[ { "answer": "Source Not Verified", "attempted_scan": true, "capabilities": [], "concerns": [ "No MCP tools confidently identified", "No explicit controls observed in fetched evidence" ], "controls": [], "discovery_status": "observed", "display_name": "ai-agentic-news-mcp", "evidence_status": "awaiting verification", "install_label": "Source Not Verified", "name": "ai-agentic-news-mcp", "normalized_repo_url_from": "url", "observed_at": "2026-06-10T16:46:30Z", "posture": "Insufficient Evidence", "profile_path": "servers/ai-agentic-news-mcp.json", "repo_url": "https://github.com/u00dxk2/agentic-news", "score": null, "slug": "ai-agentic-news-mcp", "source_url": "https://github.com/u00dxk2/agentic-news", "toolproof_id": "mcp:ai-agentic-news-mcp", "tools": [], "trust_profile_url": "./servers/ai-agentic-news-mcp.html", "url": "https://github.com/u00dxk2/agentic-news", "verdict": "Source Not Verified", "verdict_label": "Source Not Verified", "why": "ToolProof could not fetch enough source evidence to evaluate this MCP server." }, { "answer": "Source Not Verified", "attempted_scan": true, "capabilities": [], "concerns": [ "No MCP tools confidently identified", "No explicit controls observed in fetched evidence" ], "controls": [], "discovery_status": "observed", "display_name": "ai-agentdm-agentdm", "evidence_status": "awaiting verification", "install_label": "Source Not Verified", "name": "ai-agentdm-agentdm", "normalized_repo_url_from": "url", "observed_at": "2026-06-10T16:46:25Z", "posture": "Insufficient Evidence", "profile_path": "servers/ai-agentdm-agentdm.json", "repo_url": "https://github.com/agentdmai/agentdm", "score": null, "slug": "ai-agentdm-agentdm", "source_url": "https://github.com/agentdmai/agentdm", "toolproof_id": "mcp:ai-agentdm-agentdm", "tools": [], "trust_profile_url": "./servers/ai-agentdm-agentdm.html", "url": "https://github.com/agentdmai/agentdm", "verdict": "Source Not Verified", "verdict_label": "Source Not Verified", "why": "ToolProof could not fetch enough source evidence to evaluate this MCP server." }, { "answer": "Review Before Install", "attempted_scan": true, "capabilities": [ "25 MCP tool declaration(s) inferred", "Environment/API key configuration indicators", "File-system access indicators", "MCP/server implementation evidence found", "Network access indicators", "Shell/process execution indicators" ], "concerns": [ "Possible shell/process execution surface" ], "controls": [ "Authentication/authorization language observed", "Containerization evidence observed", "Explicit secret/env configuration language observed", "License file or license language observed", "Restriction/least-privilege language observed", "Test framework or tests mentioned" ], "display_name": "ai-adeu-adeu", "install_label": "Review Before Install", "name": "ai-adeu-adeu", "normalized_repo_url_from": "url", "observed_at": "2026-06-10T16:46:11Z", "posture": "Limited Evidence", "profile_path": "servers/ai-adeu-adeu.json", "repo_url": "https://github.com/dealfluence/adeu", "score": 58, "slug": "ai-adeu-adeu", "source_url": "https://github.com/dealfluence/adeu", "toolproof_id": "mcp:ai-adeu-adeu", "tools": [ "get_tools", "create_agent", "check_untyped_defs", "create_unified_diff", "create_word_patch_diff", "search_and_fetch_emails", "create_email_draft", "list_available_mailboxes", "delete_row", "False", "True", "fetch_cloud_data", "get_current_user", "get_api_key", "validate_docx_path", "DELETE_ROW", "validate_python", "Excluded", "get_run_text", "get_paragraph_prefix", "get_run_style_markers", "run_parts", "get_virtual_spans_in_range", "run_to_split", "run_text" ], "trust_profile_url": "./servers/ai-adeu-adeu.html", "url": "https://github.com/dealfluence/adeu", "verdict": "Review Before Install", "verdict_label": "Review Before Install", "why": "Fetched 67 source file(s). Inferred 6 capability signal(s), 6 control signal(s), and 1 concern(s)." }, { "answer": "Source Not Verified", "attempted_scan": true, "capabilities": [], "concerns": [ "No MCP tools confidently identified", "No explicit controls observed in fetched evidence" ], "controls": [], "discovery_status": "observed", "display_name": "ai-abmeter-abmeter", "evidence_status": "awaiting verification", "install_label": "Source Not Verified", "name": "ai-abmeter-abmeter", "normalized_repo_url_from": "url", "observed_at": "2026-06-10T16:46:07Z", "posture": "Insufficient Evidence", "profile_path": "servers/ai-abmeter-abmeter.json", "repo_url": "https://github.com/abmeter/abmeter", "score": null, "slug": "ai-abmeter-abmeter", "source_url": "https://github.com/abmeter/abmeter", "toolproof_id": "mcp:ai-abmeter-abmeter", "tools": [], "trust_profile_url": "./servers/ai-abmeter-abmeter.html", "url": "https://github.com/abmeter/abmeter", "verdict": "Source Not Verified", "verdict_label": "Source Not Verified", "why": "ToolProof could not fetch enough source evidence to evaluate this MCP server." }, { "answer": "Source Not Verified", "attempted_scan": true, "capabilities": [], "concerns": [ "No MCP tools confidently identified", "No explicit controls observed in fetched evidence" ], "controls": [], "discovery_status": "observed", "display_name": "agency-lona-trading", "evidence_status": "awaiting verification", "install_label": "Source Not Verified", "name": "agency-lona-trading", "normalized_repo_url_from": "url", "observed_at": "2026-06-10T16:46:03Z", "posture": "Insufficient Evidence", "profile_path": "servers/agency-lona-trading.json", "repo_url": "https://github.com/mindsightventures/lona", "score": null, "slug": "agency-lona-trading", "source_url": "https://github.com/mindsightventures/lona/tree/main/packages/lona-mcp-server", "toolproof_id": "mcp:agency-lona-trading", "tools": [], "trust_profile_url": "./servers/agency-lona-trading.html", "url": "https://github.com/mindsightventures/lona/tree/main/packages/lona-mcp-server", "verdict": "Source Not Verified", "verdict_label": "Source Not Verified", "why": "ToolProof could not fetch enough source evidence to evaluate this MCP server." }, { "answer": "Needs Oversight", "attempted_scan": true, "capabilities": [ "20 MCP tool declaration(s) inferred", "Environment/API key configuration indicators", "File-system access indicators", "MCP/server implementation evidence found", "Network access indicators" ], "concerns": [], "controls": [ "Authentication/authorization language observed", "Containerization evidence observed", "Explicit secret/env configuration language observed", "License file or license language observed", "Restriction/least-privilege language observed", "Test framework or tests mentioned" ], "display_name": "ac-tandem-docs-mcp", "install_label": "Needs Oversight", "name": "ac-tandem-docs-mcp", "normalized_repo_url_from": "url", "observed_at": "2026-06-10T16:45:44Z", "posture": "Moderate Evidence", "profile_path": "servers/ac-tandem-docs-mcp.json", "repo_url": "https://github.com/frumu-ai/tandem", "score": 68, "slug": "ac-tandem-docs-mcp", "source_url": "https://github.com/frumu-ai/tandem", "toolproof_id": "mcp:ac-tandem-docs-mcp", "tools": [ "run_id", "English", "list_tool_ids", "list_tools", "run_now", "list_runs", "list_artifacts", "run_once", "preview_import", "list_files", "get_project_github_inbox", "create_template", "update_template", "delete_template", "search_docs", "get_bindings", "create_pull_request", "run_late", "preview_payload", "run_allowlist" ], "trust_profile_url": "./servers/ac-tandem-docs-mcp.html", "url": "https://github.com/frumu-ai/tandem", "verdict": "Needs Oversight", "verdict_label": "Needs Oversight", "why": "Fetched 80 source file(s). Inferred 5 capability signal(s), 6 control signal(s), and 0 concern(s)." }, { "answer": "Source Not Verified", "attempted_scan": true, "capabilities": [], "concerns": [ "No MCP tools confidently identified", "No explicit controls observed in fetched evidence" ], "controls": [], "discovery_status": "observed", "display_name": "ai-smithery-skr-cloudify-clickup-mcp-server-new", "evidence_status": "awaiting verification", "install_label": "Source Not Verified", "name": "ai-smithery-skr-cloudify-clickup-mcp-server-new", "normalized_repo_url_from": "url", "observed_at": "2026-06-10T16:45:40Z", "posture": "Insufficient Evidence", "profile_path": "servers/ai-smithery-skr-cloudify-clickup-mcp-server-new.json", "repo_url": "https://github.com/skr-cloudify/clickup-mcp-server-new", "score": null, "slug": "ai-smithery-skr-cloudify-clickup-mcp-server-new", "source_url": "https://github.com/skr-cloudify/clickup-mcp-server-new", "toolproof_id": "mcp:ai-smithery-skr-cloudify-clickup-mcp-server-new", "tools": [], "trust_profile_url": "./servers/ai-smithery-skr-cloudify-clickup-mcp-server-new.html", "url": "https://github.com/skr-cloudify/clickup-mcp-server-new", "verdict": "Source Not Verified", "verdict_label": "Source Not Verified", "why": "ToolProof could not fetch enough source evidence to evaluate this MCP server." }, { "answer": "Review Before Install", "attempted_scan": true, "capabilities": [ "25 MCP tool declaration(s) inferred", "Environment/API key configuration indicators", "File-system access indicators", "MCP/server implementation evidence found", "Network access indicators", "Shell/process execution indicators" ], "concerns": [ "Possible shell/process execution surface" ], "controls": [ "Authentication/authorization language observed", "Containerization evidence observed", "Explicit secret/env configuration language observed", "License file or license language observed", "Restriction/least-privilege language observed", "Test framework or tests mentioned" ], "display_name": "ai-smithery-hithereiamaliff-mcp-nextcloud", "install_label": "Review Before Install", "name": "ai-smithery-hithereiamaliff-mcp-nextcloud", "normalized_repo_url_from": "url", "observed_at": "2026-06-10T16:45:34Z", "posture": "Limited Evidence", "profile_path": "servers/ai-smithery-hithereiamaliff-mcp-nextcloud.json", "repo_url": "https://github.com/hithereiamaliff/mcp-nextcloud", "score": 58, "slug": "ai-smithery-hithereiamaliff-mcp-nextcloud", "source_url": "https://github.com/hithereiamaliff/mcp-nextcloud", "toolproof_id": "mcp:ai-smithery-hithereiamaliff-mcp-nextcloud", "tools": [ "list_changed", "nc_notes_create_note", "nc_notes_update_note", "nc_notes_append_content", "nc_notes_delete_note", "nc_notes_search_notes", "nc_calendar_list_calendars", "nc_calendar_create_event", "nc_calendar_list_events", "nc_calendar_get_event", "nc_calendar_update_event", "nc_calendar_delete_event", "nc_contacts_list_addressbooks", "nc_contacts_create_addressbook", "nc_contacts_delete_addressbook", "nc_contacts_list_contacts", "nc_contacts_create_contact", "nc_contacts_delete_contact", "nc_tables_list_tables", "nc_tables_get_schema", "nc_tables_read_table", "nc_tables_insert_row", "nc_tables_update_row", "nc_tables_delete_row", "nc_webdav_list_directory" ], "trust_profile_url": "./servers/ai-smithery-hithereiamaliff-mcp-nextcloud.html", "url": "https://github.com/hithereiamaliff/mcp-nextcloud", "verdict": "Review Before Install", "verdict_label": "Review Before Install", "why": "Fetched 23 source file(s). Inferred 6 capability signal(s), 6 control signal(s), and 1 concern(s)." }, { "answer": "Source Not Verified", "attempted_scan": true, "capabilities": [], "concerns": [ "No MCP tools confidently identified", "No explicit controls observed in fetched evidence" ], "controls": [], "discovery_status": "observed", "display_name": "ai-smithery-arjunkmrm-local001", "evidence_status": "awaiting verification", "install_label": "Source Not Verified", "name": "ai-smithery-arjunkmrm-local001", "normalized_repo_url_from": "url", "observed_at": "2026-06-10T16:45:30Z", "posture": "Insufficient Evidence", "profile_path": "servers/ai-smithery-arjunkmrm-local001.json", "repo_url": "https://github.com/arjunkmrm/time", "score": null, "slug": "ai-smithery-arjunkmrm-local001", "source_url": "https://github.com/arjunkmrm/time", "toolproof_id": "mcp:ai-smithery-arjunkmrm-local001", "tools": [], "trust_profile_url": "./servers/ai-smithery-arjunkmrm-local001.html", "url": "https://github.com/arjunkmrm/time", "verdict": "Source Not Verified", "verdict_label": "Source Not Verified", "why": "ToolProof could not fetch enough source evidence to evaluate this MCP server." }, { "answer": "Review Before Install", "attempted_scan": true, "capabilities": [ "MCP/server implementation evidence found", "Network access indicators" ], "concerns": [ "No MCP tools confidently identified" ], "controls": [ "Authentication/authorization language observed", "Explicit secret/env configuration language observed", "License file or license language observed" ], "display_name": "ai-smithery-pinion05-supabase-mcp-lite", "install_label": "Review Before Install", "name": "ai-smithery-pinion05-supabase-mcp-lite", "normalized_repo_url_from": "url", "observed_at": "2026-06-10T16:45:29Z", "posture": "Limited Evidence", "profile_path": "servers/ai-smithery-pinion05-supabase-mcp-lite.json", "repo_url": "https://github.com/pinion05/supabase-mcp-lite", "score": 56, "slug": "ai-smithery-pinion05-supabase-mcp-lite", "source_url": "https://github.com/pinion05/supabase-mcp-lite", "toolproof_id": "mcp:ai-smithery-pinion05-supabase-mcp-lite", "tools": [], "trust_profile_url": "./servers/ai-smithery-pinion05-supabase-mcp-lite.html", "url": "https://github.com/pinion05/supabase-mcp-lite", "verdict": "Review Before Install", "verdict_label": "Review Before Install", "why": "Fetched 4 source file(s). Inferred 2 capability signal(s), 3 control signal(s), and 1 concern(s)." }, { "answer": "Review Before Install", "attempted_scan": true, "capabilities": [ "25 MCP tool declaration(s) inferred", "Environment/API key configuration indicators", "File-system access indicators", "MCP/server implementation evidence found", "Network access indicators", "Shell/process execution indicators" ], "concerns": [ "Possible shell/process execution surface" ], "controls": [ "Authentication/authorization language observed", "Containerization evidence observed", "Explicit secret/env configuration language observed", "License file or license language observed", "Restriction/least-privilege language observed", "Test framework or tests mentioned" ], "display_name": "ai-smithery-mistersandfr-supabase-mcp-selfhosted", "install_label": "Review Before Install", "name": "ai-smithery-mistersandfr-supabase-mcp-selfhosted", "normalized_repo_url_from": "url", "observed_at": "2026-06-10T16:45:09Z", "posture": "Limited Evidence", "profile_path": "servers/ai-smithery-mistersandfr-supabase-mcp-selfhosted.json", "repo_url": "https://github.com/MisterSandFR/Supabase-MCP-SelfHosted", "score": 58, "slug": "ai-smithery-mistersandfr-supabase-mcp-selfhosted", "source_url": "https://github.com/MisterSandFR/Supabase-MCP-SelfHosted", "toolproof_id": "mcp:ai-smithery-mistersandfr-supabase-mcp-selfhosted", "tools": [ "create_server", "list_tables", "get_database_stats", "create_index", "list_extensions", "check_health", "get_database_connections", "list_auth_users", "create_auth_user", "update_auth_user", "delete_auth_user", "get_auth_user", "list_storage_buckets", "list_storage_objects", "delete_file", "list_realtime_publications", "create_subscription", "delete_subscription", "create_migration", "list_migrations", "validate_migration", "get_logs", "analyze_performance", "analyze_rls_coverage", "CREATE_EXECUTE_SQL_FUNCTION" ], "trust_profile_url": "./servers/ai-smithery-mistersandfr-supabase-mcp-selfhosted.html", "url": "https://github.com/MisterSandFR/Supabase-MCP-SelfHosted", "verdict": "Review Before Install", "verdict_label": "Review Before Install", "why": "Fetched 80 source file(s). Inferred 6 capability signal(s), 6 control signal(s), and 1 concern(s)." }, { "answer": "Source Not Verified", "attempted_scan": true, "capabilities": [], "concerns": [ "No MCP tools confidently identified", "No explicit controls observed in fetched evidence" ], "controls": [], "discovery_status": "observed", "display_name": "ai-smithery-mayla-debug-mcp-google-calendar2", "evidence_status": "awaiting verification", "install_label": "Source Not Verified", "name": "ai-smithery-mayla-debug-mcp-google-calendar2", "normalized_repo_url_from": "url", "observed_at": "2026-06-10T16:45:06Z", "posture": "Insufficient Evidence", "profile_path": "servers/ai-smithery-mayla-debug-mcp-google-calendar2.json", "repo_url": "https://github.com/mayla-debug/mcp-google-calendar2", "score": null, "slug": "ai-smithery-mayla-debug-mcp-google-calendar2", "source_url": "https://github.com/mayla-debug/mcp-google-calendar2", "toolproof_id": "mcp:ai-smithery-mayla-debug-mcp-google-calendar2", "tools": [], "trust_profile_url": "./servers/ai-smithery-mayla-debug-mcp-google-calendar2.html", "url": "https://github.com/mayla-debug/mcp-google-calendar2", "verdict": "Source Not Verified", "verdict_label": "Source Not Verified", "why": "ToolProof could not fetch enough source evidence to evaluate this MCP server." }, { "answer": "Source Not Verified", "attempted_scan": true, "capabilities": [], "concerns": [ "No MCP tools confidently identified", "No explicit controls observed in fetched evidence" ], "controls": [], "discovery_status": "observed", "display_name": "ai-smithery-data-mindset-sts-google-forms-mcp", "evidence_status": "awaiting verification", "install_label": "Source Not Verified", "name": "ai-smithery-data-mindset-sts-google-forms-mcp", "normalized_repo_url_from": "url", "observed_at": "2026-06-10T16:45:02Z", "posture": "Insufficient Evidence", "profile_path": "servers/ai-smithery-data-mindset-sts-google-forms-mcp.json", "repo_url": "https://github.com/data-mindset/sts-google-forms-mcp", "score": null, "slug": "ai-smithery-data-mindset-sts-google-forms-mcp", "source_url": "https://github.com/data-mindset/sts-google-forms-mcp", "toolproof_id": "mcp:ai-smithery-data-mindset-sts-google-forms-mcp", "tools": [], "trust_profile_url": "./servers/ai-smithery-data-mindset-sts-google-forms-mcp.html", "url": "https://github.com/data-mindset/sts-google-forms-mcp", "verdict": "Source Not Verified", "verdict_label": "Source Not Verified", "why": "ToolProof could not fetch enough source evidence to evaluate this MCP server." }, { "answer": "Sandbox/Test OK", "attempted_scan": true, "capabilities": [ "3 MCP tool declaration(s) inferred", "Environment/API key configuration indicators", "MCP/server implementation evidence found" ], "concerns": [], "controls": [ "Authentication/authorization language observed", "Explicit secret/env configuration language observed", "License file or license language observed", "Test framework or tests mentioned" ], "display_name": "ai-smithery-imronai-mcp-server-browserbase", "install_label": "Sandbox/Test OK", "name": "ai-smithery-imronai-mcp-server-browserbase", "normalized_repo_url_from": "url", "observed_at": "2026-06-10T16:44:57Z", "posture": "Evidence Observed", "profile_path": "servers/ai-smithery-imronai-mcp-server-browserbase.json", "repo_url": "https://github.com/ImRonAI/mcp-server-browserbase", "score": 76, "slug": "ai-smithery-imronai-mcp-server-browserbase", "source_url": "https://github.com/ImRonAI/mcp-server-browserbase", "toolproof_id": "mcp:ai-smithery-imronai-mcp-server-browserbase", "tools": [ "create_session", "list_sessions", "list_changed" ], "trust_profile_url": "./servers/ai-smithery-imronai-mcp-server-browserbase.html", "url": "https://github.com/ImRonAI/mcp-server-browserbase", "verdict": "Sandbox/Test OK", "verdict_label": "Sandbox/Test OK", "why": "Fetched 23 source file(s). Inferred 3 capability signal(s), 4 control signal(s), and 0 concern(s)." }, { "answer": "Sandbox/Test OK", "attempted_scan": true, "capabilities": [ "1 MCP tool declaration(s) inferred", "Environment/API key configuration indicators", "MCP/server implementation evidence found" ], "concerns": [], "controls": [ "Authentication/authorization language observed", "Containerization evidence observed", "Explicit secret/env configuration language observed", "License file or license language observed", "Test framework or tests mentioned" ], "display_name": "ai-smithery-browserbasehq-mcp-browserbase", "install_label": "Sandbox/Test OK", "name": "ai-smithery-browserbasehq-mcp-browserbase", "normalized_repo_url_from": "url", "observed_at": "2026-06-10T16:44:51Z", "posture": "Evidence Observed", "profile_path": "servers/ai-smithery-browserbasehq-mcp-browserbase.json", "repo_url": "https://github.com/browserbase/mcp-server-browserbase", "score": 76, "slug": "ai-smithery-browserbasehq-mcp-browserbase", "source_url": "https://github.com/browserbase/mcp-server-browserbase", "toolproof_id": "mcp:ai-smithery-browserbasehq-mcp-browserbase", "tools": [ "get_url" ], "trust_profile_url": "./servers/ai-smithery-browserbasehq-mcp-browserbase.html", "url": "https://github.com/browserbase/mcp-server-browserbase", "verdict": "Sandbox/Test OK", "verdict_label": "Sandbox/Test OK", "why": "Fetched 23 source file(s). Inferred 3 capability signal(s), 5 control signal(s), and 0 concern(s)." }, { "answer": "Needs Oversight", "attempted_scan": true, "capabilities": [ "25 MCP tool declaration(s) inferred", "Environment/API key configuration indicators", "File-system access indicators", "MCP/server implementation evidence found", "Network access indicators" ], "concerns": [], "controls": [ "Authentication/authorization language observed", "Containerization evidence observed", "Explicit secret/env configuration language observed", "License file or license language observed", "Restriction/least-privilege language observed", "Test framework or tests mentioned" ], "display_name": "Model Context Protocol Reference Servers", "install_label": "Needs Oversight", "name": "Model Context Protocol Reference Servers", "observed_at": "2026-06-10T16:37:45Z", "posture": "Moderate Evidence", "profile_path": "servers/model-context-protocol-reference-servers.json", "repo_url": "https://github.com/modelcontextprotocol/servers", "score": 68, "slug": "model-context-protocol-reference-servers", "source_url": "https://github.com/modelcontextprotocol/servers", "toolproof_id": "mcp:model-context-protocol-reference-servers", "tools": [ "max_length", "start_index", "get_robots_txt_url", "check_may_autonomously_fetch_url", "fetch_url", "list_tools", "list_prompts", "get_prompt", "create_initialization_options", "head", "tail", "path", "content", "edits", "oldText", "newText", "dryRun", "sortBy", "pattern", "excludePatterns", "type", "children", "list_changed", "list_allowed_directories", "create_directory" ], "trust_profile_url": "./servers/model-context-protocol-reference-servers.html", "url": "https://github.com/modelcontextprotocol/servers", "verdict": "Needs Oversight", "verdict_label": "Needs Oversight", "why": "Fetched 69 source file(s). Inferred 5 capability signal(s), 6 control signal(s), and 0 concern(s)." }, { "answer": "Needs Oversight", "attempted_scan": true, "capabilities": [ "1 MCP tool declaration(s) inferred", "Environment/API key configuration indicators", "File-system access indicators", "MCP/server implementation evidence found", "Network access indicators" ], "category": "Official / Registry", "concerns": [], "controls": [ "Authentication/authorization language observed", "Containerization evidence observed", "Explicit secret/env configuration language observed", "Restriction/least-privilege language observed", "Test framework or tests mentioned" ], "display_name": "MCP Registry", "homepage_url": "https://modelcontextprotocol.io/registry/about", "install_label": "Needs Oversight", "name": "MCP Registry", "observed_at": "2026-06-10T16:37:42Z", "posture": "Moderate Evidence", "profile_path": "servers/mcp-registry.json", "provider": "Model Context Protocol", "repo_url": "https://github.com/modelcontextprotocol/registry", "score": 68, "slug": "mcp-registry", "source_url": "https://github.com/modelcontextprotocol/registry", "toolproof_id": "mcp-registry", "tools": [ "fetch_production_data" ], "trust_profile_url": "./servers/mcp-registry.html", "url": "https://github.com/modelcontextprotocol/registry", "verdict": "Needs Oversight", "verdict_label": "Needs Oversight", "why": "Fetched 15 source file(s). Inferred 5 capability signal(s), 5 control signal(s), and 0 concern(s)." }, { "answer": "Needs Oversight", "attempted_scan": true, "capabilities": [ "25 MCP tool declaration(s) inferred", "Environment/API key configuration indicators", "File-system access indicators", "MCP/server implementation evidence found", "Network access indicators" ], "concerns": [], "controls": [ "Authentication/authorization language observed", "Containerization evidence observed", "Explicit secret/env configuration language observed", "License file or license language observed", "Restriction/least-privilege language observed", "Test framework or tests mentioned" ], "display_name": "GitHub MCP Server", "install_label": "Needs Oversight", "name": "GitHub MCP Server", "observed_at": "2026-06-10T16:37:38Z", "posture": "Moderate Evidence", "profile_path": "servers/github-mcp-server.json", "repo_url": "https://github.com/github/github-mcp-server", "score": 68, "slug": "github-mcp-server", "source_url": "https://github.com/github/github-mcp-server", "toolproof_id": "mcp:github-mcp-server", "tools": [ "get_file_contents", "create_pull_request", "get_gist", "get_workflow", "get_workflow_run", "get_workflow_run_usage", "get_workflow_run_logs_url", "get_workflow_job", "list_workflows", "list_workflow_runs", "list_workflow_jobs", "list_workflow_run_artifacts", "run_workflow", "run_id", "get_job_logs", "get_code_scanning_alert", "list_code_scanning_alerts", "get_me", "get_team_members", "get_teams", "get_dependabot_alert", "list_dependabot_alerts", "get_discussion", "get_discussion_comments", "list_discussion_categories" ], "trust_profile_url": "./servers/github-mcp-server.html", "url": "https://github.com/github/github-mcp-server", "verdict": "Needs Oversight", "verdict_label": "Needs Oversight", "why": "Fetched 14 source file(s). Inferred 5 capability signal(s), 6 control signal(s), and 0 concern(s)." }, { "answer": "Review Before Install", "attempted_scan": true, "capabilities": [ "25 MCP tool declaration(s) inferred", "Environment/API key configuration indicators", "File-system access indicators", "MCP/server implementation evidence found", "Network access indicators", "Shell/process execution indicators" ], "concerns": [ "Possible shell/process execution surface" ], "controls": [ "Authentication/authorization language observed", "Containerization evidence observed", "Explicit secret/env configuration language observed", "License file or license language observed", "Restriction/least-privilege language observed", "Test framework or tests mentioned" ], "display_name": "AWS MCP Servers", "install_label": "Review Before Install", "name": "AWS MCP Servers", "observed_at": "2026-06-10T16:37:22Z", "posture": "Limited Evidence", "profile_path": "servers/aws-mcp-servers.json", "repo_url": "https://github.com/awslabs/mcp", "score": 58, "slug": "aws-mcp-servers", "source_url": "https://github.com/awslabs/mcp", "toolproof_id": "mcp:aws-mcp-servers", "tools": [ "event", "context", "search_agentcore_docs", "fetch_agentcore_doc", "create_agent_runtime", "create_agent_runtime_endpoint", "get_runtime_guide", "get_memory_guide", "get_identity_guide", "get_gateway_guide", "get_policy_guide", "create_task", "update_changelog_on_bump", "list_amazonkendra", "region", "query", "indexId", "KendraListIndexesTool", "KendraQueryTool", "kendra_list_indexes_tool", "kendra_query_tool", "get_kendra_client", "list_indices", "listKeyspaces", "listTables" ], "trust_profile_url": "./servers/aws-mcp-servers.html", "url": "https://github.com/awslabs/mcp", "verdict": "Review Before Install", "verdict_label": "Review Before Install", "why": "Fetched 80 source file(s). Inferred 6 capability signal(s), 6 control signal(s), and 1 concern(s)." }, { "answer": "Source Not Verified", "category": "Cloud / Edge", "discovery_status": "observed", "evidence_status": "awaiting verification", "install_label": "Source Not Verified", "name": "Cloudflare MCP Server", "observed_at": "2026-06-10T16:30:42.536482+00:00", "priority": 90, "provider": "Cloudflare", "score": null, "seed_reason": "Major infra provider", "slug": "cloudflare-mcp-server", "source": "seed_big_players", "source_type": "curated_seed" }, { "answer": "Source Not Verified", "category": "Filesystem / Local Access", "discovery_status": "observed", "evidence_status": "awaiting verification", "install_label": "Source Not Verified", "name": "Filesystem MCP Server", "observed_at": "2026-06-10T16:30:42.536502+00:00", "priority": 90, "provider": "Model Context Protocol / Community", "score": null, "seed_reason": "Filesystem access is a core trust boundary", "slug": "filesystem-mcp-server", "source": "seed_big_players", "source_type": "curated_seed" }, { "answer": "Source Not Verified", "category": "Commerce / Payments", "discovery_status": "observed", "evidence_status": "awaiting verification", "install_label": "Source Not Verified", "name": "Stripe MCP Server", "observed_at": "2026-06-10T16:30:42.536481+00:00", "priority": 90, "provider": "Stripe", "score": null, "seed_reason": "Payment-related MCP servers require high trust scrutiny", "slug": "stripe-mcp-server", "source": "seed_big_players", "source_type": "curated_seed" }, { "answer": "Source Not Verified", "category": "Database / Backend", "discovery_status": "observed", "evidence_status": "awaiting verification", "install_label": "Source Not Verified", "name": "Supabase MCP Server", "observed_at": "2026-06-10T16:30:42.536483+00:00", "priority": 88, "provider": "Supabase", "score": null, "seed_reason": "Database/backend access is high leverage", "slug": "supabase-mcp-server", "source": "seed_big_players", "source_type": "curated_seed" }, { "answer": "Source Not