compliance — each on a 0-100 scale. A composite underwriting engine weights all four (30/25/20/25) and inverts the scores so higher composite scores mean better approvability. The final verdict (APPROVE through DECLINE) is derived from the composite score, with two hardcoded DECLINE overrides for extreme contractor or site conditions.

What OSHA violation types trigger the highest risk scores? Willful, repeat, serious, and failure-to-abate violations are classified as serious violations and score 8 points each in the Contractor Risk model, compared to 3 points for a standard inspection record. Two or more serious violations trigger a signal flag. Penalties exceeding $100,000 in aggregate also trigger a non-compliance pattern flag.

Does this MCP server cover international construction projects? Site hazard data from USGS earthquakes and NOAA weather alerts has global coverage. Corporate data from OpenCorporates covers 140+ jurisdictions worldwide. However, OSHA and EPA enforcement data is US-only. International contractors working only outside the US will have no OSHA or EPA records regardless of their safety history.

How current is the OSHA and EPA data? All data is fetched live at the time of the tool call from the OSHA public inspections database and EPA ECHO. OSHA inspections are published after the inspection process concludes, which typically means a delay of weeks to months after an actual inspection. EPA non-compliance records reflect the most recently published quarterly compliance data.

How is this different from ISN, Avetta, or Browz contractor prequalification? ISN, Avetta, and Browz rely primarily on self-reported contractor questionnaires and document uploads, then charge $5,000-20,000+ per year for platform access. This MCP server pulls from government databases that contractors cannot edit, costs $0.045 per query, and integrates directly into AI agent workflows. It is most useful for rapid screening and due diligence augmentation, not as a replacement for full prequalification programs with document management.

Can I use this MCP server to qualify subcontractors for federal government projects? The data sources (OSHA, EPA, Federal Register, SAM.gov equivalents via OpenCorporates) overlap with federal prequalification requirements. However, federal contractor prequalification involves additional databases including SAM.gov debarment lists and Past Performance Information Retrieval System (PPIRS). Use Company Deep Research alongside this server for federal debarment screening.

How long does a full underwriting report take? generate_project_underwriting_report queries eight sub-actors in parallel. Typical response time is 30-90 seconds. Individual tools like assess_contractor_risk (four sources) typically complete in 20-60 seconds.

Can I schedule regular contractor monitoring with this server? Yes. Use the Apify platform's scheduling feature to call assess_contractor_risk or audit_safety_record on a weekly or monthly basis for a watchlist of active contractors. Set up webhooks to alert when a contractor's risk level changes or when new OSHA citations appear.

Is it legal to use OSHA and EPA data for underwriting decisions? OSHA and EPA enforcement data are public government records published for public use. Using them in underwriting and lending decisions is standard practice in the insurance and construction finance industries. This data does not constitute a consumer report under FCRA because it is drawn from public enforcement databases, not credit bureaus. Consult legal counsel for jurisdiction-specific compliance requirements.

What does the APPROVE_WITH_CONDITIONS verdict mean? The composite underwriting score fell between 50 and 69, indicating meaningful but manageable risk. The recommendations array in the report output lists the specific conditions triggered: for example, requiring a third-party safety monitor, a Phase I environmental assessment, or a weather contingency buffer in the project schedule. These map directly to standard underwriting condition language.

Can I compare two contractors against each other? Run assess_contractor_risk or benchmark_contractor_peer for each contractor separately. The numeric scores (0-100) and risk levels (LOW through CRITICAL) are directly comparable across calls. benchmark_contractor_peer also accepts a sector parameter that adds industry peer context to the OSHA and EPA queries.

What happens if one of the eight data sources returns no results? Each sub-actor call is wrapped in error handling that returns an empty array on failure rather than crashing the report. Scoring models treat empty arrays as zero contributions from that source — for example, zero OSHA records produces zero OSHA points. The only exception is zero corporate registrations, which contributes a 15-point legitimacy flag to the Contractor Risk score.

Help us improve

If you encounter issues, you can help us debug faster by enabling run sharing in your Apify account:

1. Go to Account Settings > Privacy
2. Enable Share runs with public Actor creators

This lets us see your run details when something goes wrong, so we can fix issues faster. Your data is only visible to the actor developer, not publicly.

Support

Found a bug or have a feature request? Open an issue in the Issues tab on this actor's page. For custom solutions or enterprise integrations, reach out through the Apify platform.