Verified", "category": "Database", "discovery_status": "observed", "evidence_status": "awaiting verification", "install_label": "Source Not Verified", "name": "Postgres MCP Server", "observed_at": "2026-06-10T16:30:42.536484+00:00", "priority": 87, "provider": "Postgres / Community", "score": null, "seed_reason": "Database servers are obvious high-risk install target", "slug": "postgres-mcp-server", "source": "seed_big_players", "source_type": "curated_seed" }, { "answer": "Source Not Verified", "category": "Browser Automation", "discovery_status": "observed", "evidence_status": "awaiting verification", "install_label": "Source Not Verified", "name": "Playwright MCP Server", "observed_at": "2026-06-10T16:30:42.536491+00:00", "priority": 86, "provider": "Microsoft / Playwright", "score": null, "seed_reason": "Browser automation expands agent action surface", "slug": "playwright-mcp-server", "source": "seed_big_players", "source_type": "curated_seed" }, { "answer": "Source Not Verified", "category": "Collaboration", "discovery_status": "observed", "evidence_status": "awaiting verification", "install_label": "Source Not Verified", "name": "Slack MCP Server", "observed_at": "2026-06-10T16:30:42.536485+00:00", "priority": 85, "provider": "Slack", "score": null, "seed_reason": "Workplace comms access requires trust review", "slug": "slack-mcp-server", "source": "seed_big_players", "source_type": "curated_seed" }, { "answer": "Source Not Verified", "category": "Documents / Knowledge", "discovery_status": "observed", "evidence_status": "awaiting verification", "install_label": "Source Not Verified", "name": "Notion MCP Server", "observed_at": "2026-06-10T16:30:42.536487+00:00", "priority": 84, "provider": "Notion", "score": null, "seed_reason": "Knowledge/document access is common MCP use case", "slug": "notion-mcp-server", "source": "seed_big_players", "source_type": "curated_seed" }, { "answer": "Source Not Verified", "category": "Project Management", "discovery_status": "observed", "evidence_status": "awaiting verification", "install_label": "Source Not Verified", "name": "Atlassian MCP Server", "observed_at": "2026-06-10T16:30:42.536489+00:00", "priority": 83, "provider": "Atlassian", "score": null, "seed_reason": "Jira/Confluence access needs source verification", "slug": "atlassian-mcp-server", "source": "seed_big_players", "source_type": "curated_seed" }, { "answer": "Source Not Verified", "category": "Project Management", "discovery_status": "observed", "evidence_status": "awaiting verification", "install_label": "Source Not Verified", "name": "Linear MCP Server", "observed_at": "2026-06-10T16:30:42.536488+00:00", "priority": 83, "provider": "Linear", "score": null, "seed_reason": "Developer workflow integration", "slug": "linear-mcp-server", "source": "seed_big_players", "source_type": "curated_seed" }, { "answer": "Source Not Verified", "category": "Browser Automation", "discovery_status": "observed", "evidence_status": "awaiting verification", "install_label": "Source Not Verified", "name": "Browserbase MCP Server", "observed_at": "2026-06-10T16:30:42.536492+00:00", "priority": 82, "provider": "Browserbase", "score": null, "seed_reason": "Remote browser automation provider", "slug": "browserbase-mcp-server", "source": "seed_big_players", "source_type": "curated_seed" }, { "answer": "Source Not Verified", "category": "Developer Docs", "discovery_status": "observed", "evidence_status": "awaiting verification", "install_label": "Source Not Verified", "name": "Context7 MCP Server", "observed_at": "2026-06-10T16:30:42.536493+00:00", "priority": 82, "provider": "Context7", "score": null, "seed_reason": "Popular MCP docs/context provider", "slug": "context7-mcp-server", "source": "seed_big_players", "source_type": "curated_seed" }, { "answer": "Source Not Verified", "category": "Observability", "discovery_status": "observed", "evidence_status": "awaiting verification", "install_label": "Source Not Verified", "name": "Datadog MCP Server", "observed_at": "2026-06-10T16:30:42.536495+00:00", "priority": 82, "provider": "Datadog", "score": null, "seed_reason": "Production telemetry and infra access", "slug": "datadog-mcp-server", "source": "seed_big_players", "source_type": "curated_seed" }, { "answer": "Source Not Verified", "category": "Database", "discovery_status": "observed", "evidence_status": "awaiting verification", "install_label": "Source Not Verified", "name": "MongoDB MCP Server", "observed_at": "2026-06-10T16:30:42.536496+00:00", "priority": 82, "provider": "MongoDB", "score": null, "seed_reason": "Database access is high consequence", "slug": "mongodb-mcp-server", "source": "seed_big_players", "source_type": "curated_seed" }, { "answer": "Source Not Verified", "category": "Observability", "discovery_status": "observed", "evidence_status": "awaiting verification", "install_label": "Source Not Verified", "name": "Sentry MCP Server", "observed_at": "2026-06-10T16:30:42.536494+00:00", "priority": 82, "provider": "Sentry", "score": null, "seed_reason": "Production telemetry access", "slug": "sentry-mcp-server", "source": "seed_big_players", "source_type": "curated_seed" }, { "answer": "Source Not Verified", "category": "Data Warehouse", "discovery_status": "observed", "evidence_status": "awaiting verification", "install_label": "Source Not Verified", "name": "BigQuery MCP Server", "observed_at": "2026-06-10T16:30:42.536499+00:00", "priority": 80, "provider": "Google Cloud", "score": null, "seed_reason": "Enterprise data warehouse access", "slug": "bigquery-mcp-server", "source": "seed_big_players", "source_type": "curated_seed" }, { "answer": "Source Not Verified", "category": "Database / Cache", "discovery_status": "observed", "evidence_status": "awaiting verification", "install_label": "Source Not Verified", "name": "Redis MCP Server", "observed_at": "2026-06-10T16:30:42.536497+00:00", "priority": 80, "provider": "Redis", "score": null, "seed_reason": "Infrastructure data access", "slug": "redis-mcp-server", "source": "seed_big_players", "source_type": "curated_seed" }, { "answer": "Source Not Verified", "category": "Data Warehouse", "discovery_status": "observed", "evidence_status": "awaiting verification", "install_label": "Source Not Verified", "name": "Snowflake MCP Server", "observed_at": "2026-06-10T16:30:42.536498+00:00", "priority": 80, "provider": "Snowflake", "score": null, "seed_reason": "Enterprise data warehouse access", "slug": "snowflake-mcp-server", "source": "seed_big_players", "source_type": "curated_seed" }, { "aliases": [ "ai-agenticshelf-mcp", "agentic-shelf", "agentic shelf", "Agentic Shelf", "mcp-ai-agenticshelf-mcp", "mcp:ai-agenticshelf-mcp", "https-github-com-vboykocto-agentic-shelf", "https://github.com/vboykoCTO/agentic-shelf", "vboykoCTO/agentic-shelf", "https://github.com/vboykocto/agentic-shelf", "vboykocto-agentic-shelf", "vboykocto/agentic-shelf" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:vboykocto/agentic-shelf", "canonical_url": "https://github.com/vboykocto/agentic-shelf", "description": "Hosted MCP for e-commerce: live product catalog, stock, and pricing for AI agents.", "discovery_status": "observed", "display_name": "Agentic Shelf", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.190749+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-agenticshelf-mcp", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.agenticshelf/mcp", "repo_url": "https://github.com/vboykoCTO/agentic-shelf", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-agenticshelf-mcp", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-agenticshelf-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-agenticshelf-mcp.html", "url": "https://github.com/vboykoCTO/agentic-shelf", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-agenticterminal-directory", "Agentic Terminal Directory", "agentic-terminal-directory", "agentic terminal directory", "mcp:ai-agenticterminal-directory", "mcp-ai-agenticterminal-directory", "observer-protocol/at-directory", "https-github-com-observer-protocol-at-directory", "https://github.com/observer-protocol/at-directory", "observer-protocol-at-directory", "at-directory" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:observer-protocol/at-directory", "canonical_url": "https://github.com/observer-protocol/at-directory", "description": "Verified merchants accepting agentic payments on Lightning/L402/BOLT12/USDT \u2014 search, verify, pay.", "discovery_status": "observed", "display_name": "Agentic Terminal Directory", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 98, "generated_at": "2026-06-07T19:20:29.190900+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-agenticterminal-directory", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.agenticterminal/directory", "repo_url": "https://github.com/observer-protocol/at-directory", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-agenticterminal-directory", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-agenticterminal-directory", "tools": [ "get_merchant", "list_categories", "list_rails", "search_merchants", "verify_payment_endpoint", "whoami" ], "tools_count": 6, "top_findings": [ "Detected capability: wallet_payment \u2014 apps/web/app/about/page.tsx:16", "Detected capability: filesystem_write_delete \u2014 apps/web/app/skill/page.tsx:13", "Detected capability: environment_access \u2014 apps/web/netlify/functions/submit-merchant.ts:105" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-agenticterminal-directory.html", "url": "https://github.com/observer-protocol/at-directory", "verdict_label": "Needs Oversight", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-agenttrust-mcp-server", "agenttrust-identity-trust-for-a2a-agents", "AgentTrust \u2014 Identity & Trust for A2A Agents", "agenttrust \u2014 identity & trust for a2a agents", "mcp:ai-agenttrust-mcp-server", "mcp-ai-agenttrust-mcp-server", "https-github-com-agenttrust-mcp-server", "agenttrust/mcp-server", "https://github.com/agenttrust/mcp-server", "agenttrust-mcp-server", "mcp-server" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:agenttrust/mcp-server", "canonical_url": "https://github.com/agenttrust/mcp-server", "description": "Identity, trust, and A2A orchestration for autonomous AI agents. Official A2A partner.", "discovery_status": "observed", "display_name": "AgentTrust \u2014 Identity & Trust for A2A Agents", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 87, "generated_at": "2026-06-07T19:20:29.191034+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "tool_names_extracted" ], "name": "ai-agenttrust-mcp-server", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.agenttrust/mcp-server", "repo_url": "https://github.com/agenttrust/mcp-server", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-agenttrust-mcp-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-agenttrust-mcp-server", "tools": [], "tools_count": 0, "top_findings": [ "Detected capability: filesystem_write_delete \u2014 src/index.ts:146", "Detected capability: environment_access \u2014 src/index.ts:158", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11" ], "transport": { "has_packages": true, "has_remotes": false, "package_registry_types": [ "npm" ], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-agenttrust-mcp-server.html", "url": "https://github.com/agenttrust/mcp-server", "verdict_label": "Needs Oversight", "version": "1.1.1", "visible_controls": [] }, { "aliases": [ "ai-aliengiraffe-spotdb", "mcp:ai-aliengiraffe-spotdb", "mcp-ai-aliengiraffe-spotdb", "https://github.com/aliengiraffe/spotdb", "https-github-com-aliengiraffe-spotdb", "aliengiraffe/spotdb", "aliengiraffe-spotdb", "spotdb" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:aliengiraffe/spotdb", "canonical_url": "https://github.com/aliengiraffe/spotdb", "description": "Ephemeral data sandbox for AI workflows with guardrails and security", "discovery_status": "observed", "display_name": "ai-aliengiraffe-spotdb", "ecosystem": "mcp", "evidence_score": 43, "evidence_status": "awaiting verification", "findings": 1, "generated_at": "2026-06-07T19:20:29.191091+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [ "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "env_or_credential_examples_visible" ], "name": "ai-aliengiraffe-spotdb", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.aliengiraffe/spotdb", "repo_url": "https://github.com/aliengiraffe/spotdb", "risk_band": "elevated", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-aliengiraffe-spotdb", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-aliengiraffe-spotdb", "tools": [], "tools_count": 0, "top_findings": [ "Detected capability: docker_privilege \u2014 Taskfile.yml:62" ], "transport": { "has_packages": true, "has_remotes": false, "package_registry_types": [ "oci" ], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-aliengiraffe-spotdb.html", "url": "https://github.com/aliengiraffe/spotdb", "verdict_label": "Review Before Install", "version": "0.1.0", "visible_controls": [] }, { "aliases": [ "ai-ankimcp-anki-mcp-server", "anki-mcp-server", "Anki MCP Server", "anki mcp server", "mcp-ai-ankimcp-anki-mcp-server", "mcp:ai-ankimcp-anki-mcp-server", "https-github-com-ankimcp-anki-mcp-server", "https://github.com/ankimcp/anki-mcp-server", "ankimcp/anki-mcp-server", "ankimcp-anki-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:ankimcp/anki-mcp-server", "canonical_url": "https://github.com/ankimcp/anki-mcp-server", "description": "MCP server for Anki flashcards: adaptive review, notes, media, and deck management via AnkiConnect.", "discovery_status": "observed", "display_name": "Anki MCP Server", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 61, "generated_at": "2026-06-07T19:20:29.191199+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [], "name": "ai-ankimcp-anki-mcp-server", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.ankimcp/anki-mcp-server", "repo_url": "https://github.com/ankimcp/anki-mcp-server", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-ankimcp-anki-mcp-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-ankimcp-anki-mcp-server", "tools": [ "addNote", "addNotes", "addTags", "anki-mcp-server", "anki_review", "changeDeck", "clearUnusedTags", "collection_stats", "createDeck", "createModel", "deckStats", "deleteMediaFile", "deleteNotes", "findNotes", "getMediaFilesNames", "getTags", "get_cards", "get_due_cards", "guiAddCards", "guiBrowse", "guiCurrentCard", "guiDeckBrowser", "guiDeckOverview", "guiEditNote", "guiSelectCard", "guiSelectedNotes", "guiShowAnswer", "guiShowQuestion", "guiUndo", "listDecks", "modelFieldNames", "modelNames", "modelStyling", "notesInfo", "present_card", "rate_card", "removeTags", "replaceTags", "retrieveMediaFile", "review_stats", "storeMediaFile", "sync", "twenty_rules", "updateModelStyling", "updateNoteFields" ], "tools_count": 45, "top_findings": [ "Detected capability: docker_privilege \u2014 scripts/e2e-full.sh:5", "Detected capability: shell_execution \u2014 src/services/ngrok.service.ts:1", "Detected capability: filesystem_write_delete \u2014 .docker/entrypoint.sh:14" ], "transport": { "has_packages": true, "has_remotes": false, "package_registry_types": [ "npm" ], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-ankimcp-anki-mcp-server.html", "url": "https://github.com/ankimcp/anki-mcp-server", "verdict_label": "Review Before Install", "version": "0.19.2", "visible_controls": [] }, { "aliases": [ "ai-ankimcp-anki-mcp-server-addon", "ankimcp-server", "AnkiMCP Server", "ankimcp server", "mcp-ai-ankimcp-anki-mcp-server-addon", "mcp:ai-ankimcp-anki-mcp-server-addon", "ankimcp/anki-mcp-server-addon", "https://github.com/ankimcp/anki-mcp-server-addon", "https-github-com-ankimcp-anki-mcp-server-addon", "ankimcp-anki-mcp-server-addon", "anki-mcp-server-addon" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:ankimcp/anki-mcp-server-addon", "canonical_url": "https://github.com/ankimcp/anki-mcp-server-addon", "description": "Anki addon that exposes your flashcard collection to AI assistants via a local MCP server.", "discovery_status": "observed", "display_name": "AnkiMCP Server", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 33, "generated_at": "2026-06-07T19:20:29.191286+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [], "name": "ai-ankimcp-anki-mcp-server-addon", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.ankimcp/anki-mcp-server-addon", "repo_url": "https://github.com/ankimcp/anki-mcp-server-addon", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-ankimcp-anki-mcp-server-addon", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-ankimcp-anki-mcp-server-addon", "tools": [ "add", "call_add", "call_main_thread", "echo_ping", "echo_pong", "get_prompt", "list_prompts", "list_resources", "list_tools", "multi_tool", "read_resource", "slow", "sync", "test_missing_desc", "test_multi" ], "tools_count": 15, "top_findings": [ "Detected capability: shell_execution \u2014 anki_mcp_server/__init__.py:335", "Detected capability: filesystem_write_delete \u2014 .docker/entrypoint.sh:12", "References credential or secret pattern: API_KEY_GENERIC \u2014 anki_mcp_server/credentials.py:29" ], "transport": { "has_packages": false, "has_remotes": false, "package_registry_types": [], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-ankimcp-anki-mcp-server-addon.html", "url": "https://github.com/ankimcp/anki-mcp-server-addon", "verdict_label": "Review Before Install", "version": "0.18.0", "visible_controls": [] }, { "aliases": [ "ai-anomalyarmor-armor-mcp", "AnomalyArmor", "anomalyarmor", "mcp:ai-anomalyarmor-armor-mcp", "mcp-ai-anomalyarmor-armor-mcp", "https://github.com/anomalyarmor/agents/tree/main/armor-mcp", "anomalyarmor/agents/tree/main/armor-mcp", "https-github-com-anomalyarmor-agents-tree-main-armor-mcp", "anomalyarmor/agents", "anomalyarmor-agents", "agents", "https://github.com/anomalyarmor/agents", "https-github-com-anomalyarmor-agents" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:anomalyarmor/agents", "canonical_url": "https://github.com/anomalyarmor/agents", "description": "Data observability tools for engineering teams: alerts, freshness, schema drift, lineage, quality.", "discovery_status": "observed", "display_name": "AnomalyArmor", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 26, "generated_at": "2026-06-07T19:20:29.191367+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-anomalyarmor-armor-mcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.anomalyarmor/armor-mcp", "repo_url": "https://github.com/anomalyarmor/agents", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-anomalyarmor-armor-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-anomalyarmor-armor-mcp", "tools": [ "apply_tags", "ask_question", "cancel_job", "check_freshness", "create_alert_rule", "create_asset", "create_metric", "create_referential_check", "create_schema_baseline", "create_tag", "create_validity_rule", "disable_schema_monitoring", "dry_run_schema", "enable_schema_monitoring", "generate_intelligence", "get_alert_history", "get_alert_trends", "get_alerts_summary", "get_api_key_info", "get_coverage", "get_freshness_summary", "get_investigation", "get_lineage", "get_metrics_summary", "get_schema_monitoring", "get_schema_summary", "get_todays_briefing", "get_validity_summary", "health_summary", "investigate_asset", "job_status", "list_alert_rules", "list_alerts", "list_assets", "list_destinations", "list_freshness_schedules", "list_inbox_alerts", "list_metrics", "list_schema_changes", "list_tags", "list_validity_rules", "manage_alert_rule", "manage_asset", "manage_coverage", "manage_destination", "manage_freshness_schedule", "manage_metric", "manage_referential", "manage_rule_destinations", "manage_validity_rule", "recommend", "setup_destination", "setup_freshness", "trigger_asset_discovery", "update_alert" ], "tools_count": 55, "top_findings": [ "Detected capability: database_access \u2014 src/armor_mcp/tools/assets.py:74", "Detected capability: filesystem_write_delete \u2014 src/armor_mcp/tools/destinations.py:229", "References credential or secret pattern: API_KEY_GENERIC \u2014 .env.example:3" ], "transport": { "has_packages": true, "has_remotes": true, "package_registry_types": [ "pypi" ], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-anomalyarmor-armor-mcp.html", "url": "https://github.com/anomalyarmor/agents/tree/main/armor-mcp", "verdict_label": "Needs Oversight", "version": "0.6.1", "visible_controls": [] }, { "aliases": [ "ai-autoblocks-contextlayer-mcp", "mcp-ai-autoblocks-contextlayer-mcp", "mcp:ai-autoblocks-contextlayer-mcp", "https://github.com/autoblocksai/ctxl", "autoblocksai/ctxl", "https-github-com-autoblocksai-ctxl", "autoblocksai-ctxl", "ctxl" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:autoblocksai/ctxl", "canonical_url": "https://github.com/autoblocksai/ctxl", "description": "Personal context management for AI assistants", "discovery_status": "observed", "display_name": "ai-autoblocks-contextlayer-mcp", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.191379+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-autoblocks-contextlayer-mcp", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.autoblocks/ctxl-mcp", "repo_url": "https://github.com/autoblocksai/ctxl", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-autoblocks-contextlayer-mcp", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-autoblocks-contextlayer-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": true, "has_remotes": false, "package_registry_types": [ "npm" ], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-autoblocks-contextlayer-mcp.html", "url": "https://github.com/autoblocksai/ctxl", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "0.0.2", "visible_controls": [] }, { "aliases": [ "ai-autonomad-computeback", "mcp-ai-autonomad-computeback", "mcp:ai-autonomad-computeback", "Autonomad1/computeback-mcp", "https://github.com/Autonomad1/computeback-mcp", "https://github.com/autonomad1/computeback-mcp", "https-github-com-autonomad1-computeback-mcp", "autonomad1/computeback-mcp", "autonomad1-computeback-mcp", "computeback-mcp" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:autonomad1/computeback-mcp", "canonical_url": "https://github.com/autonomad1/computeback-mcp", "description": "Agent Rewards Marketplace: earn $NOMD on B2B work, spend on agent capabilities.", "discovery_status": "observed", "display_name": "ai-autonomad-computeback", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 70, "generated_at": "2026-06-07T19:20:29.191483+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-autonomad-computeback", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.autonomad/computeback", "repo_url": "https://github.com/Autonomad1/computeback-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-autonomad-computeback", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-autonomad-computeback", "tools": [ "buy_nomd", "check_balance", "computeback", "configure_landing_page", "create_order", "dispatch_email_campaign", "dispatch_landing_pages", "dispatch_sms_campaign", "dispatch_voice_campaign", "edit_agent_profile", "fetch_url", "get_agent_profile", "get_audience_data", "get_business_profile", "get_categories", "get_orders", "get_product", "get_product_info", "get_recommendations", "get_settlement_status", "list_audiences", "list_my_inbox", "list_my_settlements", "list_workflow_templates", "place_bid", "search_products", "send_landing_chat", "start_workflow", "withdraw_bid" ], "tools_count": 29, "top_findings": [ "Detected capability: docker_privilege \u2014 Dockerfile:4", "Detected capability: wallet_payment \u2014 mcp-registry.json:37", "Detected capability: environment_access \u2014 src/server-core.ts:84" ], "transport": { "has_packages": true, "has_remotes": false, "package_registry_types": [ "npm" ], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-autonomad-computeback.html", "url": "https://github.com/Autonomad1/computeback-mcp", "verdict_label": "Review Before Install", "version": "1.1.3", "visible_controls": [] }, { "aliases": [ "ai-autonomad-travel", "mcp:ai-autonomad-travel", "mcp-ai-autonomad-travel", "https://github.com/Autonomad1/autonomad1/tree/main/packages/mcp-hotel-tools", "https-github-com-autonomad1-autonomad1-tree-main-packages-mcp-hotel-tools", "Autonomad1/autonomad1/tree/main/packages/mcp-hotel-tools", "https://github.com/autonomad1/autonomad1/tree/main/packages/mcp-hotel-tools", "autonomad1-autonomad1", "autonomad1/autonomad1", "autonomad1", "https-github-com-autonomad1-autonomad1", "https://github.com/autonomad1/autonomad1" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:autonomad1/autonomad1", "canonical_url": "https://github.com/autonomad1/autonomad1", "description": "AI travel agent \u2014 book flights, hotels, activities, and events worldwide via autonomad.ai.", "discovery_status": "observed", "display_name": "ai-autonomad-travel", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.191498+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-autonomad-travel", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.autonomad/travel", "repo_url": "https://github.com/Autonomad1/autonomad1", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-autonomad-travel", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-autonomad-travel", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": true, "has_remotes": true, "package_registry_types": [ "npm" ], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-autonomad-travel.html", "url": "https://github.com/Autonomad1/autonomad1/tree/main/packages/mcp-hotel-tools", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.4.0", "visible_controls": [] }, { "aliases": [ "ai-autorfp-mcp", "autorfp-ai", "autorfp.ai", "AutoRFP.ai", "mcp-ai-autorfp-mcp", "mcp:ai-autorfp-mcp", "https://github.com/autorfp/mcp", "https://github.com/AutoRFP/mcp", "https-github-com-autorfp-mcp", "AutoRFP/mcp", "autorfp-mcp", "autorfp/mcp", "mcp" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:autorfp/mcp", "canonical_url": "https://github.com/autorfp/mcp", "description": "Search AutoRFP.ai projects, requirements, content library, and tags for Q&A and analytics.", "discovery_status": "observed", "display_name": "AutoRFP.ai", "ecosystem": "mcp", "evidence_score": 14, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.191538+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "install_or_runtime_config_visible", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-autorfp-mcp", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.autorfp/mcp", "repo_url": "https://github.com/AutoRFP/mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-autorfp-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-autorfp-mcp", "tools": [], "tools_count": 0, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-autorfp-mcp.html", "url": "https://github.com/AutoRFP/mcp", "verdict_label": "Sandbox/Test OK", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-auxen-auxen", "auxen", "Auxen", "mcp:ai-auxen-auxen", "mcp-ai-auxen-auxen", "auxen-ai/auxen-mcp", "https://github.com/auxen-ai/auxen-mcp", "https-github-com-auxen-ai-auxen-mcp", "auxen-ai-auxen-mcp", "auxen-mcp" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:auxen-ai/auxen-mcp", "canonical_url": "https://github.com/auxen-ai/auxen-mcp", "description": "Provision private AI model endpoints on dedicated GPUs (Llama, Qwen, Mistral). Pay per minute.", "discovery_status": "observed", "display_name": "Auxen", "ecosystem": "mcp", "evidence_score": 14, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.191576+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "install_or_runtime_config_visible", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-auxen-auxen", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.auxen/auxen", "repo_url": "https://github.com/auxen-ai/auxen-mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-auxen-auxen", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-auxen-auxen", "tools": [], "tools_count": 0, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-auxen-auxen.html", "url": "https://github.com/auxen-ai/auxen-mcp", "verdict_label": "Sandbox/Test OK", "version": "1.0.2", "visible_controls": [] }, { "aliases": [ "ai-bankee-inferventis-mcp", "inferventis-mcp-server", "inferventis mcp server", "Inferventis MCP Server", "mcp:ai-bankee-inferventis-mcp", "mcp-ai-bankee-inferventis-mcp", "https://github.com/Bankee-ai/inferventis", "https://github.com/bankee-ai/inferventis", "https-github-com-bankee-ai-inferventis", "Bankee-ai/inferventis", "bankee-ai/inferventis", "bankee-ai-inferventis", "inferventis" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:bankee-ai/inferventis", "canonical_url": "https://github.com/bankee-ai/inferventis", "description": "Loan & mortgage calculator, compound interest, ROI, crypto prices, FX conversion for AI agents.", "discovery_status": "observed", "display_name": "Inferventis MCP Server", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.191585+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-bankee-inferventis-mcp", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.bankee/inferventis-mcp", "repo_url": "https://github.com/Bankee-ai/inferventis", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-bankee-inferventis-mcp", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-bankee-inferventis-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-bankee-inferventis-mcp.html", "url": "https://github.com/Bankee-ai/inferventis", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.2", "visible_controls": [] }, { "aliases": [ "ai-bittlebits-bittlebits", "bittlebits geo assistant", "BittleBits GEO Assistant", "bittlebits-geo-assistant", "mcp-ai-bittlebits-bittlebits", "mcp:ai-bittlebits-bittlebits", "https://github.com/bittlebitsai/bittlebits-plugin", "bittlebitsai/bittlebits-plugin", "https-github-com-bittlebitsai-bittlebits-plugin", "bittlebitsai-bittlebits-plugin", "bittlebits-plugin" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:bittlebitsai/bittlebits-plugin", "canonical_url": "https://github.com/bittlebitsai/bittlebits-plugin", "description": "GEO scores and content-rewrite suggestions for any web page, as MCP tools.", "discovery_status": "observed", "display_name": "BittleBits GEO Assistant", "ecosystem": "mcp", "evidence_score": 14, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.191618+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "install_or_runtime_config_visible", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-bittlebits-bittlebits", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.bittlebits/bittlebits", "repo_url": "https://github.com/bittlebitsai/bittlebits-plugin", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-bittlebits-bittlebits", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-bittlebits-bittlebits", "tools": [], "tools_count": 0, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-bittlebits-bittlebits.html", "url": "https://github.com/bittlebitsai/bittlebits-plugin", "verdict_label": "Sandbox/Test OK", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-boolsai-directory", "Boolsai Signals", "boolsai signals", "boolsai-signals", "mcp-ai-boolsai-directory", "mcp:ai-boolsai-directory", "https://github.com/boolsai-ai/mcp", "https://github.com/Boolsai-ai/mcp", "Boolsai-ai/mcp", "https-github-com-boolsai-ai-mcp", "boolsai-ai-mcp", "boolsai-ai/mcp", "mcp" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:boolsai-ai/mcp", "canonical_url": "https://github.com/boolsai-ai/mcp", "description": "Quant-research MCP \u2014 tradeable signals from public-company website stack changes. 7 tools.", "discovery_status": "observed", "display_name": "Boolsai Signals", "ecosystem": "mcp", "evidence_score": 14, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.191652+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "install_or_runtime_config_visible", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-boolsai-directory", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.boolsai/signals", "repo_url": "https://github.com/Boolsai-ai/mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-boolsai-directory", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-boolsai-directory", "tools": [], "tools_count": 0, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-boolsai-directory.html", "url": "https://github.com/Boolsai-ai/mcp", "verdict_label": "Sandbox/Test OK", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-borealhost-mcp", "borealhost", "BorealHost", "mcp-ai-borealhost-mcp", "mcp:ai-borealhost-mcp", "https-github-com-alainsvrd-borealhost-mcp", "alainsvrd/borealhost-mcp", "https://github.com/alainsvrd/borealhost-mcp", "alainsvrd-borealhost-mcp", "borealhost-mcp" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:alainsvrd/borealhost-mcp", "canonical_url": "https://github.com/alainsvrd/borealhost-mcp", "description": "Agent-native web hosting \u2014 deploy sites, manage DNS, register domains, scale infrastructure", "discovery_status": "observed", "display_name": "BorealHost", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 45, "generated_at": "2026-06-07T19:20:29.191745+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-borealhost-mcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.borealhost/mcp", "repo_url": "https://github.com/alainsvrd/borealhost-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-borealhost-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-borealhost-mcp", "tools": [ "...", "Starter", "add_cron", "add_domain_dns", "add_firewall_rule", "add_ssh_key", "akismet", "cache_flush", "cache_status", "cache_toggle", "cancel_scheduled_snapshot", "claim_api_key", "cloudflare_proxy_status", "cloudflare_purge_cache", "cloudflare_set_proxy", "complete_checkout", "create_alert_rule", "create_api_key", "create_b2_snapshot", "create_backup", "create_checkout", "create_directory", "create_ftp_account", "create_snapshot", "database_search_replace", "decommission", "delete_account", "delete_alert_rule", "delete_cron", "delete_domain_dns", "delete_file", "delete_snapshot", "deploy", "domain_detail", "domain_settings", "enum_catalog", "error_catalog", "execute_query", "get_app_status", "get_billing_portal", "get_checkout_status", "get_database_info", "get_logs", "get_metrics", "get_resource_snapshot", "get_site_status", "get_snapshot_usage", "get_ssh_info", "get_stack_info", "index.php", "install_app", "link_domain", "list_alert_rules", "list_api_keys", "list_apps", "list_backups", "list_cron", "list_databases", "list_domain_dns", "list_domains", "list_files", "list_firewall_rules", "list_ftp_accounts", "list_modules", "list_php_versions", "list_plans", "list_plugins", "list_snapshots", "list_subscriptions", "list_tables", "list_themes", "manage_dns", "manage_plugin", "manage_theme", "optimize_database", "plan_catalog", "read_file", "register", "register_domain", "remove_firewall_rule", "remove_ftp_account", "request_api_key", "restore_backup", "revoke_api_key", "rollback_snapshot", "rotate_key", "run_malware_scan", "scale", "schedule_snapshot", "scope_catalog", "search_domain", "set_api_key", "snap-...", "ssl_info", "ssl_renew", "switch_php", "toggle_module", "twentytwentyfour", "update_account", "update_checkout", "upload_file", "uploads", "whoami", "wp_check_updates" ], "tools_count": 104, "top_findings": [ "Detected capability: database_access \u2014 mcp_server/server.py:417", "Detected capability: filesystem_write_delete \u2014 mcp_server/server.py:1116", "References credential or secret pattern: API_KEY_GENERIC \u2014 mcp_server/prompts.py:50" ], "transport": { "has_packages": true, "has_remotes": true, "package_registry_types": [ "pypi" ], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-borealhost-mcp.html", "url": "https://github.com/alainsvrd/borealhost-mcp", "verdict_label": "Needs Oversight", "version": "0.1.4", "visible_controls": [] }, { "aliases": [ "ai-bowmark-bowmark", "bowmark", "Bowmark", "mcp:ai-bowmark-bowmark", "mcp-ai-bowmark-bowmark", "https://github.com/metroxe/bowmark/tree/main/apps/api", "Metroxe/bowmark/tree/main/apps/api", "https://github.com/Metroxe/bowmark/tree/main/apps/api", "https-github-com-metroxe-bowmark-tree-main-apps-api", "metroxe-bowmark", "metroxe/bowmark", "https-github-com-metroxe-bowmark", "https://github.com/metroxe/bowmark" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:metroxe/bowmark", "canonical_url": "https://github.com/metroxe/bowmark", "description": "Pre-computed navigation recipes for public websites \u2014 skip explore-and-discover.", "discovery_status": "observed", "display_name": "Bowmark", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.191757+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-bowmark-bowmark", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.bowmark/bowmark", "repo_url": "https://github.com/Metroxe/bowmark", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-bowmark-bowmark", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-bowmark-bowmark", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-bowmark-bowmark.html", "url": "https://github.com/Metroxe/bowmark/tree/main/apps/api", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "3.22.1", "visible_controls": [] }, { "aliases": [ "ai-buywhere-buywhere-mcp", "buywhere-mcp", "BuyWhere MCP", "buywhere mcp", "mcp:ai-buywhere-buywhere-mcp", "mcp-ai-buywhere-buywhere-mcp", "https-github-com-buywhere-buywhere-mcp", "https://github.com/buywhere/buywhere-mcp", "BuyWhere/buywhere-mcp", "https://github.com/BuyWhere/buywhere-mcp", "buywhere-buywhere-mcp", "buywhere/buywhere-mcp" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:buywhere/buywhere-mcp", "canonical_url": "https://github.com/buywhere/buywhere-mcp", "description": "Product search, price comparison, and affiliate-ready shopping across Singapore and US retailers.", "discovery_status": "observed", "display_name": "BuyWhere MCP", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 54, "generated_at": "2026-06-07T19:20:29.191842+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "tool_names_extracted" ], "name": "ai-buywhere-buywhere-mcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.buywhere/buywhere-mcp", "repo_url": "https://github.com/BuyWhere/buywhere-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-buywhere-buywhere-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-buywhere-buywhere-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Detected capability: environment_access \u2014 src/index.ts:41", "References credential or secret pattern: API_KEY_GENERIC \u2014 llms.txt:27", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11" ], "transport": { "has_packages": true, "has_remotes": false, "package_registry_types": [ "npm" ], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-buywhere-buywhere-mcp.html", "url": "https://github.com/BuyWhere/buywhere-mcp", "verdict_label": "Needs Oversight", "version": "0.3.1", "visible_controls": [] }, { "aliases": [ "ai-buywhere-catalog-api", "BuyWhere Product Catalog", "buywhere-product-catalog", "buywhere product catalog", "mcp-ai-buywhere-catalog-api", "mcp:ai-buywhere-catalog-api", "https://github.com/BuyWhere/buywhere", "https://github.com/buywhere/buywhere", "BuyWhere/buywhere", "https-github-com-buywhere-buywhere", "buywhere/buywhere", "buywhere-buywhere", "buywhere" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:buywhere/buywhere", "canonical_url": "https://github.com/buywhere/buywhere", "description": "Search 1.5M+ products across 20+ platforms. Compare prices, find deals, browse categories.", "discovery_status": "observed", "display_name": "BuyWhere Product Catalog", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 300, "generated_at": "2026-06-07T19:20:29.192140+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-buywhere-catalog-api", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.buywhere/catalog-api", "repo_url": "https://github.com/BuyWhere/buywhere", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-buywhere-catalog-api", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-buywhere-catalog-api", "tools": [ "browse_categories", "buywhere", "compare_prices", "compare_products", "find_best_price", "get_category_products", "get_deals", "get_mcp_server", "get_product", "get_product_details", "get_purchase_options", "list_categories", "list_tools", "resolve_product_query", "search_products" ], "tools_count": 15, "top_findings": [ "Detected capability: database_access \u2014 bulk_ingest.py:15", "Detected capability: environment_access \u2014 ingest_dash.py:323", "Detected capability: filesystem_write_delete \u2014 ingest_gamestop.py:84" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-buywhere-catalog-api.html", "url": "https://github.com/BuyWhere/buywhere", "verdict_label": "Needs Oversight", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-calendarmcp-server", "calendarmcp", "CalendarMCP", "mcp-ai-calendarmcp-server", "mcp:ai-calendarmcp-server", "https://github.com/Full-Vibe/calendarmcp-public", "Full-Vibe/calendarmcp-public", "https-github-com-full-vibe-calendarmcp-public", "https://github.com/full-vibe/calendarmcp-public", "full-vibe-calendarmcp-public", "full-vibe/calendarmcp-public", "calendarmcp-public" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:full-vibe/calendarmcp-public", "canonical_url": "https://github.com/full-vibe/calendarmcp-public", "description": "Hosted Google Calendar MCP server for AI agents. No self-hosting or Google Cloud setup.", "discovery_status": "observed", "display_name": "CalendarMCP", "ecosystem": "mcp", "evidence_score": 43, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.192215+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "package_or_dependency_file_visible", "install_or_runtime_config_visible", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-calendarmcp-server", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.calendarmcp/server", "repo_url": "https://github.com/Full-Vibe/calendarmcp-public", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-calendarmcp-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-calendarmcp-server", "tools": [ "batch_update_events", "calendarmcp", "create_calendar", "create_event", "delete_event", "find_free_time", "get_event", "list_calendars", "list_events", "manage_attendees", "quick_add_event", "update_event" ], "tools_count": 12, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-calendarmcp-server.html", "url": "https://github.com/Full-Vibe/calendarmcp-public", "verdict_label": "Sandbox/Test OK", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-cirra-salesforce-mcp", "cirra-ai-salesforce-admin-mcp-server", "cirra ai salesforce admin mcp server", "Cirra AI Salesforce Admin MCP Server", "mcp:ai-cirra-salesforce-mcp", "mcp-ai-cirra-salesforce-mcp", "cirra-ai/mcp-server", "https-github-com-cirra-ai-mcp-server", "https://github.com/cirra-ai/mcp-server", "cirra-ai-mcp-server", "mcp-server" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:cirra-ai/mcp-server", "canonical_url": "https://github.com/cirra-ai/mcp-server", "description": "Comprehensive Salesforce administration and data management capabilities", "discovery_status": "observed", "display_name": "Cirra AI Salesforce Admin MCP Server", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.192224+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-cirra-salesforce-mcp", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.cirra/salesforce-mcp", "repo_url": "https://github.com/cirra-ai/mcp-server", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-cirra-salesforce-mcp", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-cirra-salesforce-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-cirra-salesforce-mcp.html", "url": "https://github.com/cirra-ai/mcp-server", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-clarid-compliance", "clarid hmda validator", "clarid-hmda-validator", "Clarid HMDA Validator", "mcp-ai-clarid-compliance", "mcp:ai-clarid-compliance", "https://github.com/clarid-ai/compliance-checker", "clarid-ai/compliance-checker", "https-github-com-clarid-ai-compliance-checker", "clarid-ai-compliance-checker", "compliance-checker" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:clarid-ai/compliance-checker", "canonical_url": "https://github.com/clarid-ai/compliance-checker", "description": "Validate HMDA LAR files against CFPB edit checks for community banks and credit unions.", "discovery_status": "observed", "display_name": "Clarid HMDA Validator", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.192229+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-clarid-compliance", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.clarid/hmda", "repo_url": "https://github.com/clarid-ai/compliance-checker", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-clarid-compliance", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-clarid-compliance", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-clarid-compliance.html", "url": "https://github.com/clarid-ai/compliance-checker", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-com-mcp-contabo", "HAPI Strava MCP Server", "hapi strava mcp server", "hapi-strava-mcp-server", "mcp-ai-com-mcp-contabo", "mcp:ai-com-mcp-contabo", "https-github-com-la-rebelion-hapimcp", "la-rebelion/hapimcp", "https://github.com/la-rebelion/hapimcp", "la-rebelion-hapimcp", "hapimcp" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:la-rebelion/hapimcp", "canonical_url": "https://github.com/la-rebelion/hapimcp", "description": "Strava MCP tools for AI: athletes, activities, segments, clubs, routes. Powered by HAPI MCP server.", "discovery_status": "observed", "display_name": "HAPI Strava MCP Server", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.192262+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "source_code_visible", "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "install_or_runtime_config_visible", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-com-mcp-contabo", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.com.mcp/strava", "repo_url": "https://github.com/la-rebelion/hapimcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-com-mcp-contabo", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-com-mcp-contabo", "tools": [], "tools_count": 0, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-com-mcp-contabo.html", "url": "https://github.com/la-rebelion/hapimcp", "verdict_label": "Sandbox/Test OK", "version": "3.0.0+0.7.1", "visible_controls": [] }, { "aliases": [ "ai-com-mcp-hapi-mcp", "HAPI MCP Server", "hapi-mcp-server", "hapi mcp server", "mcp:ai-com-mcp-hapi-mcp", "mcp-ai-com-mcp-hapi-mcp", "https-github-com-larebelion-hapimcp", "https://github.com/larebelion/hapimcp", "larebelion/hapimcp", "larebelion-hapimcp", "hapimcp" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:larebelion/hapimcp", "canonical_url": "https://github.com/larebelion/hapimcp", "description": "HAPI MCP server: Dynamically exposes OpenAPI REST APIs as MCP tools for AI assistants", "discovery_status": "observed", "display_name": "HAPI MCP Server", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.192270+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-com-mcp-hapi-mcp", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.com.mcp/hapi-mcp", "repo_url": "https://github.com/larebelion/hapimcp", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-com-mcp-hapi-mcp", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-com-mcp-hapi-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": true, "has_remotes": true, "package_registry_types": [ "oci" ], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-com-mcp-hapi-mcp.html", "url": "https://github.com/larebelion/hapimcp", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "0.6.0", "visible_controls": [] }, { "aliases": [ "ai-com-mcp-skills-search", "agent skills search server", "Agent Skills Search Server", "agent-skills-search-server", "mcp:ai-com-mcp-skills-search", "mcp-ai-com-mcp-skills-search", "agentskills/agentskills", "https://github.com/agentskills/agentskills", "https-github-com-agentskills-agentskills", "agentskills-agentskills", "agentskills" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:agentskills/agentskills", "canonical_url": "https://github.com/agentskills/agentskills", "description": "Search and discover Agent Skills from the skills.sh registry. Powered by HAPI MCP server.", "discovery_status": "observed", "display_name": "Agent Skills Search Server", "ecosystem": "mcp", "evidence_score": 29, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.192354+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "source_code_visible", "tool_definitions_visible", "tool_names_extracted", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-com-mcp-skills-search", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.com.mcp/skills-search", "repo_url": "https://github.com/agentskills/agentskills", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-com-mcp-skills-search", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-com-mcp-skills-search", "tools": [], "tools_count": 0, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-com-mcp-skills-search.html", "url": "https://github.com/agentskills/agentskills", "verdict_label": "Sandbox/Test OK", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-compeller-compel", "Compeller", "compeller", "mcp:ai-compeller-compel", "mcp-ai-compeller-compel", "https://github.com/compellerai/compeller-mcp", "https://github.com/Compellerai/compeller-mcp", "https-github-com-compellerai-compeller-mcp", "Compellerai/compeller-mcp", "compellerai-compeller-mcp", "compellerai/compeller-mcp", "compeller-mcp" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:compellerai/compeller-mcp", "canonical_url": "https://github.com/compellerai/compeller-mcp", "description": "Create and track AI music videos and audio-reactive visuals from songs.", "discovery_status": "observed", "display_name": "Compeller", "ecosystem": "mcp", "evidence_score": 14, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.192387+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "install_or_runtime_config_visible", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-compeller-compel", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.compeller/compel", "repo_url": "https://github.com/Compellerai/compeller-mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-compeller-compel", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-compeller-compel", "tools": [], "tools_count": 0, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-compeller-compel.html", "url": "https://github.com/Compellerai/compeller-mcp", "verdict_label": "Sandbox/Test OK", "version": "0.5.1", "visible_controls": [] }, { "aliases": [ "ai-cookiy-cookiy", "Cookiy", "cookiy", "mcp-ai-cookiy-cookiy", "mcp:ai-cookiy-cookiy", "cookiy-ai/cookiy-skill", "https://github.com/cookiy-ai/cookiy-skill", "https-github-com-cookiy-ai-cookiy-skill", "cookiy-ai-cookiy-skill", "cookiy-skill" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:cookiy-ai/cookiy-skill", "canonical_url": "https://github.com/cookiy-ai/cookiy-skill", "description": "AI user research via studies, interviews, recruitment, reports, and quantitative surveys.", "discovery_status": "observed", "display_name": "Cookiy", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.192394+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-cookiy-cookiy", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.cookiy/cookiy", "repo_url": "https://github.com/cookiy-ai/cookiy-skill", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-cookiy-cookiy", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-cookiy-cookiy", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-cookiy-cookiy.html", "url": "https://github.com/cookiy-ai/cookiy-skill", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.7.19", "visible_controls": [] }, { "aliases": [ "ai-cosmonote-notes", "Cosmonote", "cosmonote", "mcp:ai-cosmonote-notes", "mcp-ai-cosmonote-notes", "cosmonote/pocketbase", "https-github-com-cosmonote-pocketbase", "https://github.com/cosmonote/pocketbase", "cosmonote-pocketbase", "pocketbase" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:cosmonote/pocketbase", "canonical_url": "https://github.com/cosmonote/pocketbase", "description": "Access your Cosmonote audio notes, transcriptions, summaries, and action items.", "discovery_status": "observed", "display_name": "Cosmonote", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.192399+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-cosmonote-notes", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.cosmonote/notes", "repo_url": "https://github.com/cosmonote/pocketbase", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-cosmonote-notes", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-cosmonote-notes", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-cosmonote-notes.html", "url": "https://github.com/cosmonote/pocketbase", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-cueapi-mcp", "mcp-ai-cueapi-mcp", "mcp:ai-cueapi-mcp", "https-github-com-cueapi-cueapi-mcp", "cueapi/cueapi-mcp", "https://github.com/cueapi/cueapi-mcp", "cueapi-cueapi-mcp", "cueapi-mcp" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:cueapi/cueapi-mcp", "canonical_url": "https://github.com/cueapi/cueapi-mcp", "description": "Schedule agent work and report write-once outcomes via CueAPI from any MCP host.", "discovery_status": "observed", "display_name": "ai-cueapi-mcp", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 156, "generated_at": "2026-06-07T19:20:29.192553+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [ "tool_names_extracted" ], "name": "ai-cueapi-mcp", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.cueapi/mcp", "repo_url": "https://github.com/cueapi/cueapi-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-cueapi-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-cueapi-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Detected capability: shell_execution \u2014 src/index.ts:21", "Detected capability: database_access \u2014 package-lock.json:13", "Detected capability: environment_access \u2014 src/stdio-entry.ts:31" ], "transport": { "has_packages": true, "has_remotes": false, "package_registry_types": [ "npm" ], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-cueapi-mcp.html", "url": "https://github.com/cueapi/cueapi-mcp", "verdict_label": "Review Before Install", "version": "0.1.3", "visible_controls": [] }, { "aliases": [ "ai-deinai-creator-skill", "Creator SKILL \u2014 Influencer Discovery", "creator skill \u2014 influencer discovery", "creator-skill-influencer-discovery", "mcp-ai-deinai-creator-skill", "mcp:ai-deinai-creator-skill", "https-github-com-deinai-deinai-backend", "deinai/deinai_backend", "https://github.com/deinai/deinai_backend", "deinai-deinai-backend", "deinai_backend", "deinai-backend" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:deinai/deinai_backend", "canonical_url": "https://github.com/deinai/deinai_backend", "description": "AI influencer search on TikTok, Instagram, YouTube. Deinai MCP token required; credits per result.", "discovery_status": "observed", "display_name": "Creator SKILL \u2014 Influencer Discovery", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.192570+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-deinai-creator-skill", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.deinai/creator-skill", "repo_url": "https://github.com/deinai/deinai_backend", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-deinai-creator-skill", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-deinai-creator-skill", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": true, "has_remotes": true, "package_registry_types": [ "pypi" ], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-deinai-creator-skill.html", "url": "https://github.com/deinai/deinai_backend", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.2", "visible_controls": [] }, { "aliases": [ "ai-djwizard-tvwizard", "tvwizard", "TVWizard", "mcp:ai-djwizard-tvwizard", "mcp-ai-djwizard-tvwizard", "fizzious1/TVWizard-mcp", "https://github.com/fizzious1/tvwizard-mcp", "https://github.com/fizzious1/TVWizard-mcp", "https-github-com-fizzious1-tvwizard-mcp", "fizzious1-tvwizard-mcp", "fizzious1/tvwizard-mcp", "tvwizard-mcp" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:fizzious1/tvwizard-mcp", "canonical_url": "https://github.com/fizzious1/tvwizard-mcp", "description": "Control Android TV from any AI. 38 MCP tools: playback, recap, recommend, smart-home, schedules.", "discovery_status": "observed", "display_name": "TVWizard", "ecosystem": "mcp", "evidence_score": 14, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.192612+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "install_or_runtime_config_visible", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-djwizard-tvwizard", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.djwizard/tvwizard", "repo_url": "https://github.com/fizzious1/TVWizard-mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-djwizard-tvwizard", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-djwizard-tvwizard", "tools": [], "tools_count": 0, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-djwizard-tvwizard.html", "url": "https://github.com/fizzious1/TVWizard-mcp", "verdict_label": "Sandbox/Test OK", "version": "0.7.0", "visible_controls": [] }, { "aliases": [ "ai-dreamlit-mcp", "dreamlit", "Dreamlit", "mcp-ai-dreamlit-mcp", "mcp:ai-dreamlit-mcp", "https-github-com-dreamlit-ai-dreamlit-mcp", "https://github.com/dreamlit-ai/dreamlit-mcp", "dreamlit-ai/dreamlit-mcp", "dreamlit-ai-dreamlit-mcp", "dreamlit-mcp" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:dreamlit-ai/dreamlit-mcp", "canonical_url": "https://github.com/dreamlit-ai/dreamlit-mcp", "description": "Create, test, publish, and manage Dreamlit notification workflows from AI clients.", "discovery_status": "observed", "display_name": "Dreamlit", "ecosystem": "mcp", "evidence_score": 14, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.192646+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "install_or_runtime_config_visible", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-dreamlit-mcp", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.dreamlit/mcp", "repo_url": "https://github.com/dreamlit-ai/dreamlit-mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-dreamlit-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-dreamlit-mcp", "tools": [], "tools_count": 0, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-dreamlit-mcp.html", "url": "https://github.com/dreamlit-ai/dreamlit-mcp", "verdict_label": "Sandbox/Test OK", "version": "0.1.0", "visible_controls": [] }, { "aliases": [ "ai-drillr-drillr", "Drillr \u2014 The financial MCP for AI agents", "drillr-the-financial-mcp-for-ai-agents", "drillr \u2014 the financial mcp for ai agents", "mcp-ai-drillr-drillr", "mcp:ai-drillr-drillr", "https://github.com/Little-Grebe-Inc/drillr-mcp-server", "https-github-com-little-grebe-inc-drillr-mcp-server", "https://github.com/little-grebe-inc/drillr-mcp-server", "Little-Grebe-Inc/drillr-mcp-server", "little-grebe-inc-drillr-mcp-server", "little-grebe-inc/drillr-mcp-server", "drillr-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "Meaningful risk signals. Review before team or production use.", "canonical_id": "github:little-grebe-inc/drillr-mcp-server", "canonical_url": "https://github.com/little-grebe-inc/drillr-mcp-server", "description": "The financial MCP for AI agents - 90+ financial tables, SEC filings, signals, alt-data.", "discovery_status": "observed", "display_name": "Drillr \u2014 The financial MCP for AI agents", "ecosystem": "mcp", "evidence_score": 29, "evidence_status": "awaiting verification", "findings": 3, "generated_at": "2026-06-07T19:20:29.192685+00:00", "install_label": "Source Not Verified", "install_posture": "Needs Oversight", "internal_verdict": "medium_risk", "missing_evidence": [ "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "install_or_runtime_config_visible", "dangerous_capabilities_observable" ], "name": "ai-drillr-drillr", "normalized_repo_url_from": "url", "posture": "needs_oversight", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.drillr/drillr", "repo_url": "https://github.com/Little-Grebe-Inc/drillr-mcp-server", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-drillr-drillr", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-drillr-drillr", "tools": [], "tools_count": 0, "top_findings": [ "References credential or secret pattern: API_KEY_GENERIC \u2014 .claude-plugin/plugin.json:24" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-drillr-drillr.html", "url": "https://github.com/Little-Grebe-Inc/drillr-mcp-server", "verdict_label": "Install With Restrictions", "version": "2.1.0", "visible_controls": [] }, { "aliases": [ "ai-dynsoft-sac", "sac \u2014 software as content", "sac-software-as-content", "SaC \u2014 Software as Content", "mcp-ai-dynsoft-sac", "mcp:ai-dynsoft-sac", "https-github-com-software-as-content-software-as-content-sdk", "https://github.com/Software-As-Content/software-as-content-sdk", "https://github.com/software-as-content/software-as-content-sdk", "Software-As-Content/software-as-content-sdk", "software-as-content-software-as-content-sdk", "software-as-content/software-as-content-sdk", "software-as-content-sdk" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:software-as-content/software-as-content-sdk", "canonical_url": "https://github.com/software-as-content/software-as-content-sdk", "description": "Give your AI agent the ability to respond with live, interactive apps that evolve.", "discovery_status": "observed", "display_name": "SaC \u2014 Software as Content", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 168, "generated_at": "2026-06-07T19:20:29.192855+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [], "name": "ai-dynsoft-sac", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.dynsoft/sac", "repo_url": "https://github.com/Software-As-Content/software-as-content-sdk", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-dynsoft-sac", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-dynsoft-sac", "tools": [ "evolve_app", "generate_app", "get_conversation", "list_conversations", "send_chat", "wait_for_action" ], "tools_count": 6, "top_findings": [ "Detected capability: shell_execution \u2014 src/sac/cli.py:434", "Detected capability: environment_access \u2014 main.py:38", "Detected capability: filesystem_write_delete \u2014 src/sac/cli.py:160" ], "transport": { "has_packages": true, "has_remotes": false, "package_registry_types": [ "pypi" ], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-dynsoft-sac.html", "url": "https://github.com/Software-As-Content/software-as-content-sdk", "verdict_label": "Review Before Install", "version": "0.1.2", "visible_controls": [] }, { "aliases": [ "ai-exa-exa", "mcp-ai-exa-exa", "mcp:ai-exa-exa", "exa-labs/exa-mcp-server", "https-github-com-exa-labs-exa-mcp-server", "https://github.com/exa-labs/exa-mcp-server", "exa-labs-exa-mcp-server", "exa-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:exa-labs/exa-mcp-server", "canonical_url": "https://github.com/exa-labs/exa-mcp-server", "description": "Fast, intelligent web search and web crawling.\n\nNew mcp tool: Exa-code is a context tool for coding ", "discovery_status": "observed", "display_name": "ai-exa-exa", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 300, "generated_at": "2026-06-07T19:20:29.193154+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [], "name": "ai-exa-exa", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.exa/exa", "repo_url": "https://github.com/exa-labs/exa-mcp-server", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-exa-exa", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-exa-exa", "tools": [ "ExampleClient", "ExampleServer", "analyze-project", "calculate_sum", "claude", "claude-3-sonnet", "code", "code_review", "company_research_exa", "deep_researcher_check", "deep_researcher_start", "deep_search_exa", "example", "example.png", "example.txt", "fileUri", "framework", "get-alerts", "get-forecast", "get_alerts", "get_code_context_exa", "get_forecast", "get_weather", "get_weather_data", "language", "linkedin_search_exa", "main.rs", "octocat", "people_search_exa", "timeframe", "web_search_advanced_exa" ], "tools_count": 31, "top_findings": [ "Install risk pattern: curl_pipe_shell \u2014 llm_mcp_docs.txt:6036", "Detected capability: environment_access \u2014 api/mcp.ts:123", "References credential or secret pattern: DATABASE_URL \u2014 llm_mcp_docs.txt:1827" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-exa-exa.html", "url": "https://github.com/exa-labs/exa-mcp-server", "verdict_label": "Review Before Install", "version": "3.1.3", "visible_controls": [] }, { "aliases": [ "ai-example4-xmp4", "xmp4 \u2014 Semantic code knowledge for your stack", "xmp4-semantic-code-knowledge-for-your-stack", "xmp4 \u2014 semantic code knowledge for your stack", "mcp:ai-example4-xmp4", "mcp-ai-example4-xmp4", "https-github-com-0ics-srls-lsai-xmp4-public", "0ics-srls/lsai-xmp4.public", "https://github.com/0ics-srls/lsai-xmp4.public", "0ics-srls-lsai-xmp4-public", "lsai-xmp4-public", "lsai-xmp4.public" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:0ics-srls/lsai-xmp4.public", "canonical_url": "https://github.com/0ics-srls/lsai-xmp4.public", "description": "OSS libs in your stack, really used: source, tests, callers. C#, Java, TS, Python, Rust, PHP+.", "discovery_status": "observed", "display_name": "xmp4 \u2014 Semantic code knowledge for your stack", "ecosystem": "mcp", "evidence_score": 29, "evidence_status": "awaiting verification", "findings": 2, "generated_at": "2026-06-07T19:20:29.193229+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [ "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "install_or_runtime_config_visible", "env_or_credential_examples_visible" ], "name": "ai-example4-xmp4", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.example4/xmp4", "repo_url": "https://github.com/0ics-srls/lsai-xmp4.public", "risk_band": "elevated", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-example4-xmp4", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-example4-xmp4", "tools": [], "tools_count": 0, "top_findings": [ "Install risk pattern: curl_pipe_shell \u2014 html/llms.txt:12", "Detected capability: filesystem_write_delete \u2014 scripts/sync-skill.sh:21" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-example4-xmp4.html", "url": "https://github.com/0ics-srls/lsai-xmp4.public", "verdict_label": "Review Before Install", "version": "1.2.6", "visible_controls": [] }, { "aliases": [ "ai-explorium-mcp-explorium", "mcp-ai-explorium-mcp-explorium", "mcp:ai-explorium-mcp-explorium", "explorium-ai/mcp-explorium", "https://github.com/explorium-ai/mcp-explorium", "https-github-com-explorium-ai-mcp-explorium", "explorium-ai-mcp-explorium", "mcp-explorium" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:explorium-ai/mcp-explorium", "canonical_url": "https://github.com/explorium-ai/mcp-explorium", "description": "Access live company and contact data from Explorium's AgentSource B2B platform.", "discovery_status": "observed", "display_name": "ai-explorium-mcp-explorium", "ecosystem": "mcp", "evidence_score": 57, "evidence_status": "awaiting verification", "findings": 53, "generated_at": "2026-06-07T19:20:29.193311+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "tool_definitions_visible", "tool_names_extracted", "dangerous_capabilities_observable" ], "name": "ai-explorium-mcp-explorium", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.explorium/mcp-explorium", "repo_url": "https://github.com/explorium-ai/mcp-explorium", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-explorium-mcp-explorium", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-explorium-mcp-explorium", "tools": [], "tools_count": 0, "top_findings": [ "References credential or secret pattern: API_KEY_GENERIC \u2014 entrypoint.sh:3", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:16" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-explorium-mcp-explorium.html", "url": "https://github.com/explorium-ai/mcp-explorium", "verdict_label": "Needs Oversight", "version": "1.0.1", "visible_controls": [] }, { "aliases": [ "ai-fiber-mcp", "Fiber AI", "fiber-ai", "fiber ai", "mcp-ai-fiber-mcp", "mcp:ai-fiber-mcp", "fiber-ai/mcp", "https://github.com/fiber-ai/mcp", "https-github-com-fiber-ai-mcp", "fiber-ai-mcp", "mcp" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:fiber-ai/mcp", "canonical_url": "https://github.com/fiber-ai/mcp", "description": "Search companies, enrich contacts, and reveal emails and phones from your AI agent.", "discovery_status": "observed", "display_name": "Fiber AI", "ecosystem": "mcp", "evidence_score": 14, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.193353+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "install_or_runtime_config_visible", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-fiber-mcp", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.fiber/mcp", "repo_url": "https://github.com/fiber-ai/mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-fiber-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-fiber-mcp", "tools": [], "tools_count": 0, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-fiber-mcp.html", "url": "https://github.com/fiber-ai/mcp", "verdict_label": "Sandbox/Test OK", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-filegraph-document-processing", "mcp-ai-filegraph-document-processing", "mcp:ai-filegraph-document-processing", "filegraph/docconvert", "https-github-com-filegraph-docconvert", "https://github.com/filegraph/docconvert", "filegraph-docconvert", "docconvert" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:filegraph/docconvert", "canonical_url": "https://github.com/filegraph/docconvert", "description": "Extract text from documents, manipulate PDFs, and perform OCR on images.", "discovery_status": "observed", "display_name": "ai-filegraph-document-processing", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.193361+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-filegraph-document-processing", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.filegraph/document-processing", "repo_url": "https://github.com/filegraph/docconvert", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-filegraph-document-processing", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-filegraph-document-processing", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "sse" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-filegraph-document-processing.html", "url": "https://github.com/filegraph/docconvert", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.1", "visible_controls": [] }, { "aliases": [ "ai-fodda-mcp-server", "Fodda Knowledge Graphs", "fodda-knowledge-graphs", "fodda knowledge graphs", "mcp-ai-fodda-mcp-server", "mcp:ai-fodda-mcp-server", "https://github.com/fodda/mcp-server", "fodda/mcp-server", "https-github-com-fodda-mcp-server", "fodda-mcp-server", "mcp-server" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:fodda/mcp-server", "canonical_url": "https://github.com/fodda/mcp-server", "description": "Expert-curated knowledge graphs for AI agents \u2014 PSFK Retail, Beauty, Sports and more.", "discovery_status": "observed", "display_name": "Fodda Knowledge Graphs", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.193367+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-fodda-mcp-server", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.fodda/mcp-server", "repo_url": "https://github.com/fodda/mcp-server", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-fodda-mcp-server", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-fodda-mcp-server", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": true, "has_remotes": true, "package_registry_types": [ "npm" ], "remote_types": [ "sse" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-fodda-mcp-server.html", "url": "https://github.com/fodda/mcp-server", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.3.0", "visible_controls": [] }, { "aliases": [ "ai-gavelin-mcp", "gavelin", "Gavelin", "mcp:ai-gavelin-mcp", "mcp-ai-gavelin-mcp", "https://github.com/gavelin-ai/mcp", "gavelin-ai/mcp", "https-github-com-gavelin-ai-mcp", "gavelin-ai-mcp", "mcp" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:gavelin-ai/mcp", "canonical_url": "https://github.com/gavelin-ai/mcp", "description": "Search bills and speaker-attributed hearing transcripts across all 50 US state legislatures.", "discovery_status": "observed", "display_name": "Gavelin", "ecosystem": "mcp", "evidence_score": 71, "evidence_status": "awaiting verification", "findings": 48, "generated_at": "2026-06-07T19:20:29.193441+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "tool_definitions_visible", "tool_names_extracted" ], "name": "ai-gavelin-mcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.gavelin/mcp", "repo_url": "https://github.com/gavelin-ai/mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "sensitive_context", "score": null, "score_adjusted": false, "slug": "ai-gavelin-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-gavelin-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Detected capability: environment_access \u2014 proxy.js:13", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:10", "References credential or secret pattern: API_KEY_GENERIC \u2014 proxy.js:13" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-gavelin-mcp.html", "url": "https://github.com/gavelin-ai/mcp", "verdict_label": "Needs Oversight", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-getperspective-mcp", "perspective ai", "Perspective AI", "perspective-ai", "mcp-ai-getperspective-mcp", "mcp:ai-getperspective-mcp", "https://github.com/perspective-ai/mcp", "Perspective-AI/mcp", "https://github.com/Perspective-AI/mcp", "https-github-com-perspective-ai-mcp", "perspective-ai-mcp", "perspective-ai/mcp", "mcp" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:perspective-ai/mcp", "canonical_url": "https://github.com/perspective-ai/mcp", "description": "An AI concierge that turns static forms into adaptive AI conversations. From any MCP client.", "discovery_status": "observed", "display_name": "Perspective AI", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 54, "generated_at": "2026-06-07T19:20:29.193535+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-getperspective-mcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.getperspective/mcp", "repo_url": "https://github.com/Perspective-AI/mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-getperspective-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-getperspective-mcp", "tools": [ "automation_create", "automation_delete", "automation_list", "automation_test", "automation_update", "integration_manage", "participant_invite", "perspective", "perspective_await_job", "perspective_create", "perspective_get", "perspective_get_conversation", "perspective_get_conversations", "perspective_get_embed_options", "perspective_get_preview_link", "perspective_get_stats", "perspective_list", "perspective_list_conversations", "perspective_respond", "perspective_update", "workspace_get", "workspace_get_default", "workspace_list" ], "tools_count": 23, "top_findings": [ "Detected capability: wallet_payment \u2014 scripts/publish-registry.sh:15", "Detected capability: environment_access \u2014 server.js:15", "References credential or secret pattern: API_KEY_GENERIC \u2014 manifest.json:30" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-getperspective-mcp.html", "url": "https://github.com/Perspective-AI/mcp", "verdict_label": "Needs Oversight", "version": "0.0.8", "visible_controls": [] }, { "aliases": [ "ai-haymon-dbmcp", "mcp:ai-haymon-dbmcp", "mcp-ai-haymon-dbmcp", "https-github-com-haymon-ai-dbmcp", "haymon-ai/dbmcp", "https://github.com/haymon-ai/dbmcp", "haymon-ai-dbmcp", "dbmcp" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:haymon-ai/dbmcp", "canonical_url": "https://github.com/haymon-ai/dbmcp", "description": "Database MCP server for MySQL, MariaDB, PostgreSQL & SQLite with PII redaction and write-prevention", "discovery_status": "observed", "display_name": "ai-haymon-dbmcp", "ecosystem": "mcp", "evidence_score": 71, "evidence_status": "awaiting verification", "findings": 40, "generated_at": "2026-06-07T19:20:29.193629+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "tool_definitions_visible", "tool_names_extracted" ], "name": "ai-haymon-dbmcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.haymon/dbmcp", "repo_url": "https://github.com/haymon-ai/dbmcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-haymon-dbmcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-haymon-dbmcp", "tools": [], "tools_count": 0, "top_findings": [ "Detected capability: database_access \u2014 .cargo/audit.toml:4", "References credential or secret pattern: AWS_ACCESS_KEY_ID \u2014 crates/pii/benches/corpus/api_key.toml:2", "References credential or secret pattern: GITHUB_TOKEN \u2014 crates/pii/benches/corpus/api_key.toml:3" ], "transport": { "has_packages": true, "has_remotes": false, "package_registry_types": [ "oci" ], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-haymon-dbmcp.html", "url": "https://github.com/haymon-ai/dbmcp", "verdict_label": "Needs Oversight", "version": "0.13.2", "visible_controls": [] }, { "aliases": [ "ai-helixar-mcp", "helixar security", "Helixar Security", "helixar-security", "mcp:ai-helixar-mcp", "mcp-ai-helixar-mcp", "https://github.com/Helixar-AI/helixar-mcp", "https://github.com/helixar-ai/helixar-mcp", "https-github-com-helixar-ai-helixar-mcp", "Helixar-AI/helixar-mcp", "helixar-ai/helixar-mcp", "helixar-ai-helixar-mcp", "helixar-mcp" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:helixar-ai/helixar-mcp", "canonical_url": "https://github.com/helixar-ai/helixar-mcp", "description": "Security tools for AI agents: scan MCP servers, validate HDP delegation chains, audit releases.", "discovery_status": "observed", "display_name": "Helixar Security", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 213, "generated_at": "2026-06-07T19:20:29.193864+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [], "name": "ai-helixar-mcp", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.helixar/mcp", "repo_url": "https://github.com/Helixar-AI/helixar-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-helixar-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-helixar-mcp", "tools": [ "delete_repository", "dev-toolkit", "export_all_users", "fetch_url", "helixar-security" ], "tools_count": 5, "top_findings": [ "Detected capability: shell_execution \u2014 src/lib/releaseguard-runner.ts:18", "Detected capability: environment_access \u2014 src/lib/narrate.ts:24", "References credential or secret pattern: ANTHROPIC_API_KEY \u2014 src/lib/narrate.ts:24" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-helixar-mcp.html", "url": "https://github.com/Helixar-AI/helixar-mcp", "verdict_label": "Review Before Install", "version": "0.0.1", "visible_controls": [] }, { "aliases": [ "ai-i18nagent-i18n-agent", "i18n-agent", "mcp-ai-i18nagent-i18n-agent", "mcp:ai-i18nagent-i18n-agent", "https://github.com/i18n-agent/mcp-client", "i18n-agent/mcp-client", "https-github-com-i18n-agent-mcp-client", "i18n-agent-mcp-client", "mcp-client" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:i18n-agent/mcp-client", "canonical_url": "https://github.com/i18n-agent/mcp-client", "description": "AI-powered translation for 48 languages with context-aware quality", "discovery_status": "observed", "display_name": "i18n-agent", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 116, "generated_at": "2026-06-07T19:20:29.194032+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [ "tool_names_extracted" ], "name": "ai-i18nagent-i18n-agent", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.i18nagent/i18n-agent", "repo_url": "https://github.com/i18n-agent/mcp-client", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-i18nagent-i18n-agent", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-i18nagent-i18n-agent", "tools": [], "tools_count": 0, "top_findings": [ "Detected capability: shell_execution \u2014 i18n-agent.js:202", "Broad or write-capable OAuth/API scope: github_write_scope \u2014 .claude-plugin/marketplace.json:18", "Detected capability: environment_access \u2014 i18n-agent.js:48" ], "transport": { "has_packages": true, "has_remotes": true, "package_registry_types": [ "npm" ], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-i18nagent-i18n-agent.html", "url": "https://github.com/i18n-agent/mcp-client", "verdict_label": "Review Before Install", "version": "1.16.3", "visible_controls": [] }, { "aliases": [ "ai-imboard-dossier", "mcp-ai-imboard-dossier", "mcp:ai-imboard-dossier", "https://github.com/imboard-ai/ai-dossier", "https-github-com-imboard-ai-ai-dossier", "imboard-ai/ai-dossier", "imboard-ai-ai-dossier", "ai-dossier" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:imboard-ai/ai-dossier", "canonical_url": "https://github.com/imboard-ai/ai-dossier", "description": "MCP server for dossier automation standard - enables LLMs to discover, verify, and execute dossiers", "discovery_status": "observed", "display_name": "ai-imboard-dossier", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 300, "generated_at": "2026-06-07T19:20:29.194313+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-imboard-dossier", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.imboard/dossier", "repo_url": "https://github.com/imboard-ai/ai-dossier", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-imboard-dossier", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-imboard-dossier", "tools": [ "deploy-to-aws", "project-init" ], "tools_count": 2, "top_findings": [ "Detected capability: filesystem_write_delete \u2014 KEYS.txt:41", "References credential or secret pattern: JWT_SECRET \u2014 registry/e2e-trace-test.mjs:3", "Detected capability: environment_access \u2014 registry/e2e-trace-test.mjs:14" ], "transport": { "has_packages": true, "has_remotes": false, "package_registry_types": [ "npm" ], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-imboard-dossier.html", "url": "https://github.com/imboard-ai/ai-dossier", "verdict_label": "Needs Oversight", "version": "1.0.4", "visible_controls": [] }, { "aliases": [ "ai-inflowpay-app-inflow", "mcp:ai-inflowpay-app-inflow", "mcp-ai-inflowpay-app-inflow", "inflowpayai/inflow-mcp", "https-github-com-inflowpayai-inflow-mcp", "https://github.com/inflowpayai/inflow-mcp", "inflowpayai-inflow-mcp", "inflow-mcp" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:inflowpayai/inflow-mcp", "canonical_url": "https://github.com/inflowpayai/inflow-mcp", "description": "MCP Server for agents to onboard, pay, and provision services autonomously with InFlow", "discovery_status": "observed", "display_name": "ai-inflowpay-app-inflow", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.194382+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "source_code_visible", "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "install_or_runtime_config_visible", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-inflowpay-app-inflow", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.inflowpay.app/inflow", "repo_url": "https://github.com/inflowpayai/inflow-mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-inflowpay-app-inflow", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-inflowpay-app-inflow", "tools": [], "tools_count": 0, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-inflowpay-app-inflow.html", "url": "https://github.com/inflowpayai/inflow-mcp", "verdict_label": "Sandbox/Test OK", "version": "1.0.3", "visible_controls": [] }, { "aliases": [ "ai-kawacode-mcp", "kawa-code", "kawa code", "Kawa Code", "mcp-ai-kawacode-mcp", "mcp:ai-kawacode-mcp", "https://github.com/kawacode-ai/kawa.mcp", "kawacode-ai/kawa.mcp", "https-github-com-kawacode-ai-kawa-mcp", "kawacode-ai-kawa-mcp", "kawa.mcp", "kawa-mcp" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:kawacode-ai/kawa.mcp", "canonical_url": "https://github.com/kawacode-ai/kawa.mcp", "description": "Team-aware memory: intent, decisions, real-time conflicts for AI coding assistants.", "discovery_status": "observed", "display_name": "Kawa Code", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 22, "generated_at": "2026-06-07T19:20:29.194438+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [ "tool_names_extracted" ], "name": "ai-kawacode-mcp", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.kawacode/mcp", "repo_url": "https://github.com/kawacode-ai/kawa.mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-kawacode-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-kawacode-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Detected capability: shell_execution \u2014 src/tools/resolve-origin.ts:1", "Detected capability: wallet_payment \u2014 deploy.sh:36", "Detected capability: filesystem_write_delete \u2014 deploy.sh:79" ], "transport": { "has_packages": true, "has_remotes": false, "package_registry_types": [ "npm" ], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-kawacode-mcp.html", "url": "https://github.com/kawacode-ai/kawa.mcp", "verdict_label": "Review Before Install", "version": "6.1.5", "visible_controls": [] }, { "aliases": [ "ai-klavis-strata", "mcp-ai-klavis-strata", "mcp:ai-klavis-strata", "https-github-com-klavis-ai-klavis", "Klavis-AI/klavis", "https://github.com/Klavis-AI/klavis", "https://github.com/klavis-ai/klavis", "klavis-ai-klavis", "klavis-ai/klavis", "klavis" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:klavis-ai/klavis", "canonical_url": "https://github.com/klavis-ai/klavis", "description": "MCP server for progressive tool usage at any scale (see https://klavis.ai)", "discovery_status": "observed", "display_name": "ai-klavis-strata", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 300, "generated_at": "2026-06-07T19:20:29.194804+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [], "name": "ai-klavis-strata", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.klavis/strata", "repo_url": "https://github.com/Klavis-AI/klavis", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-klavis-strata", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-klavis-strata", "tools": [ "Authenticate", "FLUX_1_Kontext_Dev__lambda_", "FLUX_1_Kontext_Dev_infer", "High", "OmniParser_v2_process", "Upstash", "abidlabs_EasyGhiblisingle_condition_generate_image", "acquire_and_set_token", "add_attendees_to_event", "add_columns", "add_endnote_to_document", "add_footnote_after_text", "add_footnote_before_text", "add_footnote_enhanced", "add_footnote_robust", "add_footnote_to_document", "add_heading", "add_issue_comment", "add_multiple_reactions", "add_observations", "add_page_break", "add_paragraph", "add_picture", "add_reaction", "add_rows", "add_shape_direct", "add_slide", "add_table", "apply_formula", "apply_table_alternating_rows", "auto_fit_table_columns", "batch_update", "batch_update_cells", "batch_update_presentation", "bigquery_cancel_job", "bigquery_create_dataset", "bigquery_export_table", "bigquery_get_dataset_info", "bigquery_list_datasets", "bigquery_list_jobs", "bigquery_load_csv_data", "bigquery_run_query", "build_files_list_params", "build_files_list_query", "calculate", "check_connection", "compute_create_instance", "compute_delete_instance", "compute_get_instance", "compute_list_instances", "compute_list_zones", "compute_restart_instance", "compute_start_instance", "compute_stop_instance", "compute_wait_for_operation", "context7", "convert_to_pdf", "copy_document", "copy_range", "copy_worksheet", "create_blank_document", "create_branch", "create_chart", "create_custom_style", "create_document", "create_document_from_text", "create_entities", "create_event", "create_folder", "create_issue", "create_or_update_file", "create_pivot_table", "create_presentation", "create_presentation_wrapper", "create_pull_request", "create_pull_request_review_comment", "create_relations", "create_repository", "create_server", "create_services", "create_shared_drive", "create_sheet", "create_sheets_tool", "create_spreadsheet", "create_spreadsheet_tool", "create_sql_driver", "create_strata_server", "create_table", "create_test_mcp_server", "create_text_channel", "create_workbook", "create_worksheet", "customize_footnote_style", "debug_log", "delete_draft", "delete_email", "delete_emails", "delete_entities", "delete_event", "delete_folder", "delete_footnote_from_document", "delete_footnote_robust", "delete_observations", "delete_paragraph", "delete_range", "delete_relations", "delete_sheet_columns", "delete_sheet_rows", "delete_worksheet", "displayName", "download_attachment", "echo", "emailAddress.name", "emoji.name", "export_emails", "fetch_and_parse", "fetch_content", "filesystem_create_directory", "filesystem_directory_tree", "filesystem_edit_file", "filesystem_get_file_info", "filesystem_list_allowed_directories", "filesystem_list_directory", "filesystem_list_directory_with_sizes", "filesystem_move_file", "filesystem_read_file", "filesystem_read_media_file", "filesystem_read_multiple_files", "filesystem_read_text_file", "filesystem_search_files", "filesystem_write_file", "find_in_spreadsheet", "find_text_in_document", "from_fetched_transcript_snippet", "get_all_documents", "get_all_tools", "get_api_key", "get_auth_token", "get_auth_token_or_empty", "get_bigquery_manager", "get_calendar_service", "get_compute_manager", "get_container_runtime", "get_credentials", "get_current_presentation", "get_current_presentation_id", "get_current_time", "get_database_url", "get_day_of_week", "get_docs_service", "get_document_by_id", "get_document_content_by_id", "get_drive_service", "get_excel_path", "get_file_tree_structure", "get_financial_statement", "get_historical_stock_prices", "get_holder_info", "get_logging_manager", "get_message_split_token", "get_multiple_sheet_data", "get_multiple_spreadsheet_summary", "get_object_details_tool", "get_option_chain", "get_option_expiration_dates", "get_path", "get_pdf_info", "get_people_service", "get_presentation", "get_recommendations", "get_server_info", "get_sheet_data", "get_sheet_formulas", "get_sheets_service", "get_slides_service", "get_spreadsheet_info", "get_spreadsheet_tool", "get_stock_actions", "get_stock_info", "get_stock_price_by_date", "get_storage_manager", "get_template_search_directories", "get_tool_definitions", "get_tool_schema", "get_tools_for_server", "get_top_queries_tool", "get_transport_config", "get_user_info", "get_yahoo_finance_news", "git_add", "git_branch", "git_checkout", "git_commit", "git_create_branch", "git_diff", "git_diff_staged", "git_diff_unstaged", "git_log", "git_reset", "git_show" ], "tools_count": 200, "top_findings": [ "Detected capability: docker_privilege \u2014 mcp_servers/postgres/Dockerfile:53", "Detected capability: shell_execution \u2014 mcp_servers/postgres/src/postgres_mcp/sql/safe_sql.py:615", "Detected capability: environment_access \u2014 mcp_servers/exa_atlas/src/index.ts:53" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-klavis-strata.html", "url": "https://github.com/Klavis-AI/klavis", "verdict_label": "Review Before Install", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-kolens-kolens-mcp", "KOLens", "kolens", "mcp-ai-kolens-kolens-mcp", "mcp:ai-kolens-kolens-mcp", "https-github-com-mira-gift-hq-kolagent", "https://github.com/mira-gift-hq/kolagent", "https://github.com/mira-gift-hq/KOLAgent", "mira-gift-hq/KOLAgent", "mira-gift-hq/kolagent", "mira-gift-hq-kolagent", "kolagent" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:mira-gift-hq/kolagent", "canonical_url": "https://github.com/mira-gift-hq/kolagent", "description": "TikTok KOL intelligence with a public MCP remote for search, profiles, lists, and alerts.", "discovery_status": "observed", "display_name": "KOLens", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.194829+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-kolens-kolens-mcp", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.kolens/kolens-mcp", "repo_url": "https://github.com/mira-gift-hq/KOLAgent", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-kolens-kolens-mcp", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-kolens-kolens-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-kolens-kolens-mcp.html", "url": "https://github.com/mira-gift-hq/KOLAgent", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-kubit-mcp-server", "kubit", "Kubit", "mcp-ai-kubit-mcp-server", "mcp:ai-kubit-mcp-server", "https-github-com-kubit-ai-mcp-server", "https://github.com/kubit-ai/mcp-server", "https://github.com/Kubit-AI/mcp-server", "Kubit-AI/mcp-server", "kubit-ai/mcp-server", "kubit-ai-mcp-server", "mcp-server" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:kubit-ai/mcp-server", "canonical_url": "https://github.com/kubit-ai/mcp-server", "description": "Bring Kubit into your AI workflow \u2014 query your warehouse with natural language", "discovery_status": "observed", "display_name": "Kubit", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.194889+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "source_code_visible", "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "install_or_runtime_config_visible", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-kubit-mcp-server", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.kubit/mcp-server", "repo_url": "https://github.com/Kubit-AI/mcp-server", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-kubit-mcp-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-kubit-mcp-server", "tools": [], "tools_count": 0, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-kubit-mcp-server.html", "url": "https://github.com/Kubit-AI/mcp-server", "verdict_label": "Sandbox/Test OK", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-lattiq-x402-trading-signals", "Lattiq x402 Trading Signals", "lattiq-x402-trading-signals", "lattiq x402 trading signals", "mcp:ai-lattiq-x402-trading-signals", "mcp-ai-lattiq-x402-trading-signals", "https://github.com/PoopsDavis/lattiq-mcp", "https-github-com-poopsdavis-lattiq-mcp", "https://github.com/poopsdavis/lattiq-mcp", "PoopsDavis/lattiq-mcp", "poopsdavis/lattiq-mcp", "poopsdavis-lattiq-mcp", "lattiq-mcp" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:poopsdavis/lattiq-mcp", "canonical_url": "https://github.com/poopsdavis/lattiq-mcp", "description": "Regime-aware ES1/NQ futures trading signals. HMM + 15 quant strategies. x402 USDC micropayments.", "discovery_status": "observed", "display_name": "Lattiq x402 Trading Signals", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.194899+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-lattiq-x402-trading-signals", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.lattiq/x402-trading-signals", "repo_url": "https://github.com/PoopsDavis/lattiq-mcp", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-lattiq-x402-trading-signals", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-lattiq-x402-trading-signals", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-lattiq-x402-trading-signals.html", "url": "https://github.com/PoopsDavis/lattiq-mcp", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-law-mcp-lawyer-search", "law.ai \u2014 lawyer search", "Law.AI \u2014 Lawyer Search", "law-ai-lawyer-search", "mcp-ai-law-mcp-lawyer-search", "mcp:ai-law-mcp-lawyer-search", "https-github-com-risk-ai-lawai-mcp-server", "risk-ai/lawai-mcp-server", "https://github.com/risk-ai/lawai-mcp-server", "risk-ai-lawai-mcp-server", "lawai-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:risk-ai/lawai-mcp-server", "canonical_url": "https://github.com/risk-ai/lawai-mcp-server", "description": "Verified lawyer and attorney search, discovery, and matching for AI \u2014 991K+ US profiles.", "discovery_status": "observed", "display_name": "Law.AI \u2014 Lawyer Search", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 62, "generated_at": "2026-06-07T19:20:29.194987+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-law-mcp-lawyer-search", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.law.mcp/lawyer-search", "repo_url": "https://github.com/risk-ai/lawai-mcp-server", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "sensitive_context", "score": null, "score_adjusted": false, "slug": "ai-law-mcp-lawyer-search", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-law-mcp-lawyer-search", "tools": [ "find_lawyer_by_name", "get_jurisdictions", "get_lawyer_profile", "get_legal_cost_estimate", "get_practice_areas", "match_lawyer_to_matter", "search_lawyers" ], "tools_count": 7, "top_findings": [ "Detected capability: environment_access \u2014 src/auth.ts:11", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11", "Configuration environment variable access \u2014 src/auth.ts:15" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-law-mcp-lawyer-search.html", "url": "https://github.com/risk-ai/lawai-mcp-server", "verdict_label": "Needs Oversight", "version": "0.2.3", "visible_controls": [] }, { "aliases": [ "ai-limitguard-api-trust-intelligence", "limitguard-trust-intelligence", "limitguard trust intelligence", "LimitGuard Trust Intelligence", "mcp:ai-limitguard-api-trust-intelligence", "mcp-ai-limitguard-api-trust-intelligence", "JWconsultancy1234/limitguard-ai", "https-github-com-jwconsultancy1234-limitguard-ai", "https://github.com/jwconsultancy1234/limitguard-ai", "https://github.com/JWconsultancy1234/limitguard-ai", "jwconsultancy1234-limitguard-ai", "jwconsultancy1234/limitguard-ai", "limitguard-ai" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:jwconsultancy1234/limitguard-ai", "canonical_url": "https://github.com/jwconsultancy1234/limitguard-ai", "description": "Entity verification, sanctions screening, and trust scoring for AI agents.", "discovery_status": "observed", "display_name": "LimitGuard Trust Intelligence", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.195002+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-limitguard-api-trust-intelligence", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.limitguard.api/trust-intelligence", "repo_url": "https://github.com/JWconsultancy1234/limitguard-ai", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-limitguard-api-trust-intelligence", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-limitguard-api-trust-intelligence", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-limitguard-api-trust-intelligence.html", "url": "https://github.com/JWconsultancy1234/limitguard-ai", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.1", "visible_controls": [] }, { "aliases": [ "ai-lucasandersen-mlp-tax", "MLP Tax Computation Engine", "mlp tax computation engine", "mlp-tax-computation-engine", "mcp:ai-lucasandersen-mlp-tax", "mcp-ai-lucasandersen-mlp-tax", "https-github-com-luc253-lucasandersen-ai", "https://github.com/luc253/lucasandersen-ai", "luc253/lucasandersen-ai", "luc253-lucasandersen-ai", "lucasandersen-ai" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:luc253/lucasandersen-ai", "canonical_url": "https://github.com/luc253/lucasandersen-ai", "description": "Deterministic MLP tax engine with IRS citations. 6 tools: basis, \u00a7751, estate, projections.", "discovery_status": "observed", "display_name": "MLP Tax Computation Engine", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.195006+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-lucasandersen-mlp-tax", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.lucasandersen/mlp-tax", "repo_url": "https://github.com/luc253/lucasandersen-ai", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-lucasandersen-mlp-tax", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-lucasandersen-mlp-tax", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-lucasandersen-mlp-tax.html", "url": "https://github.com/luc253/lucasandersen-ai", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-ludo-game-assets", "ludo ai game assets", "Ludo AI Game Assets", "ludo-ai-game-assets", "mcp:ai-ludo-game-assets", "mcp-ai-ludo-game-assets", "https://github.com/ludo-ai/ludo-mcp", "https://github.com/Ludo-AI/ludo-mcp", "https-github-com-ludo-ai-ludo-mcp", "Ludo-AI/ludo-mcp", "ludo-ai/ludo-mcp", "ludo-ai-ludo-mcp", "ludo-mcp" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:ludo-ai/ludo-mcp", "canonical_url": "https://github.com/ludo-ai/ludo-mcp", "description": "Generate game assets with AI: sprites, 3D models, animations, sound effects, music, and voices.", "discovery_status": "observed", "display_name": "Ludo AI Game Assets", "ecosystem": "mcp", "evidence_score": 14, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.195050+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "install_or_runtime_config_visible", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-ludo-game-assets", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.ludo/game-assets", "repo_url": "https://github.com/Ludo-AI/ludo-mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-ludo-game-assets", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-ludo-game-assets", "tools": [], "tools_count": 0, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-ludo-game-assets.html", "url": "https://github.com/Ludo-AI/ludo-mcp", "verdict_label": "Sandbox/Test OK", "version": "0.9.0", "visible_controls": [] }, { "aliases": [ "ai-mailjunky-mcp", "mailjunky", "MailJunky", "mcp:ai-mailjunky-mcp", "mcp-ai-mailjunky-mcp", "https://github.com/TheNightProject/tnp.web.mailjunky.ai", "https://github.com/thenightproject/tnp.web.mailjunky.ai", "TheNightProject/tnp.web.mailjunky.ai", "https-github-com-thenightproject-tnp-web-mailjunky-ai", "thenightproject/tnp.web.mailjunky.ai", "thenightproject-tnp-web-mailjunky-ai", "tnp-web-mailjunky-ai", "tnp.web.mailjunky.ai" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:thenightproject/tnp.web.mailjunky.ai", "canonical_url": "https://github.com/thenightproject/tnp.web.mailjunky.ai", "description": "Send emails, track events, and manage contacts with MailJunky.", "discovery_status": "observed", "display_name": "MailJunky", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.195057+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-mailjunky-mcp", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.mailjunky/mcp", "repo_url": "https://github.com/TheNightProject/tnp.web.mailjunky.ai", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-mailjunky-mcp", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-mailjunky-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "sse" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-mailjunky-mcp.html", "url": "https://github.com/TheNightProject/tnp.web.mailjunky.ai", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "0.1.0", "visible_controls": [] }, { "aliases": [ "ai-marketcore-mcp", "marcora", "Marcora", "mcp-ai-marketcore-mcp", "mcp:ai-marketcore-mcp", "https-github-com-ccromp-marcora-mcp", "ccromp/marcora-mcp", "https://github.com/ccromp/marcora-mcp", "ccromp-marcora-mcp", "marcora-mcp" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:ccromp/marcora-mcp", "canonical_url": "https://github.com/ccromp/marcora-mcp", "description": "Tools for creating on-brand marketing content using Marcora's intelligent context infrastructure.", "discovery_status": "observed", "display_name": "Marcora", "ecosystem": "mcp", "evidence_score": 14, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.195088+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "install_or_runtime_config_visible", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-marketcore-mcp", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.marketcore/mcp", "repo_url": "https://github.com/ccromp/marcora-mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-marketcore-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-marketcore-mcp", "tools": [], "tools_count": 0, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "sse", "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-marketcore-mcp.html", "url": "https://github.com/ccromp/marcora-mcp", "verdict_label": "Sandbox/Test OK", "version": "1.0.4", "visible_controls": [] }, { "aliases": [ "ai-marketintell-marketintell", "mcp:ai-marketintell-marketintell", "mcp-ai-marketintell-marketintell", "ravidsrk/marketintell/tree/main/apps/api", "https-github-com-ravidsrk-marketintell-tree-main-apps-api", "https://github.com/ravidsrk/marketintell/tree/main/apps/api", "ravidsrk-marketintell", "ravidsrk/marketintell", "marketintell", "https-github-com-ravidsrk-marketintell", "https://github.com/ravidsrk/marketintell" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:ravidsrk/marketintell", "canonical_url": "https://github.com/ravidsrk/marketintell", "description": "AI analyst desk for stocks, options & crypto with sourced trade setups and a public accuracy record.", "discovery_status": "observed", "display_name": "ai-marketintell-marketintell", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.195096+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-marketintell-marketintell", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.marketintell/marketintell", "repo_url": "https://github.com/ravidsrk/marketintell", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-marketintell-marketintell", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-marketintell-marketintell", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": true, "has_remotes": true, "package_registry_types": [ "npm" ], "remote_types": [ "sse", "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-marketintell-marketintell.html", "url": "https://github.com/ravidsrk/marketintell/tree/main/apps/api", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "0.3.1", "visible_controls": [] }, { "aliases": [ "ai-mcpanalytics-analytics", "mcp-ai-mcpanalytics-analytics", "mcp:ai-mcpanalytics-analytics", "https-github-com-embeddedlayers-mcp-analytics", "https://github.com/embeddedlayers/mcp-analytics", "embeddedlayers/mcp-analytics", "embeddedlayers-mcp-analytics", "mcp-analytics" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:embeddedlayers/mcp-analytics", "canonical_url": "https://github.com/embeddedlayers/mcp-analytics", "description": "Analytics for business data: upload CSV or connect GA4/GSC, run ML/stats, get HTML reports.", "discovery_status": "observed", "display_name": "ai-mcpanalytics-analytics", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 49, "generated_at": "2026-06-07T19:20:29.195172+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "tool_names_extracted" ], "name": "ai-mcpanalytics-analytics", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.mcpanalytics/analytics", "repo_url": "https://github.com/embeddedlayers/mcp-analytics", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "sensitive_context", "score": null, "score_adjusted": false, "slug": "ai-mcpanalytics-analytics", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-mcpanalytics-analytics", "tools": [], "tools_count": 0, "top_findings": [ "Broad or write-capable OAuth/API scope: github_write_scope \u2014 .claude-plugin/marketplace.json:39", "Detected capability: environment_access \u2014 src/index.js:37", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-mcpanalytics-analytics.html", "url": "https://github.com/embeddedlayers/mcp-analytics", "verdict_label": "Needs Oversight", "version": "1.0.5", "visible_controls": [] }, { "aliases": [ "ai-mcpcap-mcpcap", "mcp-ai-mcpcap-mcpcap", "mcp:ai-mcpcap-mcpcap", "https://github.com/mcpcap/mcpcap", "https-github-com-mcpcap-mcpcap", "mcpcap/mcpcap", "mcpcap-mcpcap", "mcpcap" ], "answer": "Source Not Verified", "bottom_line": "Meaningful risk signals. Review before team or production use.", "canonical_id": "github:mcpcap/mcpcap", "canonical_url": "https://github.com/mcpcap/mcpcap", "description": "An MCP server for analyzing PCAP files.", "discovery_status": "observed", "display_name": "ai-mcpcap-mcpcap", "ecosystem": "mcp", "evidence_score": 71, "evidence_status": "awaiting verification", "findings": 4, "generated_at": "2026-06-07T19:20:29.195221+00:00", "install_label": "Source Not Verified", "install_posture": "Needs Oversight", "internal_verdict": "medium_risk", "missing_evidence": [ "tool_names_extracted", "env_or_credential_examples_visible" ], "name": "ai-mcpcap-mcpcap", "normalized_repo_url_from": "url", "posture": "needs_oversight", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.mcpcap/mcpcap", "repo_url": "https://github.com/mcpcap/mcpcap", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-mcpcap-mcpcap", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-mcpcap-mcpcap", "tools": [], "tools_count": 0, "top_findings": [ "Detected capability: filesystem_write_delete \u2014 src/mcpcap/modules/base.py:70", "Install risk pattern: unpinned_dependency \u2014 Dockerfile:28", "Detected capability: network_egress \u2014 src/mcpcap/modules/base.py:119" ], "transport": { "has_packages": true, "has_remotes": false, "package_registry_types": [ "pypi" ], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-mcpcap-mcpcap.html", "url": "https://github.com/mcpcap/mcpcap", "verdict_label": "Install With Restrictions", "version": "0.9.6", "visible_controls": [] }, { "aliases": [ "ai-meetsquad-squad", "squad", "Squad", "mcp:ai-meetsquad-squad", "mcp-ai-meetsquad-squad", "https-github-com-the-basilisk-ai-squad-mcp", "the-basilisk-ai/squad-mcp", "https://github.com/the-basilisk-ai/squad-mcp", "the-basilisk-ai-squad-mcp", "squad-mcp" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:the-basilisk-ai/squad-mcp", "canonical_url": "https://github.com/the-basilisk-ai/squad-mcp", "description": "Your AI Product Manager. Surface insights, build roadmaps, and plan strategy with 30+ tools.", "discovery_status": "observed", "display_name": "Squad", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 43, "generated_at": "2026-06-07T19:20:29.195298+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "tool_names_extracted" ], "name": "ai-meetsquad-squad", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.meetsquad/squad", "repo_url": "https://github.com/the-basilisk-ai/squad-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-meetsquad-squad", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-meetsquad-squad", "tools": [], "tools_count": 0, "top_findings": [ "Broad or write-capable OAuth/API scope: github_write_scope \u2014 flake.lock:11", "Detected capability: filesystem_write_delete \u2014 scripts/openapi-client-esm-fix.ts:17", "Detected capability: environment_access \u2014 src/helpers/mintToken.ts:25" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-meetsquad-squad.html", "url": "https://github.com/the-basilisk-ai/squad-mcp", "verdict_label": "Needs Oversight", "version": "3.0.1", "visible_controls": [] }, { "aliases": [ "ai-mrmarket-mrmarket-mcp", "mrmarket.ai", "mrmarket-ai", "mcp:ai-mrmarket-mrmarket-mcp", "mcp-ai-mrmarket-mrmarket-mcp", "https-github-com-codinghaven-mrmarket-mcp", "https://github.com/codinghaven/mrmarket-mcp", "codinghaven/mrmarket-mcp", "codinghaven-mrmarket-mcp", "mrmarket-mcp" ], "answer": "Source Not Verified", "bottom_line": "Meaningful risk signals. Review before team or production use.", "canonical_id": "github:codinghaven/mrmarket-mcp", "canonical_url": "https://github.com/codinghaven/mrmarket-mcp", "description": "Analytical engine for US-listed equities: screens, rankings, and event studies in plain English.", "discovery_status": "observed", "display_name": "mrmarket.ai", "ecosystem": "mcp", "evidence_score": 29, "evidence_status": "awaiting verification", "findings": 3, "generated_at": "2026-06-07T19:20:29.195343+00:00", "install_label": "Source Not Verified", "install_posture": "Needs Oversight", "internal_verdict": "medium_risk", "missing_evidence": [ "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "install_or_runtime_config_visible", "env_or_credential_examples_visible" ], "name": "ai-mrmarket-mrmarket-mcp", "normalized_repo_url_from": "url", "posture": "needs_oversight", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.mrmarket/mrmarket-mcp", "repo_url": "https://github.com/codinghaven/mrmarket-mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-mrmarket-mrmarket-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-mrmarket-mrmarket-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Detected capability: filesystem_write_delete \u2014 scripts/publish-registry.sh:57", "Detected capability: wallet_payment \u2014 scripts/publish-registry.sh:98" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-mrmarket-mrmarket-mcp.html", "url": "https://github.com/codinghaven/mrmarket-mcp", "verdict_label": "Install With Restrictions", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-nefesh-human-state", "nefesh \u2014 real-time human state awareness for ai", "nefesh-real-time-human-state-awareness-for-ai", "Nefesh \u2014 Real-Time Human State Awareness for AI", "mcp-ai-nefesh-human-state", "mcp:ai-nefesh-human-state", "nefesh-ai/nefesh-mcp-server", "https-github-com-nefesh-ai-nefesh-mcp-server", "https://github.com/nefesh-ai/nefesh-mcp-server", "nefesh-ai-nefesh-mcp-server", "nefesh-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:nefesh-ai/nefesh-mcp-server", "canonical_url": "https://github.com/nefesh-ai/nefesh-mcp-server", "description": "Fuses biometric signals into a stress score (0-100) for AI adaptation. MCP + A2A native.", "discovery_status": "observed", "display_name": "Nefesh \u2014 Real-Time Human State Awareness for AI", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 13, "generated_at": "2026-06-07T19:20:29.195395+00:00", "install_label": "Source Not Verified", "install_posture": "Needs Oversight", "internal_verdict": "medium_risk", "missing_evidence": [], "name": "ai-nefesh-human-state", "normalized_repo_url_from": "url", "posture": "needs_oversight", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.nefesh/human-state", "repo_url": "https://github.com/nefesh-ai/nefesh-mcp-server", "risk_band": "elevated", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-nefesh-human-state", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-nefesh-human-state", "tools": [ "check_api_key_status", "get_human_state", "get_session_history", "get_trigger_memory", "ingest", "request_api_key" ], "tools_count": 6, "top_findings": [ "Install risk pattern: unpinned_dependency \u2014 Dockerfile:5", "Detected capability: network_egress \u2014 proxy.py:61", "References credential or secret pattern: API_KEY_GENERIC \u2014 proxy.py:194" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-nefesh-human-state.html", "url": "https://github.com/nefesh-ai/nefesh-mcp-server", "verdict_label": "Install With Restrictions", "version": "4.0.0", "visible_controls": [] }, { "aliases": [ "ai-newzai-api-newzai", "NewzAI MCP Server", "newzai mcp server", "newzai-mcp-server", "mcp:ai-newzai-api-newzai", "mcp-ai-newzai-api-newzai", "https://github.com/Gauraviitkgp/news-mcp", "https://github.com/gauraviitkgp/news-mcp", "https-github-com-gauraviitkgp-news-mcp", "Gauraviitkgp/news-mcp", "gauraviitkgp-news-mcp", "gauraviitkgp/news-mcp", "news-mcp" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:gauraviitkgp/news-mcp", "canonical_url": "https://github.com/gauraviitkgp/news-mcp", "description": "News MCP: real-time headlines & custom news search across 7 regions. Free, just sign in with Google.", "discovery_status": "observed", "display_name": "NewzAI MCP Server", "ecosystem": "mcp", "evidence_score": 14, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.195432+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "install_or_runtime_config_visible", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-newzai-api-newzai", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.newzai.api/news-mcp", "repo_url": "https://github.com/Gauraviitkgp/news-mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-newzai-api-newzai", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-newzai-api-newzai", "tools": [], "tools_count": 0, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-newzai-api-newzai.html", "url": "https://github.com/Gauraviitkgp/news-mcp", "verdict_label": "Sandbox/Test OK", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-nexustoken-nexustoken-sdk", "NexusToken", "nexustoken", "mcp-ai-nexustoken-nexustoken-sdk", "mcp:ai-nexustoken-nexustoken-sdk", "https://github.com/bobuilds/nexustoken-sdk", "bobuilds/nexustoken-sdk", "https-github-com-bobuilds-nexustoken-sdk", "bobuilds-nexustoken-sdk", "nexustoken-sdk" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:bobuilds/nexustoken-sdk", "canonical_url": "https://github.com/bobuilds/nexustoken-sdk", "description": "Create/check agent tasks, discover capabilities, and run V2 Jobs on NexusToken.", "discovery_status": "observed", "display_name": "NexusToken", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 92, "generated_at": "2026-06-07T19:20:29.195541+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-nexustoken-nexustoken-sdk", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.nexustoken/nexustoken-sdk", "repo_url": "https://github.com/bobuilds/nexustoken-sdk", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-nexustoken-nexustoken-sdk", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-nexustoken-nexustoken-sdk", "tools": [ "list_tools" ], "tools_count": 1, "top_findings": [ "Detected capability: environment_access \u2014 nexus_sdk/cli.py:61", "Detected capability: filesystem_write_delete \u2014 nexus_sdk/credentials.py:43", "Detected capability: network_egress \u2014 nexus_sdk/_compat.py:22" ], "transport": { "has_packages": true, "has_remotes": false, "package_registry_types": [ "pypi" ], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-nexustoken-nexustoken-sdk.html", "url": "https://github.com/bobuilds/nexustoken-sdk", "verdict_label": "Needs Oversight", "version": "0.6.5", "visible_controls": [] }, { "aliases": [ "ai-ninar-ninar", "ninar-ai", "ninar ai", "Ninar AI", "mcp:ai-ninar-ninar", "mcp-ai-ninar-ninar", "https-github-com-ninar-ctrl-ninar-ai", "https://github.com/ninar-ctrl/ninar.ai", "https://github.com/Ninar-ctrl/Ninar.AI", "Ninar-ctrl/Ninar.AI", "ninar-ctrl/ninar.ai", "ninar-ctrl-ninar-ai", "ninar.ai" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:ninar-ctrl/ninar.ai", "canonical_url": "https://github.com/ninar-ctrl/ninar.ai", "description": "Audit your brand's visibility across ChatGPT, Gemini, Claude, Perplexity + 6 more engines.", "discovery_status": "observed", "display_name": "Ninar AI", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.195554+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-ninar-ninar", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.ninar/ninar", "repo_url": "https://github.com/Ninar-ctrl/Ninar.AI", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-ninar-ninar", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-ninar-ninar", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-ninar-ninar.html", "url": "https://github.com/Ninar-ctrl/Ninar.AI", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-nocturnus-logic-server", "mcp-ai-nocturnus-logic-server", "mcp:ai-nocturnus-logic-server", "Auctalis/nocturnusai", "https://github.com/Auctalis/nocturnusai", "https-github-com-auctalis-nocturnusai", "https://github.com/auctalis/nocturnusai", "auctalis-nocturnusai", "auctalis/nocturnusai", "nocturnusai" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:auctalis/nocturnusai", "canonical_url": "https://github.com/auctalis/nocturnusai", "description": "Agent reasoning, memory, and token-optimized context for AI applications.", "discovery_status": "observed", "display_name": "ai-nocturnus-logic-server", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 300, "generated_at": "2026-06-07T19:20:29.195857+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [], "name": "ai-nocturnus-logic-server", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.nocturnus/logic-server", "repo_url": "https://github.com/Auctalis/nocturnusai", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-nocturnus-logic-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-nocturnus-logic-server", "tools": [ "get_context_via_mcp", "list_available_tools", "list_tools", "show_server_capabilities" ], "tools_count": 4, "top_findings": [ "Detected capability: docker_privilege \u2014 .env.example:70", "Install risk pattern: curl_pipe_shell \u2014 install.sh:8", "References credential or secret pattern: ANTHROPIC_API_KEY \u2014 .env.example:57" ], "transport": { "has_packages": true, "has_remotes": false, "package_registry_types": [ "npm" ], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-nocturnus-logic-server.html", "url": "https://github.com/Auctalis/nocturnusai", "verdict_label": "Review Before Install", "version": "0.3.11", "visible_controls": [] }, { "aliases": [ "ai-nudg3-brand-intelligence", "mcp-ai-nudg3-brand-intelligence", "mcp:ai-nudg3-brand-intelligence", "https-github-com-nudg3-ai-nudg3-mcp", "https://github.com/nudg3-ai/nudg3-mcp", "https://github.com/NUDG3-AI/nudg3-mcp", "NUDG3-AI/nudg3-mcp", "nudg3-ai-nudg3-mcp", "nudg3-ai/nudg3-mcp", "nudg3-mcp" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:nudg3-ai/nudg3-mcp", "canonical_url": "https://github.com/nudg3-ai/nudg3-mcp", "description": "Query your Nudg3 brand visibility across ChatGPT, Claude, Gemini, AI Overviews, and Perplexity.", "discovery_status": "observed", "display_name": "ai-nudg3-brand-intelligence", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.195881+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-nudg3-brand-intelligence", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.nudg3/brand-intelligence", "repo_url": "https://github.com/NUDG3-AI/nudg3-mcp", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-nudg3-brand-intelligence", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-nudg3-brand-intelligence", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": true, "has_remotes": true, "package_registry_types": [ "pypi" ], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-nudg3-brand-intelligence.html", "url": "https://github.com/NUDG3-AI/nudg3-mcp", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.1.0", "visible_controls": [] }, { "aliases": [ "ai-nullary-nullary", "mcp:ai-nullary-nullary", "mcp-ai-nullary-nullary", "https://github.com/nullary-ai/nullary", "nullary-ai/nullary", "https-github-com-nullary-ai-nullary", "nullary-ai-nullary", "nullary" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:nullary-ai/nullary", "canonical_url": "https://github.com/nullary-ai/nullary", "description": "Negative results intelligence for drug discovery \u2014 query measured failures via MCP.", "discovery_status": "observed", "display_name": "ai-nullary-nullary", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.195886+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-nullary-nullary", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.nullary/nullary", "repo_url": "https://github.com/nullary-ai/nullary", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-nullary-nullary", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-nullary-nullary", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-nullary-nullary.html", "url": "https://github.com/nullary-ai/nullary", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.1", "visible_controls": [] }, { "aliases": [ "ai-obris-mcp", "Obris", "obris", "mcp:ai-obris-mcp", "mcp-ai-obris-mcp", "https-github-com-obris-dev-obris-mcp", "obris-dev/obris-mcp", "https://github.com/obris-dev/obris-mcp", "obris-dev-obris-mcp", "obris-mcp" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:obris-dev/obris-mcp", "canonical_url": "https://github.com/obris-dev/obris-mcp", "description": "Stop re-explaining yourself to AI. Save knowledge once, use it in every conversation.", "discovery_status": "observed", "display_name": "Obris", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.195890+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-obris-mcp", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.obris/mcp", "repo_url": "https://github.com/obris-dev/obris-mcp", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-obris-mcp", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-obris-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": true, "has_remotes": true, "package_registry_types": [ "pypi" ], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-obris-mcp.html", "url": "https://github.com/obris-dev/obris-mcp", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "0.4.0", "visible_controls": [] }, { "aliases": [ "ai-openarx-openarx", "mcp:ai-openarx-openarx", "mcp-ai-openarx-openarx", "https-github-com-openarx-ai-openarx-core", "https://github.com/OpenArx-AI/openarx-core", "https://github.com/openarx-ai/openarx-core", "OpenArx-AI/openarx-core", "openarx-ai/openarx-core", "openarx-ai-openarx-core", "openarx-core" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:openarx-ai/openarx-core", "canonical_url": "https://github.com/openarx-ai/openarx-core", "description": "Open scientific knowledge MCP for AI agents. Three profiles: search, publish, govern.", "discovery_status": "observed", "display_name": "ai-openarx-openarx", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 300, "generated_at": "2026-06-07T19:20:29.196211+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [], "name": "ai-openarx-openarx", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.openarx/openarx", "repo_url": "https://github.com/OpenArx-AI/openarx-core", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-openarx-openarx", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-openarx-openarx", "tools": [ "advance_to_voting", "cast_vote", "challenge_status", "compare_papers", "create_initiative", "create_new_version", "explore_topic", "find_benchmark_results", "find_by_id", "find_code", "find_evidence", "find_methodology", "find_related", "get_agent_profile", "get_chunks", "get_document", "get_document_status", "get_initiative", "get_leaderboard", "get_my_document_review", "get_my_documents", "get_my_profile", "get_news_item", "get_system_stats", "gov_search", "list_categories", "list_initiatives", "list_news", "mute_agent", "openarx", "paginate", "post_message", "publish_initiative", "react", "request_challenge", "search", "search_keyword", "search_semantic", "solve_challenge", "submit_document", "withdraw_initiative" ], "tools_count": 41, "top_findings": [ "Detected capability: shell_execution \u2014 packages/embed-service/src/cache.ts:90", "Broad or write-capable OAuth/API scope: google_broad_scope \u2014 packages/embed-service/src/auth/service-account.ts:43", "Detected capability: environment_access \u2014 packages/embed-service/src/config.ts:49" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-openarx-openarx.html", "url": "https://github.com/OpenArx-AI/openarx-core", "verdict_label": "Review Before Install", "version": "0.1.0-alpha", "visible_controls": [] }, { "aliases": [ "ai-orggen-orggen", "orggen-ai", "OrgGen AI", "orggen ai", "mcp:ai-orggen-orggen", "mcp-ai-orggen-orggen", "ms-spown/orgschema-ai", "https://github.com/ms-spown/orgschema-ai", "https-github-com-ms-spown-orgschema-ai", "ms-spown-orgschema-ai", "orgschema-ai" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:ms-spown/orgschema-ai", "canonical_url": "https://github.com/ms-spown/orgschema-ai", "description": "Generate org charts, MCD/ERD data models, and C4 architecture diagrams \u2014 pilot OrgGen AI via MCP.", "discovery_status": "observed", "display_name": "OrgGen AI", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.196234+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-orggen-orggen", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.orggen/orggen", "repo_url": "https://github.com/ms-spown/orgschema-ai", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-orggen-orggen", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-orggen-orggen", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-orggen-orggen.html", "url": "https://github.com/ms-spown/orgschema-ai", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-packmind-mcp-server", "mcp-ai-packmind-mcp-server", "mcp:ai-packmind-mcp-server", "https://github.com/packmindhub/packmind/tree/main/apps/mcp-server", "PackmindHub/packmind/tree/main/apps/mcp-server", "https://github.com/PackmindHub/packmind/tree/main/apps/mcp-server", "https-github-com-packmindhub-packmind-tree-main-apps-mcp-server", "packmindhub/packmind", "packmindhub-packmind", "packmind", "https://github.com/packmindhub/packmind", "https-github-com-packmindhub-packmind" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:packmindhub/packmind", "canonical_url": "https://github.com/packmindhub/packmind", "description": "Packmind captures, scales, and enforces your organization's technical decisions.", "discovery_status": "observed", "display_name": "ai-packmind-mcp-server", "ecosystem": "mcp", "evidence_score": 43, "evidence_status": "awaiting verification", "findings": 23, "generated_at": "2026-06-07T19:20:29.196313+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "install_or_runtime_config_visible" ], "name": "ai-packmind-mcp-server", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.packmind/mcp-server", "repo_url": "https://github.com/PackmindHub/packmind", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-packmind-mcp-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-packmind-mcp-server", "tools": [], "tools_count": 0, "top_findings": [ "References credential or secret pattern: JWT_SECRET \u2014 src/PackmindApp.ts:32", "Detected capability: environment_access \u2014 src/PackmindApp.ts:38", "References credential or secret pattern: DATABASE_URL \u2014 src/db.ts:18" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-packmind-mcp-server.html", "url": "https://github.com/PackmindHub/packmind/tree/main/apps/mcp-server", "verdict_label": "Needs Oversight", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-painspotter-painspotter", "mcp:ai-painspotter-painspotter", "mcp-ai-painspotter-painspotter", "https://github.com/archoor/reddit-insight", "https-github-com-archoor-reddit-insight", "archoor/reddit-insight", "archoor-reddit-insight", "reddit-insight" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:archoor/reddit-insight", "canonical_url": "https://github.com/archoor/reddit-insight", "description": "AI-analyzed startup opportunities from Reddit, Hacker News & Product Hunt, with commercial scores.", "discovery_status": "observed", "display_name": "ai-painspotter-painspotter", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.196324+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-painspotter-painspotter", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.painspotter/painspotter", "repo_url": "https://github.com/archoor/reddit-insight", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-painspotter-painspotter", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-painspotter-painspotter", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-painspotter-painspotter.html", "url": "https://github.com/archoor/reddit-insight", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-paperlantern-code", "paper lantern", "paper-lantern", "Paper Lantern", "mcp-ai-paperlantern-code", "mcp:ai-paperlantern-code", "https://github.com/paperlantern-ai/paperlantern-cli", "https-github-com-paperlantern-ai-paperlantern-cli", "paperlantern-ai/paperlantern-cli", "paperlantern-ai-paperlantern-cli", "paperlantern-cli" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:paperlantern-ai/paperlantern-cli", "canonical_url": "https://github.com/paperlantern-ai/paperlantern-cli", "description": "Research intelligence for AI coding agents. 2M+ CS papers with evidence and tradeoffs.", "discovery_status": "observed", "display_name": "Paper Lantern", "ecosystem": "mcp", "evidence_score": 71, "evidence_status": "awaiting verification", "findings": 63, "generated_at": "2026-06-07T19:20:29.196412+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [ "tool_definitions_visible", "tool_names_extracted" ], "name": "ai-paperlantern-code", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.paperlantern/code", "repo_url": "https://github.com/paperlantern-ai/paperlantern-cli", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-paperlantern-code", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-paperlantern-code", "tools": [], "tools_count": 0, "top_findings": [ "Detected capability: shell_execution \u2014 src/auth.ts:4", "Detected capability: filesystem_write_delete \u2014 src/auth.ts:42", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-paperlantern-code.html", "url": "https://github.com/paperlantern-ai/paperlantern-cli", "verdict_label": "Review Before Install", "version": "0.3.1", "visible_controls": [] }, { "aliases": [ "ai-parallel-search-mcp", "Parallel Search MCP", "parallel-search-mcp", "parallel search mcp", "mcp-ai-parallel-search-mcp", "mcp:ai-parallel-search-mcp", "https://github.com/parallel-web/search-mcp", "https-github-com-parallel-web-search-mcp", "parallel-web/search-mcp", "parallel-web-search-mcp", "search-mcp" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:parallel-web/search-mcp", "canonical_url": "https://github.com/parallel-web/search-mcp", "description": "The best web search for your AI Agent", "discovery_status": "observed", "display_name": "Parallel Search MCP", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.196423+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-parallel-search-mcp", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.parallel/search-mcp", "repo_url": "https://github.com/parallel-web/search-mcp", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-parallel-search-mcp", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-parallel-search-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-parallel-search-mcp.html", "url": "https://github.com/parallel-web/search-mcp", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-parallel-task-mcp", "parallel-task-mcp", "parallel task mcp", "Parallel Task MCP", "mcp-ai-parallel-task-mcp", "mcp:ai-parallel-task-mcp", "parallel-web/task-mcp", "https-github-com-parallel-web-task-mcp", "https://github.com/parallel-web/task-mcp", "parallel-web-task-mcp", "task-mcp" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:parallel-web/task-mcp", "canonical_url": "https://github.com/parallel-web/task-mcp", "description": "An MCP server for deep research or task groups", "discovery_status": "observed", "display_name": "Parallel Task MCP", "ecosystem": "mcp", "evidence_score": 29, "evidence_status": "awaiting verification", "findings": 1, "generated_at": "2026-06-07T19:20:29.196462+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "source_code_visible", "tool_definitions_visible", "tool_names_extracted", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-parallel-task-mcp", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.parallel/task-mcp", "repo_url": "https://github.com/parallel-web/task-mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-parallel-task-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-parallel-task-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Install risk pattern: unpinned_dependency \u2014 package.json:2" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-parallel-task-mcp.html", "url": "https://github.com/parallel-web/task-mcp", "verdict_label": "Sandbox/Test OK", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-plith-plith", "mcp:ai-plith-plith", "mcp-ai-plith-plith", "https-github-com-chicogonzales-plith", "chicogonzales/plith", "https://github.com/chicogonzales/plith", "chicogonzales-plith", "plith" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:chicogonzales/plith", "canonical_url": "https://github.com/chicogonzales/plith", "description": "AI agent infrastructure: dedup, cost prediction, validation, governance, failure intelligence.", "discovery_status": "observed", "display_name": "ai-plith-plith", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.196470+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-plith-plith", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.plith/plith", "repo_url": "https://github.com/chicogonzales/plith", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-plith-plith", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-plith-plith", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-plith-plith.html", "url": "https://github.com/chicogonzales/plith", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-ponlo-server", "mcp-ai-ponlo-server", "mcp:ai-ponlo-server", "https://github.com/claudiogodoyb/ponlo-ai/tree/main/mcp-server", "https://github.com/ClaudioGodoyB/ponlo-ai/tree/main/mcp-server", "ClaudioGodoyB/ponlo-ai/tree/main/mcp-server", "https-github-com-claudiogodoyb-ponlo-ai-tree-main-mcp-server", "claudiogodoyb-ponlo-ai", "claudiogodoyb/ponlo-ai", "ponlo-ai", "https-github-com-claudiogodoyb-ponlo-ai", "https://github.com/claudiogodoyb/ponlo-ai" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:claudiogodoyb/ponlo-ai", "canonical_url": "https://github.com/claudiogodoyb/ponlo-ai", "description": "Family calendar, tasks, meals, lists & rewards hub for AI assistants.", "discovery_status": "observed", "display_name": "ai-ponlo-server", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.196474+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-ponlo-server", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.ponlo/server", "repo_url": "https://github.com/ClaudioGodoyB/ponlo-ai", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-ponlo-server", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-ponlo-server", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": true, "has_remotes": false, "package_registry_types": [ "npm" ], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-ponlo-server.html", "url": "https://github.com/ClaudioGodoyB/ponlo-ai/tree/main/mcp-server", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.13.2", "visible_controls": [] }, { "aliases": [ "ai-preclick-preclick-mcp", "PreClick \u2014 An MCP-native URL preflight scanning service for autonomous agents (formerly URLCheck).", "preclick-an-mcp-native-url-preflight-scanning-service-for-autonomous-agents-formerly-urlcheck", "preclick \u2014 an mcp-native url preflight scanning service for autonomous agents (formerly urlcheck).", "mcp:ai-preclick-preclick-mcp", "mcp-ai-preclick-preclick-mcp", "https://github.com/cybrlab-ai/preclick-mcp", "https-github-com-cybrlab-ai-preclick-mcp", "cybrlab-ai/preclick-mcp", "cybrlab-ai-preclick-mcp", "preclick-mcp" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:cybrlab-ai/preclick-mcp", "canonical_url": "https://github.com/cybrlab-ai/preclick-mcp", "description": "PreClick scans links for threats and confirms intent match with high accuracy before agents click.", "discovery_status": "observed", "display_name": "PreClick \u2014 An MCP-native URL preflight scanning service for autonomous agents (formerly URLCheck).", "ecosystem": "mcp", "evidence_score": 43, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.196509+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "package_or_dependency_file_visible", "install_or_runtime_config_visible", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-preclick-preclick-mcp", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.urlcheck/urlcheck-mcp", "repo_url": "https://github.com/cybrlab-ai/preclick-mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-preclick-preclick-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-preclick-preclick-mcp", "tools": [ "CybrLab.ai", "X-API-Key", "url_scanner_async_scan", "url_scanner_async_scan_with_intent", "url_scanner_async_task_result", "url_scanner_async_task_status", "url_scanner_scan", "url_scanner_scan_with_intent" ], "tools_count": 8, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-preclick-preclick-mcp.html", "url": "https://github.com/cybrlab-ai/preclick-mcp", "verdict_label": "Sandbox/Test OK", "version": "0.1.5", "visible_controls": [] }, { "aliases": [ "ai-presentations-presentations-ai", "mcp:ai-presentations-presentations-ai", "mcp-ai-presentations-presentations-ai", "https-github-com-slidecraft-in-presentations-ai-mcp-server", "slidecraft-in/presentations-ai-mcp-server", "https://github.com/slidecraft-in/presentations-ai-mcp-server", "slidecraft-in-presentations-ai-mcp-server", "presentations-ai-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:slidecraft-in/presentations-ai-mcp-server", "canonical_url": "https://github.com/slidecraft-in/presentations-ai-mcp-server", "description": "Presentations.AI MCP server \u2014 create designed slide decks from a topic, text, or document.", "discovery_status": "observed", "display_name": "ai-presentations-presentations-ai", "ecosystem": "mcp", "evidence_score": 14, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.196544+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "install_or_runtime_config_visible", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-presentations-presentations-ai", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.presentations/presentations-ai", "repo_url": "https://github.com/slidecraft-in/presentations-ai-mcp-server", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-presentations-presentations-ai", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-presentations-presentations-ai", "tools": [], "tools_count": 0, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-presentations-presentations-ai.html", "url": "https://github.com/slidecraft-in/presentations-ai-mcp-server", "verdict_label": "Sandbox/Test OK", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-proofslip-mcp-server", "ProofSlip", "proofslip", "mcp:ai-proofslip-mcp-server", "mcp-ai-proofslip-mcp-server", "https://github.com/johnny-z13/proofslip/tree/main/packages/mcp-server", "Johnny-Z13/proofslip/tree/main/packages/mcp-server", "https://github.com/Johnny-Z13/proofslip/tree/main/packages/mcp-server", "https-github-com-johnny-z13-proofslip-tree-main-packages-mcp-server", "johnny-z13/proofslip", "johnny-z13-proofslip", "https-github-com-johnny-z13-proofslip", "https://github.com/johnny-z13/proofslip" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:johnny-z13/proofslip", "canonical_url": "https://github.com/johnny-z13/proofslip", "description": "Receipt-based verification for AI agent workflows \u2014 create, verify, and poll ephemeral proof objects", "discovery_status": "observed", "display_name": "ProofSlip", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 51, "generated_at": "2026-06-07T19:20:29.196622+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-proofslip-mcp-server", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.proofslip/mcp-server", "repo_url": "https://github.com/Johnny-Z13/proofslip", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "sensitive_context", "score": null, "score_adjusted": false, "slug": "ai-proofslip-mcp-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-proofslip-mcp-server", "tools": [ "check_receipt_status", "create_receipt", "signup", "verify_receipt" ], "tools_count": 4, "top_findings": [ "Detected capability: environment_access \u2014 src/config.ts:11", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11", "References credential or secret pattern: API_KEY_GENERIC \u2014 server.json:24" ], "transport": { "has_packages": true, "has_remotes": false, "package_registry_types": [ "npm" ], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-proofslip-mcp-server.html", "url": "https://github.com/Johnny-Z13/proofslip/tree/main/packages/mcp-server", "verdict_label": "Needs Oversight", "version": "0.2.3", "visible_controls": [] }, { "aliases": [ "ai-pyrimid-pyrimid", "pyrimid-protocol", "Pyrimid Protocol", "pyrimid protocol", "mcp:ai-pyrimid-pyrimid", "mcp-ai-pyrimid-pyrimid", "pyrimid-ai/pyrimid", "https://github.com/pyrimid-ai/pyrimid", "https-github-com-pyrimid-ai-pyrimid", "pyrimid-ai-pyrimid", "pyrimid" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:pyrimid-ai/pyrimid", "canonical_url": "https://github.com/pyrimid-ai/pyrimid", "description": "Agent-commerce MCP server for x402/USDC payments and affiliate splits on Base.", "discovery_status": "observed", "display_name": "Pyrimid Protocol", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 300, "generated_at": "2026-06-07T19:20:29.196902+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [], "name": "ai-pyrimid-pyrimid", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.pyrimid/pyrimid", "repo_url": "https://github.com/pyrimid-ai/pyrimid", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-pyrimid-pyrimid", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-pyrimid-pyrimid", "tools": [ "pyrimid", "pyrimid_browse", "pyrimid_buy", "pyrimid_categories", "pyrimid_commission_check", "pyrimid_preview", "pyrimid_register_affiliate", "pyrimid_vendor_stats" ], "tools_count": 8, "top_findings": [ "Detected capability: docker_privilege \u2014 subgraph/package-lock.json:490", "Detected capability: wallet_payment \u2014 pyrimid-sdk-mcp-server.ts:6", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:10" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-pyrimid-pyrimid.html", "url": "https://github.com/pyrimid-ai/pyrimid", "verdict_label": "Review Before Install", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-radiusos-www-crm", "radiusos-crm", "RadiusOS CRM", "radiusos crm", "mcp-ai-radiusos-www-crm", "mcp:ai-radiusos-www-crm", "https://github.com/chadrnewell-hash/outreachos", "chadrnewell-hash/outreachos", "https-github-com-chadrnewell-hash-outreachos", "chadrnewell-hash-outreachos", "outreachos" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:chadrnewell-hash/outreachos", "canonical_url": "https://github.com/chadrnewell-hash/outreachos", "description": "34-tool CRM server \u2014 contacts, pipeline, quotes, invoices, scheduling, email, and AI scoring.", "discovery_status": "observed", "display_name": "RadiusOS CRM", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.196930+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-radiusos-www-crm", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.radiusos.www/crm", "repo_url": "https://github.com/chadrnewell-hash/outreachos", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-radiusos-www-crm", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-radiusos-www-crm", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-radiusos-www-crm.html", "url": "https://github.com/chadrnewell-hash/outreachos", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-raisonn-connect", "mcp-ai-raisonn-connect", "mcp:ai-raisonn-connect", "https-github-com-raisonnai-raisonnai", "raisonnai/raisonnai", "https://github.com/raisonnai/raisonnai", "raisonnai-raisonnai", "raisonnai" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:raisonnai/raisonnai", "canonical_url": "https://github.com/raisonnai/raisonnai", "description": "AI-native art catalogue. Catalogue works, parse provenance, and generate signed RAIs.", "discovery_status": "observed", "display_name": "ai-raisonn-connect", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.196934+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-raisonn-connect", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.raisonn/connect", "repo_url": "https://github.com/raisonnai/raisonnai", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-raisonn-connect", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-raisonn-connect", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-raisonn-connect.html", "url": "https://github.com/raisonnai/raisonnai", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-rapay-mcp-server", "ra-pay", "ra pay", "Ra Pay", "mcp:ai-rapay-mcp-server", "mcp-ai-rapay-mcp-server", "https://github.com/ra-pay-ai/rapay", "https://github.com/Ra-Pay-AI/rapay", "Ra-Pay-AI/rapay", "https-github-com-ra-pay-ai-rapay", "ra-pay-ai-rapay", "ra-pay-ai/rapay", "rapay" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:ra-pay-ai/rapay", "canonical_url": "https://github.com/ra-pay-ai/rapay", "description": "Send fiat payments via MCP with two-step confirmation and Stripe Connect.", "discovery_status": "observed", "display_name": "Ra Pay", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.196939+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-rapay-mcp-server", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.rapay/mcp-server", "repo_url": "https://github.com/Ra-Pay-AI/rapay", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-rapay-mcp-server", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-rapay-mcp-server", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": true, "has_remotes": false, "package_registry_types": [ "npm" ], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-rapay-mcp-server.html", "url": "https://github.com/Ra-Pay-AI/rapay", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.2.5", "visible_controls": [] }, { "aliases": [ "ai-ravenmcp-raven-mcp", "Raven", "raven", "mcp-ai-ravenmcp-raven-mcp", "mcp:ai-ravenmcp-raven-mcp", "https-github-com-rhinocap-raven-mcp", "rhinocap/raven-mcp", "https://github.com/rhinocap/raven-mcp", "rhinocap-raven-mcp", "raven-mcp" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:rhinocap/raven-mcp", "canonical_url": "https://github.com/rhinocap/raven-mcp", "description": "Design intelligence for AI-generated UI \u2014 principles, patterns, content, brand, design tokens.", "discovery_status": "observed", "display_name": "Raven", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 202, "generated_at": "2026-06-07T19:20:29.197174+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [], "name": "ai-ravenmcp-raven-mcp", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.ravenmcp/raven-mcp", "repo_url": "https://github.com/rhinocap/raven-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-ravenmcp-raven-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-ravenmcp-raven-mcp", "tools": [ "audit_ios_privacy", "audit_ios_screen", "audit_layout", "audit_page", "audit_rn", "audit_screen", "audit_swiftui", "compose_system", "evaluate_design", "generate_design_system", "generate_service_blueprint", "get_brand_principles", "get_brand_system", "get_brand_trends", "get_business_strategy", "get_checklist", "get_content_pattern", "get_content_principles", "get_content_system", "get_d4d_framework", "get_design_system", "get_metrics_framework", "get_pattern", "get_principles", "get_research_method", "get_service_pattern", "get_service_standard", "list_content_systems", "list_design_systems", "raven-mcp", "raven_reflect", "raven_register", "search_knowledge" ], "tools_count": 33, "top_findings": [ "Detected capability: shell_execution \u2014 scripts/build-changelog.mjs:8", "Detected capability: environment_access \u2014 api/welcome.js:6", "Detected capability: filesystem_write_delete \u2014 scripts/build-changelog.mjs:9" ], "transport": { "has_packages": true, "has_remotes": false, "package_registry_types": [ "npm" ], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-ravenmcp-raven-mcp.html", "url": "https://github.com/rhinocap/raven-mcp", "verdict_label": "Review Before Install", "version": "1.3.3", "visible_controls": [] }, { "aliases": [ "ai-readypermit-geo", "Buildability\u2122 \u2014 Property Zoning & Buildability\u2122 Intelligence", "buildability-property-zoning-buildability-intelligence", "buildability\u2122 \u2014 property zoning & buildability\u2122 intelligence", "mcp-ai-readypermit-geo", "mcp:ai-readypermit-geo", "Galax-ai/ReadyPermit.AI-v2", "https://github.com/galax-ai/readypermit.ai-v2", "https-github-com-galax-ai-readypermit-ai-v2", "https://github.com/Galax-ai/ReadyPermit.AI-v2", "galax-ai-readypermit-ai-v2", "galax-ai/readypermit.ai-v2", "readypermit-ai-v2", "readypermit.ai-v2" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:galax-ai/readypermit.ai-v2", "canonical_url": "https://github.com/galax-ai/readypermit.ai-v2", "description": "Zoning, ADU eligibility, flood zone, setbacks, and buildability intelligence for U.S. parcels.", "discovery_status": "observed", "display_name": "Buildability\u2122 \u2014 Property Zoning & Buildability\u2122 Intelligence", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.197192+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-readypermit-geo", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.readypermit/geo", "repo_url": "https://github.com/Galax-ai/ReadyPermit.AI-v2", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-readypermit-geo", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-readypermit-geo", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-readypermit-geo.html", "url": "https://github.com/Galax-ai/ReadyPermit.AI-v2", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.2.3", "visible_controls": [] }, { "aliases": [ "ai-redditgrow-mcp", "RedditGrow", "redditgrow", "mcp-ai-redditgrow-mcp", "mcp:ai-redditgrow-mcp", "https-github-com-vico86-redditreach", "https://github.com/vico86/redditreach", "Vico86/redditreach", "https://github.com/Vico86/redditreach", "vico86/redditreach", "vico86-redditreach", "redditreach" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:vico86/redditreach", "canonical_url": "https://github.com/vico86/redditreach", "description": "Reddit growth toolkit \u2014 opportunities, replies, cold DMs, brand mentions, SEO, autopilot.", "discovery_status": "observed", "display_name": "RedditGrow", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.197197+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-redditgrow-mcp", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.redditgrow/mcp", "repo_url": "https://github.com/Vico86/redditreach", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-redditgrow-mcp", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-redditgrow-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-redditgrow-mcp.html", "url": "https://github.com/Vico86/redditreach", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "3.10.0", "visible_controls": [] }, { "aliases": [ "ai-responsibleailabs-rail-score", "mcp:ai-responsibleailabs-rail-score", "mcp-ai-responsibleailabs-rail-score", "https://github.com/responsible-ai-labs/rail-score-mcp", "https://github.com/Responsible-AI-Labs/rail-score-mcp", "Responsible-AI-Labs/rail-score-mcp", "https-github-com-responsible-ai-labs-rail-score-mcp", "responsible-ai-labs/rail-score-mcp", "responsible-ai-labs-rail-score-mcp", "rail-score-mcp" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:responsible-ai-labs/rail-score-mcp", "canonical_url": "https://github.com/responsible-ai-labs/rail-score-mcp", "description": "Responsible-AI guardrails for agents: scoring, prompt-injection & PII detection, DPDP compliance.", "discovery_status": "observed", "display_name": "ai-responsibleailabs-rail-score", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 18, "generated_at": "2026-06-07T19:20:29.197267+00:00", "install_label": "Source Not Verified", "install_posture": "Needs Oversight", "internal_verdict": "medium_risk", "missing_evidence": [], "name": "ai-responsibleailabs-rail-score", "normalized_repo_url_from": "url", "posture": "needs_oversight", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.responsibleailabs/rail-score", "repo_url": "https://github.com/Responsible-AI-Labs/rail-score-mcp", "risk_band": "elevated", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-responsibleailabs-rail-score", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-responsibleailabs-rail-score", "tools": [ "rail-score" ], "tools_count": 1, "top_findings": [ "Install risk pattern: unpinned_dependency \u2014 Dockerfile:9", "References credential or secret pattern: API_KEY_GENERIC \u2014 auth.py:58", "Detected capability: network_egress \u2014 rail_client.py:26" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-responsibleailabs-rail-score.html", "url": "https://github.com/Responsible-AI-Labs/rail-score-mcp", "verdict_label": "Install With Restrictions", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-rolli-mcp", "mcp-ai-rolli-mcp", "mcp:ai-rolli-mcp", "rolliinc/rolli-mcp", "https://github.com/rolliinc/rolli-mcp", "https-github-com-rolliinc-rolli-mcp", "rolliinc-rolli-mcp", "rolli-mcp" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:rolliinc/rolli-mcp", "canonical_url": "https://github.com/rolliinc/rolli-mcp", "description": "Social media search, expert discovery, and analytics across X, Reddit, YouTube, and more", "discovery_status": "observed", "display_name": "ai-rolli-mcp", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 108, "generated_at": "2026-06-07T19:20:29.197402+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-rolli-mcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.rolli/mcp", "repo_url": "https://github.com/rolliinc/rolli-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-rolli-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-rolli-mcp", "tools": [ "cancel_agent_run", "create_agent_schedule", "delete_agent_run", "delete_agent_schedule", "expert_search", "get_agent_run", "get_agent_schedule", "get_expert_search", "get_integration_setup", "get_keyword_search", "get_keyword_search_posts", "get_topic_tree", "get_usage", "get_user_search", "get_user_search_posts", "keyword_search", "list_agent_runs", "list_agent_schedule_runs", "list_agent_schedules", "list_expert_searches", "list_keyword_searches", "list_user_searches", "pause_agent_schedule", "rerun_agent_run", "resume_agent_schedule", "start_agent_run", "update_agent_run", "update_agent_schedule", "update_integration_setup", "user_search" ], "tools_count": 30, "top_findings": [ "Detected capability: environment_access \u2014 src/api.ts:4", "References credential or secret pattern: SLACK_TOKEN \u2014 src/tools/agent-schedules.ts:54", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11" ], "transport": { "has_packages": true, "has_remotes": false, "package_registry_types": [ "npm" ], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-rolli-mcp.html", "url": "https://github.com/rolliinc/rolli-mcp", "verdict_label": "Needs Oversight", "version": "1.2.1", "visible_controls": [] }, { "aliases": [ "ai-roopslaw-legalsearch", "legalsearch", "LegalSearch", "mcp:ai-roopslaw-legalsearch", "mcp-ai-roopslaw-legalsearch", "https-github-com-roop-world-legalsearch", "https://github.com/Roop-World/LegalSearch", "https://github.com/roop-world/legalsearch", "Roop-World/LegalSearch", "roop-world/legalsearch", "roop-world-legalsearch" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:roop-world/legalsearch", "canonical_url": "https://github.com/roop-world/legalsearch", "description": "Public Indian legal search MCP for Roop judgments, statutes, and corpus grounding.", "discovery_status": "observed", "display_name": "LegalSearch", "ecosystem": "mcp", "evidence_score": 29, "evidence_status": "awaiting verification", "findings": 1, "generated_at": "2026-06-07T19:20:29.197454+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "install_or_runtime_config_visible", "dangerous_capabilities_observable" ], "name": "ai-roopslaw-legalsearch", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.roopslaw/legalsearch", "repo_url": "https://github.com/Roop-World/LegalSearch", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-roopslaw-legalsearch", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-roopslaw-legalsearch", "tools": [], "tools_count": 0, "top_findings": [ "References credential or secret pattern: API_KEY_GENERIC \u2014 server.json:19" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-roopslaw-legalsearch.html", "url": "https://github.com/Roop-World/LegalSearch", "verdict_label": "Sandbox/Test OK", "version": "0.1.0", "visible_controls": [] }, { "aliases": [ "ai-roxels-roxels-mcp", "roxels", "Roxels", "mcp:ai-roxels-roxels-mcp", "mcp-ai-roxels-roxels-mcp", "https-github-com-trebu-org-interviewer-tree-main-roxels-mcp", "trebu-org/interviewer/tree/main/roxels_mcp", "https://github.com/trebu-org/interviewer/tree/main/roxels_mcp", "trebu-org/interviewer", "trebu-org-interviewer", "interviewer", "https-github-com-trebu-org-interviewer", "https://github.com/trebu-org/interviewer" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:trebu-org/interviewer", "canonical_url": "https://github.com/trebu-org/interviewer", "description": "Let AI agents create configurable voice agents via meeting rooms and return structured data.", "discovery_status": "observed", "display_name": "Roxels", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.197463+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-roxels-roxels-mcp", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.roxels/roxels-mcp", "repo_url": "https://github.com/trebu-org/interviewer", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-roxels-roxels-mcp", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-roxels-roxels-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": true, "has_remotes": false, "package_registry_types": [ "pypi" ], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-roxels-roxels-mcp.html", "url": "https://github.com/trebu-org/interviewer/tree/main/roxels_mcp", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "0.5.1", "visible_controls": [] }, { "aliases": [ "ai-scamverify-mcp", "scamverify-threat-verification", "ScamVerify Threat Verification", "scamverify threat verification", "mcp:ai-scamverify-mcp", "mcp-ai-scamverify-mcp", "https-github-com-scamverifyai-scamverify-ai", "https://github.com/scamverifyai/scamverify-ai", "scamverifyai/scamverify-ai", "scamverifyai-scamverify-ai", "scamverify-ai" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:scamverifyai/scamverify-ai", "canonical_url": "https://github.com/scamverifyai/scamverify-ai", "description": "AI-powered scam and threat verification for phone numbers, URLs, texts, and emails.", "discovery_status": "observed", "display_name": "ScamVerify Threat Verification", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.197468+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-scamverify-mcp", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.scamverify/mcp", "repo_url": "https://github.com/scamverifyai/scamverify-ai", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-scamverify-mcp", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-scamverify-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-scamverify-mcp.html", "url": "https://github.com/scamverifyai/scamverify-ai", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-searchshop-www-la-luer", "la-luer-ai-skincare-commerce", "la luer \u2014 ai skincare commerce", "La Luer \u2014 AI Skincare Commerce", "mcp:ai-searchshop-www-la-luer", "mcp-ai-searchshop-www-la-luer", "nathangrotticelli/searchshopai", "https-github-com-nathangrotticelli-searchshopai", "https://github.com/nathangrotticelli/searchshopai", "nathangrotticelli-searchshopai", "searchshopai" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:nathangrotticelli/searchshopai", "canonical_url": "https://github.com/nathangrotticelli/searchshopai", "description": "Search, compare, and purchase La Luer microcurrent facial devices and skincare products.", "discovery_status": "observed", "display_name": "La Luer \u2014 AI Skincare Commerce", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.197473+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-searchshop-www-la-luer", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.searchshop.www/la-luer", "repo_url": "https://github.com/nathangrotticelli/searchshopai", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-searchshop-www-la-luer", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-searchshop-www-la-luer", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-searchshop-www-la-luer.html", "url": "https://github.com/nathangrotticelli/searchshopai", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-sendfast-sendfast", "sendfast", "SendFast", "mcp:ai-sendfast-sendfast", "mcp-ai-sendfast-sendfast", "https://github.com/novica-ai/sendfast", "novica-ai/sendfast", "https-github-com-novica-ai-sendfast", "novica-ai-sendfast" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:novica-ai/sendfast", "canonical_url": "https://github.com/novica-ai/sendfast", "description": "Agent-native marketing email: draft, edit, screenshot, and send from your verified domain.", "discovery_status": "observed", "display_name": "SendFast", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.197478+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-sendfast-sendfast", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.sendfast/sendfast", "repo_url": "https://github.com/novica-ai/sendfast", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-sendfast-sendfast", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-sendfast-sendfast", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-sendfast-sendfast.html", "url": "https://github.com/novica-ai/sendfast", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-slideless-mcp", "slideless", "Slideless", "mcp-ai-slideless-mcp", "mcp:ai-slideless-mcp", "https://github.com/slideless-ai/mcp", "slideless-ai/mcp", "https-github-com-slideless-ai-mcp", "slideless-ai-mcp", "mcp" ], "answer": "Source Not Verified", "bottom_line": "Meaningful risk signals. Review before team or production use.", "canonical_id": "github:slideless-ai/mcp", "canonical_url": "https://github.com/slideless-ai/mcp", "description": "List, share, upload, and manage Slideless HTML presentations from any MCP host.", "discovery_status": "observed", "display_name": "Slideless", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 7, "generated_at": "2026-06-07T19:20:29.197525+00:00", "install_label": "Source Not Verified", "install_posture": "Needs Oversight", "internal_verdict": "medium_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-slideless-mcp", "normalized_repo_url_from": "url", "posture": "needs_oversight", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.slideless/mcp", "repo_url": "https://github.com/slideless-ai/mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-slideless-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-slideless-mcp", "tools": [ "slideless_add_share_token", "slideless_delete_presentation", "slideless_download_version", "slideless_get_marketplace_listing", "slideless_get_presentation", "slideless_get_version", "slideless_invite_collaborator", "slideless_list_collaborators", "slideless_list_presentations", "slideless_list_versions", "slideless_publish_listing", "slideless_remix_listing", "slideless_search_marketplace", "slideless_set_token_version_mode", "slideless_share_via_email", "slideless_star_listing", "slideless_uninvite_collaborator", "slideless_unshare_presentation", "slideless_unstar_listing", "slideless_upload_html_presentation", "slideless_upload_presentation_files", "slideless_whoami" ], "tools_count": 22, "top_findings": [ "Install risk pattern: unpinned_dependency \u2014 package.json:12", "Detected capability: browser_automation \u2014 pnpm-lock.yaml:591", "Detected capability: network_egress \u2014 src/slidelessClient.ts:111" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-slideless-mcp.html", "url": "https://github.com/slideless-ai/mcp", "verdict_label": "Install With Restrictions", "version": "0.1.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-222wcnm-bilistalkermcp", "mcp-ai-smithery-222wcnm-bilistalkermcp", "mcp:ai-smithery-222wcnm-bilistalkermcp", "222wcnm/BiliStalkerMCP", "https-github-com-222wcnm-bilistalkermcp", "https://github.com/222wcnm/bilistalkermcp", "https://github.com/222wcnm/BiliStalkerMCP", "222wcnm-bilistalkermcp", "222wcnm/bilistalkermcp", "bilistalkermcp" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:222wcnm/bilistalkermcp", "canonical_url": "https://github.com/222wcnm/bilistalkermcp", "description": "Track Bilibili creators and get the latest updates on videos, dynamics, and articles. Fetch user p\u2026", "discovery_status": "observed", "display_name": "ai-smithery-222wcnm-bilistalkermcp", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 32, "generated_at": "2026-06-07T19:20:29.197594+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-smithery-222wcnm-bilistalkermcp", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/222wcnm-bilistalkermcp", "repo_url": "https://github.com/222wcnm/BiliStalkerMCP", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-222wcnm-bilistalkermcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-222wcnm-bilistalkermcp", "tools": [ "create_server", "get_article_content", "get_user_articles", "get_user_dynamics", "get_user_followings", "get_user_info", "get_user_videos", "get_video_detail", "search_user_videos", "track_user_updates" ], "tools_count": 10, "top_findings": [ "Detected capability: shell_execution \u2014 scripts/integration_suite.py:26", "Install risk pattern: unpinned_dependency \u2014 Dockerfile:13", "Detected capability: network_egress \u2014 bili_stalker_mcp/core.py:85" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-222wcnm-bilistalkermcp.html", "url": "https://github.com/222wcnm/BiliStalkerMCP", "verdict_label": "Review Before Install", "version": "1.15.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-a-ariff-canvas-instant-mcp", "mcp:ai-smithery-a-ariff-canvas-instant-mcp", "mcp-ai-smithery-a-ariff-canvas-instant-mcp", "https://github.com/a-ariff/canvas-instant-mcp", "https-github-com-a-ariff-canvas-instant-mcp", "a-ariff/canvas-instant-mcp", "a-ariff-canvas-instant-mcp", "canvas-instant-mcp" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:a-ariff/canvas-instant-mcp", "canonical_url": "https://github.com/a-ariff/canvas-instant-mcp", "description": "Manage your Canvas coursework with quick access to courses, assignments, and grades. Track upcomin\u2026", "discovery_status": "observed", "display_name": "ai-smithery-a-ariff-canvas-instant-mcp", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.201130+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-smithery-a-ariff-canvas-instant-mcp", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.smithery/a-ariff-canvas-instant-mcp", "repo_url": "https://github.com/a-ariff/canvas-instant-mcp", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-smithery-a-ariff-canvas-instant-mcp", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-a-ariff-canvas-instant-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-a-ariff-canvas-instant-mcp.html", "url": "https://github.com/a-ariff/canvas-instant-mcp", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "2.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-aamangeldi-dad-jokes-mcp", "mcp:ai-smithery-aamangeldi-dad-jokes-mcp", "mcp-ai-smithery-aamangeldi-dad-jokes-mcp", "https-github-com-aamangeldi-dad-jokes-mcp", "https://github.com/aamangeldi/dad-jokes-mcp", "aamangeldi/dad-jokes-mcp", "aamangeldi-dad-jokes-mcp", "dad-jokes-mcp" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:aamangeldi/dad-jokes-mcp", "canonical_url": "https://github.com/aamangeldi/dad-jokes-mcp", "description": "Get a random dad joke or search by keyword to fit any moment. Retrieve specific jokes by ID for re\u2026", "discovery_status": "observed", "display_name": "ai-smithery-aamangeldi-dad-jokes-mcp", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 3, "generated_at": "2026-06-07T19:20:29.201178+00:00", "install_label": "Source Not Verified", "install_posture": "Needs Oversight", "internal_verdict": "medium_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-smithery-aamangeldi-dad-jokes-mcp", "normalized_repo_url_from": "url", "posture": "needs_oversight", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/aamangeldi-dad-jokes-mcp", "repo_url": "https://github.com/aamangeldi/dad-jokes-mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-aamangeldi-dad-jokes-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-aamangeldi-dad-jokes-mcp", "tools": [ "create_server", "get_joke_by_id", "get_joke_by_id_tool", "get_random_joke", "get_random_joke_tool", "search_jokes", "search_jokes_tool" ], "tools_count": 7, "top_findings": [ "Detected capability: network_egress \u2014 src/dad_jokes_mcp/server.py:21" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-aamangeldi-dad-jokes-mcp.html", "url": "https://github.com/aamangeldi/dad-jokes-mcp", "verdict_label": "Install With Restrictions", "version": "1.15.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-adamamer20-paper-search-mcp-openai", "mcp-ai-smithery-adamamer20-paper-search-mcp-openai", "mcp:ai-smithery-adamamer20-paper-search-mcp-openai", "https-github-com-adamamer20-paper-search-mcp-openai", "adamamer20/paper-search-mcp-openai", "https://github.com/adamamer20/paper-search-mcp-openai", "adamamer20-paper-search-mcp-openai", "paper-search-mcp-openai" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:adamamer20/paper-search-mcp-openai", "canonical_url": "https://github.com/adamamer20/paper-search-mcp-openai", "description": "Search and download academic papers from arXiv, PubMed, bioRxiv, medRxiv, Google Scholar, Semantic\u2026", "discovery_status": "observed", "display_name": "ai-smithery-adamamer20-paper-search-mcp-openai", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 26, "generated_at": "2026-06-07T19:20:29.201245+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-smithery-adamamer20-paper-search-mcp-openai", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/adamamer20-paper-search-mcp-openai", "repo_url": "https://github.com/adamamer20/paper-search-mcp-openai", "risk_band": "high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-adamamer20-paper-search-mcp-openai", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-adamamer20-paper-search-mcp-openai", "tools": [ "async_search", "download_arxiv", "download_biorxiv", "download_crossref", "download_iacr", "download_medrxiv", "download_pubmed", "download_semantic", "fetch", "get_crossref_paper_by_doi", "read_arxiv_paper", "read_biorxiv_paper", "read_crossref_paper", "read_iacr_paper", "read_medrxiv_paper", "read_pubmed_paper", "read_semantic_paper", "search", "search_arxiv", "search_biorxiv", "search_crossref", "search_google_scholar", "search_iacr", "search_medrxiv", "search_pubmed", "search_semantic" ], "tools_count": 26, "top_findings": [ "Detected capability: filesystem_write_delete \u2014 paper_search_mcp/academic_platforms/sci_hub.py:22", "Detected capability: environment_access \u2014 paper_search_mcp/academic_platforms/semantic.py:153", "Detected capability: network_egress \u2014 paper_search_mcp/academic_platforms/arxiv.py:32" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-adamamer20-paper-search-mcp-openai.html", "url": "https://github.com/adamamer20/paper-search-mcp-openai", "verdict_label": "Needs Oversight", "version": "1.14.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-afgong-sqlite-mcp-server", "mcp:ai-smithery-afgong-sqlite-mcp-server", "mcp-ai-smithery-afgong-sqlite-mcp-server", "afgong/sqlite-mcp-server/tree/main/sqlite-explorer-fastmcp-mcp-server", "https-github-com-afgong-sqlite-mcp-server-tree-main-sqlite-explorer-fastmcp-mcp-server", "https://github.com/afgong/sqlite-mcp-server/tree/main/sqlite-explorer-fastmcp-mcp-server", "afgong-sqlite-mcp-server", "afgong/sqlite-mcp-server", "sqlite-mcp-server", "https-github-com-afgong-sqlite-mcp-server", "https://github.com/afgong/sqlite-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:afgong/sqlite-mcp-server", "canonical_url": "https://github.com/afgong/sqlite-mcp-server", "description": "Explore your Messages SQLite database to browse tables and inspect schemas with ease. Run flexible\u2026", "discovery_status": "observed", "display_name": "ai-smithery-afgong-sqlite-mcp-server", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 65, "generated_at": "2026-06-07T19:20:29.201343+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [], "name": "ai-smithery-afgong-sqlite-mcp-server", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/afgong-sqlite-mcp-server", "repo_url": "https://github.com/afgong/sqlite-mcp-server", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-afgong-sqlite-mcp-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-afgong-sqlite-mcp-server", "tools": [ "GitHub", "Specification", "add", "analyze-project", "async_tool", "calculate_bmi", "create_server", "create_thumbnail", "describe_table", "echo", "echo_tool", "fetch_weather", "fileUri", "list_tables", "load_image", "long_task", "my_tool", "name_shrimp", "query_data", "read_profile", "read_query", "remember", "take_screenshot", "text_me", "textme", "timeframe", "tool_with_context" ], "tools_count": 27, "top_findings": [ "Detected capability: shell_execution \u2014 fastmcp-documentation.txt:2820", "Install risk pattern: curl_pipe_shell \u2014 mcp-documentation.txt:4111", "References credential or secret pattern: DATABASE_URL \u2014 fastmcp-documentation.txt:469" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-afgong-sqlite-mcp-server.html", "url": "https://github.com/afgong/sqlite-mcp-server/tree/main/sqlite-explorer-fastmcp-mcp-server", "verdict_label": "Review Before Install", "version": "1.16.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-agentmail", "mcp-ai-smithery-agentmail", "mcp:ai-smithery-agentmail", "https://github.com/agentmail-to/agentmail-smithery-mcp", "https-github-com-agentmail-to-agentmail-smithery-mcp", "agentmail-to/agentmail-smithery-mcp", "agentmail-to-agentmail-smithery-mcp", "agentmail-smithery-mcp" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:agentmail-to/agentmail-smithery-mcp", "canonical_url": "https://github.com/agentmail-to/agentmail-smithery-mcp", "description": "AgentMail is the email inbox API for AI agents. It gives agents their own email inboxes, like Gmail", "discovery_status": "observed", "display_name": "ai-smithery-agentmail", "ecosystem": "mcp", "evidence_score": 71, "evidence_status": "awaiting verification", "findings": 12, "generated_at": "2026-06-07T19:20:29.201399+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-smithery-agentmail", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/agentmail", "repo_url": "https://github.com/agentmail-to/agentmail-smithery-mcp", "risk_band": "high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-agentmail", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-agentmail", "tools": [ "get-weather", "hello", "test-client", "tool-name", "your-project-name" ], "tools_count": 5, "top_findings": [ "Detected capability: wallet_payment \u2014 package.json:14", "Install risk pattern: unpinned_dependency \u2014 package.json:11", "Install/config context pattern: network_egress \u2014 pnpm-lock.yaml:1264" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-agentmail.html", "url": "https://github.com/agentmail-to/agentmail-smithery-mcp", "verdict_label": "Needs Oversight", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-aicastle-school-openai-api-agent-project", "mcp:ai-smithery-aicastle-school-openai-api-agent-project", "mcp-ai-smithery-aicastle-school-openai-api-agent-project", "https-github-com-aicastle-school-openai-api-agent-project", "https://github.com/aicastle-school/openai-api-agent-project", "aicastle-school/openai-api-agent-project", "aicastle-school-openai-api-agent-project", "openai-api-agent-project" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:aicastle-school/openai-api-agent-project", "canonical_url": "https://github.com/aicastle-school/openai-api-agent-project", "description": "Fetch the latest available stock quotes by ticker symbol across international markets. Check price\u2026", "discovery_status": "observed", "display_name": "ai-smithery-aicastle-school-openai-api-agent-project", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.201439+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "source_code_visible", "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "install_or_runtime_config_visible", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-smithery-aicastle-school-openai-api-agent-project", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.smithery/aicastle-school-openai-api-agent-project11", "repo_url": "https://github.com/aicastle-school/openai-api-agent-project", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-smithery-aicastle-school-openai-api-agent-project", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-aicastle-school-openai-api-agent-project", "tools": [], "tools_count": 0, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-aicastle-school-openai-api-agent-project.html", "url": "https://github.com/aicastle-school/openai-api-agent-project", "verdict_label": "Sandbox/Test OK", "version": "1.16.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-airmang-hwpx-mcp", "mcp-ai-smithery-airmang-hwpx-mcp", "mcp:ai-smithery-airmang-hwpx-mcp", "https://github.com/airmang/hwpx-mcp", "https-github-com-airmang-hwpx-mcp", "airmang/hwpx-mcp", "airmang-hwpx-mcp", "hwpx-mcp" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:airmang/hwpx-mcp", "canonical_url": "https://github.com/airmang/hwpx-mcp", "description": "\uc790\ub3d9\ud654\ud558\uc5ec HWPX \ubb38\uc11c\uc758 \ub85c\ub529, \ud0d0\uc0c9, \ud3b8\uc9d1, \uac80\uc99d\uc744 \ud55c \ubc88\uc5d0 \ucc98\ub9ac\ud569\ub2c8\ub2e4. \ubb38\ub2e8\u00b7\ud45c\u00b7\uc8fc\uc11d \ucd94\uac00, \ud14d\uc2a4\ud2b8 \uc77c\uad04 \uce58\ud658, \uba38\ub9ac\ub9d0\u00b7\uaf2c\ub9ac\ub9d0 \uc124\uc815 \ub4f1 \ubc18\ubcf5 \uc791\uc5c5\uc744 \uc2e0\uc18d\ud788 \uc218\ud589\ud569\ub2c8\ub2e4. \uae30\u2026", "discovery_status": "observed", "display_name": "ai-smithery-airmang-hwpx-mcp", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.201447+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-smithery-airmang-hwpx-mcp", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.smithery/airmang-hwpx-mcp", "repo_url": "https://github.com/airmang/hwpx-mcp", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-smithery-airmang-hwpx-mcp", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-airmang-hwpx-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-airmang-hwpx-mcp.html", "url": "https://github.com/airmang/hwpx-mcp", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.14.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-akilat-spec-leave-manager-mcp", "mcp:ai-smithery-akilat-spec-leave-manager-mcp", "mcp-ai-smithery-akilat-spec-leave-manager-mcp", "https://github.com/akilat-spec/leave-manager-mcp", "akilat-spec/leave-manager-mcp", "https-github-com-akilat-spec-leave-manager-mcp", "akilat-spec-leave-manager-mcp", "leave-manager-mcp" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:akilat-spec/leave-manager-mcp", "canonical_url": "https://github.com/akilat-spec/leave-manager-mcp", "description": "Track and manage employee time off with quick balance lookups and streamlined applications. Find t\u2026", "discovery_status": "observed", "display_name": "ai-smithery-akilat-spec-leave-manager-mcp", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 60, "generated_at": "2026-06-07T19:20:29.201532+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-smithery-akilat-spec-leave-manager-mcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/akilat-spec-leave-manager-mcp", "repo_url": "https://github.com/akilat-spec/leave-manager-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-akilat-spec-leave-manager-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-akilat-spec-leave-manager-mcp", "tools": [ "apply_leave_ai", "fetch_employees_ai", "get_connection", "get_department_name", "get_leave_balance", "smart_employee_search" ], "tools_count": 6, "top_findings": [ "Detected capability: database_access \u2014 .mcp.json:23", "References credential or secret pattern: DATABASE_URL \u2014 main.py:32", "Detected capability: environment_access \u2014 main.py:49" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-akilat-spec-leave-manager-mcp.html", "url": "https://github.com/akilat-spec/leave-manager-mcp", "verdict_label": "Needs Oversight", "version": "1.16.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-alex-llm-attack-mcp-server", "mcp:ai-smithery-alex-llm-attack-mcp-server", "mcp-ai-smithery-alex-llm-attack-mcp-server", "https://github.com/alex-llm/attack-mcp-server", "alex-llm/attAck-mcp-server", "https://github.com/alex-llm/attAck-mcp-server", "https-github-com-alex-llm-attack-mcp-server", "alex-llm/attack-mcp-server", "alex-llm-attack-mcp-server", "attack-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "Meaningful risk signals. Review before team or production use.", "canonical_id": "github:alex-llm/attack-mcp-server", "canonical_url": "https://github.com/alex-llm/attack-mcp-server", "description": "Query and retrieve information about various adversarial tactics and techniques used in cyber atta\u2026", "discovery_status": "observed", "display_name": "ai-smithery-alex-llm-attack-mcp-server", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 16, "generated_at": "2026-06-07T19:20:29.201592+00:00", "install_label": "Source Not Verified", "install_posture": "Needs Oversight", "internal_verdict": "medium_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-smithery-alex-llm-attack-mcp-server", "normalized_repo_url_from": "url", "posture": "needs_oversight", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.smithery/alex-llm-attack-mcp-server", "repo_url": "https://github.com/alex-llm/attAck-mcp-server", "risk_band": "elevated", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-alex-llm-attack-mcp-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-alex-llm-attack-mcp-server", "tools": [ "create_http_app", "get_all_tactics", "list_tactics", "query_attack_technique", "query_detections", "query_mitigations", "query_technique", "read_commit_hash", "resolve_log_level", "search_technique_full", "server_info" ], "tools_count": 11, "top_findings": [ "Install risk pattern: unpinned_dependency \u2014 Dockerfile:7", "Detected capability: filesystem_read \u2014 main.py:51", "Detected capability: network_egress \u2014 main.py:875" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-alex-llm-attack-mcp-server.html", "url": "https://github.com/alex-llm/attAck-mcp-server", "verdict_label": "Install With Restrictions", "version": "2.1", "visible_controls": [] }, { "aliases": [ "ai-smithery-alphago2580-naramarketmcp", "mcp:ai-smithery-alphago2580-naramarketmcp", "mcp-ai-smithery-alphago2580-naramarketmcp", "https://github.com/alphago2580/naramarketmcp", "alphago2580/naramarketmcp", "https-github-com-alphago2580-naramarketmcp", "alphago2580-naramarketmcp", "naramarketmcp" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:alphago2580/naramarketmcp", "canonical_url": "https://github.com/alphago2580/naramarketmcp", "description": "Access Korea\u2019s G2B procurement and Nara Market data for bid notices, awards, contracts, statistics\u2026", "discovery_status": "observed", "display_name": "ai-smithery-alphago2580-naramarketmcp", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 75, "generated_at": "2026-06-07T19:20:29.201696+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [], "name": "ai-smithery-alphago2580-naramarketmcp", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/alphago2580-naramarketmcp", "repo_url": "https://github.com/alphago2580/naramarketmcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-alphago2580-naramarketmcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-alphago2580-naramarketmcp", "tools": [ "call_api_with_pagination_support", "call_procurement_statistics_api", "call_product_list_api", "call_public_data_standard_api", "call_shopping_mall_api", "common_search_patterns", "crawl_list", "get_all_api_services_info", "get_api_operations", "get_data_exploration_guide", "get_detailed_attributes", "get_procurement_statistics_by_year", "get_recent_bid_announcements", "get_successful_bids_by_business_type", "health_check", "search_shopping_mall_products", "server_info" ], "tools_count": 17, "top_findings": [ "Detected capability: docker_privilege \u2014 deploy.sh:33", "Detected capability: filesystem_write_delete \u2014 deployments/deploy.sh:82", "Detected capability: environment_access \u2014 src/services/auth.py:20" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-alphago2580-naramarketmcp.html", "url": "https://github.com/alphago2580/naramarketmcp", "verdict_label": "Review Before Install", "version": "1.14.1", "visible_controls": [] }, { "aliases": [ "ai-smithery-aman-amith-shastry-scientific-computation-mcp", "mcp-ai-smithery-aman-amith-shastry-scientific-computation-mcp", "mcp:ai-smithery-aman-amith-shastry-scientific-computation-mcp", "https-github-com-aman-amith-shastry-scientific-computation-mcp", "https://github.com/Aman-Amith-Shastry/scientific_computation_mcp", "https://github.com/aman-amith-shastry/scientific_computation_mcp", "Aman-Amith-Shastry/scientific_computation_mcp", "aman-amith-shastry/scientific_computation_mcp", "aman-amith-shastry-scientific-computation-mcp", "scientific_computation_mcp", "scientific-computation-mcp" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:aman-amith-shastry/scientific_computation_mcp", "canonical_url": "https://github.com/aman-amith-shastry/scientific_computation_mcp", "description": "This MCP server enables users to perform scientific computations regarding linear algebra and vect\u2026", "discovery_status": "observed", "display_name": "ai-smithery-aman-amith-shastry-scientific-computation-mcp", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 9, "generated_at": "2026-06-07T19:20:29.197652+00:00", "install_label": "Source Not Verified", "install_posture": "Needs Oversight", "internal_verdict": "medium_risk", "missing_evidence": [], "name": "ai-smithery-aman-amith-shastry-scientific-computation-mcp", "normalized_repo_url_from": "url", "posture": "needs_oversight", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/Aman-Amith-Shastry-scientific_computation_mcp", "repo_url": "https://github.com/Aman-Amith-Shastry/scientific_computation_mcp", "risk_band": "elevated", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-aman-amith-shastry-scientific-computation-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-aman-amith-shastry-scientific-computation-mcp", "tools": [ "add_matrices", "change_basis", "compute_eigen", "create_tensor", "curl", "delete_tensor", "determinant", "directional_deriv", "divergence", "find_orthonormal_basis", "gradient", "laplacian", "list_tensor_names", "matrix_inverse", "multiply_matrices", "my_tensor", "plot_function", "plot_vector_field", "qr_decompose", "rank", "scale_matrix", "subtract_matrices", "svd_decompose", "transpose", "vector_cross_product", "vector_dot_product", "vector_project", "view_tensor" ], "tools_count": 28, "top_findings": [ "Detected capability: environment_access \u2014 src/middleware.py:12", "Detected capability: network_egress \u2014 client.py:33", "References credential or secret pattern: API_KEY_GENERIC \u2014 smithery.yaml:14" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-aman-amith-shastry-scientific-computation-mcp.html", "url": "https://github.com/Aman-Amith-Shastry/scientific_computation_mcp", "verdict_label": "Install With Restrictions", "version": "1.13.1", "visible_controls": [] }, { "aliases": [ "ai-smithery-anirbanbasu-frankfurtermcp", "mcp-ai-smithery-anirbanbasu-frankfurtermcp", "mcp:ai-smithery-anirbanbasu-frankfurtermcp", "https://github.com/anirbanbasu/frankfurtermcp", "anirbanbasu/frankfurtermcp", "https-github-com-anirbanbasu-frankfurtermcp", "anirbanbasu-frankfurtermcp", "frankfurtermcp" ], "answer": "Source Not Verified", "bottom_line": "Meaningful risk signals. Review before team or production use.", "canonical_id": "github:anirbanbasu/frankfurtermcp", "canonical_url": "https://github.com/anirbanbasu/frankfurtermcp", "description": "A MCP server for the Frankfurter API for currency exchange rates.", "discovery_status": "observed", "display_name": "ai-smithery-anirbanbasu-frankfurtermcp", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 14, "generated_at": "2026-06-07T19:20:29.201756+00:00", "install_label": "Source Not Verified", "install_posture": "Needs Oversight", "internal_verdict": "medium_risk", "missing_evidence": [], "name": "ai-smithery-anirbanbasu-frankfurtermcp", "normalized_repo_url_from": "url", "posture": "needs_oversight", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.smithery/anirbanbasu-frankfurtermcp", "repo_url": "https://github.com/anirbanbasu/frankfurtermcp", "risk_band": "elevated", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-anirbanbasu-frankfurtermcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-anirbanbasu-frankfurtermcp", "tools": [ "get_historical_exchange_rates", "get_latest_exchange_rates", "get_supported_currencies" ], "tools_count": 3, "top_findings": [ "Detected capability: database_access \u2014 docker-compose.yml:82", "Install risk pattern: unpinned_dependency \u2014 local.dockerfile:16", "Detected capability: network_egress \u2014 src/frankfurtermcp/mixin.py:77" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-anirbanbasu-frankfurtermcp.html", "url": "https://github.com/anirbanbasu/frankfurtermcp", "verdict_label": "Install With Restrictions", "version": "1.15.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-anirbanbasu-pymcp", "mcp-ai-smithery-anirbanbasu-pymcp", "mcp:ai-smithery-anirbanbasu-pymcp", "https://github.com/anirbanbasu/pymcp", "https-github-com-anirbanbasu-pymcp", "anirbanbasu/pymcp", "anirbanbasu-pymcp", "pymcp" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:anirbanbasu/pymcp", "canonical_url": "https://github.com/anirbanbasu/pymcp", "description": "Primarily to be used as a template repository for developing MCP servers with FastMCP in Python, P\u2026", "discovery_status": "observed", "display_name": "ai-smithery-anirbanbasu-pymcp", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 2, "generated_at": "2026-06-07T19:20:29.201795+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-smithery-anirbanbasu-pymcp", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.smithery/anirbanbasu-pymcp", "repo_url": "https://github.com/anirbanbasu/pymcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-anirbanbasu-pymcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-anirbanbasu-pymcp", "tools": [ "get_prompt", "read_resource", "resource_logo", "resource_logo_svg", "text_web_search" ], "tools_count": 5, "top_findings": [ "Detected capability: filesystem_read \u2014 src/pymcp/server.py:338" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-anirbanbasu-pymcp.html", "url": "https://github.com/anirbanbasu/pymcp", "verdict_label": "Sandbox/Test OK", "version": "0.1.7", "visible_controls": [] }, { "aliases": [ "ai-smithery-arjunkmrm-ahoy", "mcp:ai-smithery-arjunkmrm-ahoy", "mcp-ai-smithery-arjunkmrm-ahoy", "arjunkmrm/ahoy", "https://github.com/arjunkmrm/ahoy", "https-github-com-arjunkmrm-ahoy", "arjunkmrm-ahoy", "ahoy" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:arjunkmrm/ahoy", "canonical_url": "https://github.com/arjunkmrm/ahoy", "description": "Create friendly greetings by name, with an optional pirate tone. Explore the origin of 'Hello, Wor\u2026", "discovery_status": "observed", "display_name": "ai-smithery-arjunkmrm-ahoy", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.201803+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-smithery-arjunkmrm-ahoy", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.smithery/arjunkmrm-ahoy2", "repo_url": "https://github.com/arjunkmrm/ahoy", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-smithery-arjunkmrm-ahoy", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-arjunkmrm-ahoy", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-arjunkmrm-ahoy.html", "url": "https://github.com/arjunkmrm/ahoy", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.13.1", "visible_controls": [] }, { "aliases": [ "ai-smithery-arjunkmrm-brave-search-mcp-server", "mcp:ai-smithery-arjunkmrm-brave-search-mcp-server", "mcp-ai-smithery-arjunkmrm-brave-search-mcp-server", "arjunkmrm/brave-search-mcp-server", "https://github.com/arjunkmrm/brave-search-mcp-server", "https-github-com-arjunkmrm-brave-search-mcp-server", "arjunkmrm-brave-search-mcp-server", "brave-search-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:arjunkmrm/brave-search-mcp-server", "canonical_url": "https://github.com/arjunkmrm/brave-search-mcp-server", "description": "Search the web, images, videos, news, and local businesses with robust filters, freshness controls\u2026", "discovery_status": "observed", "display_name": "ai-smithery-arjunkmrm-brave-search-mcp-server", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.201809+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-smithery-arjunkmrm-brave-search-mcp-server", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.smithery/arjunkmrm-brave-search-mcp-server", "repo_url": "https://github.com/arjunkmrm/brave-search-mcp-server", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-smithery-arjunkmrm-brave-search-mcp-server", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-arjunkmrm-brave-search-mcp-server", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-arjunkmrm-brave-search-mcp-server.html", "url": "https://github.com/arjunkmrm/brave-search-mcp-server", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "2.0.25", "visible_controls": [] }, { "aliases": [ "ai-smithery-arjunkmrm-clock", "mcp:ai-smithery-arjunkmrm-clock", "mcp-ai-smithery-arjunkmrm-clock", "https-github-com-arjunkmrm-clock", "https://github.com/arjunkmrm/clock", "arjunkmrm/clock", "arjunkmrm-clock", "clock" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:arjunkmrm/clock", "canonical_url": "https://github.com/arjunkmrm/clock", "description": "Get the current time in your chosen timezone. Browse available continents and regions to pick the\u2026", "discovery_status": "observed", "display_name": "ai-smithery-arjunkmrm-clock", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.201814+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-smithery-arjunkmrm-clock", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.smithery/arjunkmrm-watch2", "repo_url": "https://github.com/arjunkmrm/clock", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-smithery-arjunkmrm-clock", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-arjunkmrm-clock", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-arjunkmrm-clock.html", "url": "https://github.com/arjunkmrm/clock", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.14.1", "visible_controls": [] }, { "aliases": [ "ai-smithery-arjunkmrm-fetch", "mcp-ai-smithery-arjunkmrm-fetch", "mcp:ai-smithery-arjunkmrm-fetch", "https://github.com/arjunkmrm/fetch", "arjunkmrm/fetch", "https-github-com-arjunkmrm-fetch", "arjunkmrm-fetch", "fetch" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:arjunkmrm/fetch", "canonical_url": "https://github.com/arjunkmrm/fetch", "description": "Fetch web pages and extract exactly the content you need. Select elements with CSS and retrieve co\u2026", "discovery_status": "observed", "display_name": "ai-smithery-arjunkmrm-fetch", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.201818+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-smithery-arjunkmrm-fetch", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.smithery/arjunkmrm-fetch", "repo_url": "https://github.com/arjunkmrm/fetch", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-smithery-arjunkmrm-fetch", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-arjunkmrm-fetch", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-arjunkmrm-fetch.html", "url": "https://github.com/arjunkmrm/fetch", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-arjunkmrm-lta-mcp", "mcp:ai-smithery-arjunkmrm-lta-mcp", "mcp-ai-smithery-arjunkmrm-lta-mcp", "https-github-com-arjunkmrm-lta-mcp", "https://github.com/arjunkmrm/lta-mcp", "arjunkmrm/lta-mcp", "arjunkmrm-lta-mcp", "lta-mcp" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:arjunkmrm/lta-mcp", "canonical_url": "https://github.com/arjunkmrm/lta-mcp", "description": "Provide real-time transportation data including bus arrivals, train service alerts, carpark availa\u2026", "discovery_status": "observed", "display_name": "ai-smithery-arjunkmrm-lta-mcp", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.201828+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-smithery-arjunkmrm-lta-mcp", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.smithery/arjunkmrm-lta-mcp", "repo_url": "https://github.com/arjunkmrm/lta-mcp", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-smithery-arjunkmrm-lta-mcp", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-arjunkmrm-lta-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-arjunkmrm-lta-mcp.html", "url": "https://github.com/arjunkmrm/lta-mcp", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "0.1.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-arjunkmrm-mango-sago", "mcp-ai-smithery-arjunkmrm-mango-sago", "mcp:ai-smithery-arjunkmrm-mango-sago", "https://github.com/arjunkmrm/mango-sago", "https-github-com-arjunkmrm-mango-sago", "arjunkmrm/mango-sago", "arjunkmrm-mango-sago", "mango-sago" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:arjunkmrm/mango-sago", "canonical_url": "https://github.com/arjunkmrm/mango-sago", "description": "Greet people by name with friendly, customizable messages. Toggle Pirate Mode to speak like a swas\u2026", "discovery_status": "observed", "display_name": "ai-smithery-arjunkmrm-mango-sago", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.201833+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-smithery-arjunkmrm-mango-sago", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.smithery/arjunkmrm-py-test-2", "repo_url": "https://github.com/arjunkmrm/mango-sago", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-smithery-arjunkmrm-mango-sago", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-arjunkmrm-mango-sago", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-arjunkmrm-mango-sago.html", "url": "https://github.com/arjunkmrm/mango-sago", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.16.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-arjunkmrm-perplexity-search", "mcp:ai-smithery-arjunkmrm-perplexity-search", "mcp-ai-smithery-arjunkmrm-perplexity-search", "https://github.com/arjunkmrm/perplexity-search", "arjunkmrm/perplexity-search", "https-github-com-arjunkmrm-perplexity-search", "arjunkmrm-perplexity-search", "perplexity-search" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:arjunkmrm/perplexity-search", "canonical_url": "https://github.com/arjunkmrm/perplexity-search", "description": "Enable AI assistants to perform web searches using Perplexity's Sonar Pro.", "discovery_status": "observed", "display_name": "ai-smithery-arjunkmrm-perplexity-search", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 7, "generated_at": "2026-06-07T19:20:29.201879+00:00", "install_label": "Source Not Verified", "install_posture": "Needs Oversight", "internal_verdict": "medium_risk", "missing_evidence": [ "dangerous_capabilities_observable" ], "name": "ai-smithery-arjunkmrm-perplexity-search", "normalized_repo_url_from": "url", "posture": "needs_oversight", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/arjunkmrm-perplexity-search", "repo_url": "https://github.com/arjunkmrm/perplexity-search", "risk_band": "elevated", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-arjunkmrm-perplexity-search", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-arjunkmrm-perplexity-search", "tools": [ "search" ], "tools_count": 1, "top_findings": [ "References credential or secret pattern: API_KEY_GENERIC \u2014 .env.example:2", "Install risk pattern: npm_lifecycle_script \u2014 package.json:14", "Install risk pattern: unpinned_dependency \u2014 package.json:17" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-arjunkmrm-perplexity-search.html", "url": "https://github.com/arjunkmrm/perplexity-search", "verdict_label": "Install With Restrictions", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-arjunkmrm-scrapermcp-el", "mcp:ai-smithery-arjunkmrm-scrapermcp-el", "mcp-ai-smithery-arjunkmrm-scrapermcp-el", "https://github.com/arjunkmrm/ScraperMcp_el", "https://github.com/arjunkmrm/scrapermcp_el", "https-github-com-arjunkmrm-scrapermcp-el", "arjunkmrm/ScraperMcp_el", "arjunkmrm-scrapermcp-el", "arjunkmrm/scrapermcp_el", "scrapermcp_el", "scrapermcp-el" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:arjunkmrm/scrapermcp_el", "canonical_url": "https://github.com/arjunkmrm/scrapermcp_el", "description": "Extract and parse web pages into clean HTML, links, or Markdown. Handle dynamic, complex, or block\u2026", "discovery_status": "observed", "display_name": "ai-smithery-arjunkmrm-scrapermcp-el", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.201889+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-smithery-arjunkmrm-scrapermcp-el", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.smithery/arjunkmrm-scrapermcp_el", "repo_url": "https://github.com/arjunkmrm/ScraperMcp_el", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-smithery-arjunkmrm-scrapermcp-el", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-arjunkmrm-scrapermcp-el", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-arjunkmrm-scrapermcp-el.html", "url": "https://github.com/arjunkmrm/ScraperMcp_el", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.15.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-arjunkmrm-sg-bus-test", "mcp-ai-smithery-arjunkmrm-sg-bus-test", "mcp:ai-smithery-arjunkmrm-sg-bus-test", "https://github.com/arjunkmrm/sg-bus-test", "arjunkmrm/sg-bus-test", "https-github-com-arjunkmrm-sg-bus-test", "arjunkmrm-sg-bus-test", "sg-bus-test" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:arjunkmrm/sg-bus-test", "canonical_url": "https://github.com/arjunkmrm/sg-bus-test", "description": "Get real-time bus arrival times for any Singapore bus stop by code, with optional service filterin\u2026", "discovery_status": "observed", "display_name": "ai-smithery-arjunkmrm-sg-bus-test", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.201894+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-smithery-arjunkmrm-sg-bus-test", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.smithery/arjunkmrm-sg-bus-test", "repo_url": "https://github.com/arjunkmrm/sg-bus-test", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-smithery-arjunkmrm-sg-bus-test", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-arjunkmrm-sg-bus-test", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-arjunkmrm-sg-bus-test.html", "url": "https://github.com/arjunkmrm/sg-bus-test", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-arjunkmrm-tutorials", "mcp-ai-smithery-arjunkmrm-tutorials", "mcp:ai-smithery-arjunkmrm-tutorials", "https-github-com-arjunkmrm-tutorials-tree-main-smithery-example-financial-server", "https://github.com/arjunkmrm/tutorials/tree/main/smithery-example/financial-server", "arjunkmrm/tutorials/tree/main/smithery-example/financial-server", "arjunkmrm-tutorials", "arjunkmrm/tutorials", "tutorials", "https-github-com-arjunkmrm-tutorials", "https://github.com/arjunkmrm/tutorials" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:arjunkmrm/tutorials", "canonical_url": "https://github.com/arjunkmrm/tutorials", "description": "Analyze stocks and SEC filings to surface key insights, from price and volume to insider activity\u2026", "discovery_status": "observed", "display_name": "ai-smithery-arjunkmrm-tutorials", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.201899+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-smithery-arjunkmrm-tutorials", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.smithery/arjunkmrm-tutorials", "repo_url": "https://github.com/arjunkmrm/tutorials", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-smithery-arjunkmrm-tutorials", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-arjunkmrm-tutorials", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-arjunkmrm-tutorials.html", "url": "https://github.com/arjunkmrm/tutorials/tree/main/smithery-example/financial-server", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.15.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-artin0123-gemini-image-mcp-server", "mcp-ai-smithery-artin0123-gemini-image-mcp-server", "mcp:ai-smithery-artin0123-gemini-image-mcp-server", "Artin0123/gemini-vision-mcp", "https-github-com-artin0123-gemini-vision-mcp", "https://github.com/artin0123/gemini-vision-mcp", "https://github.com/Artin0123/gemini-vision-mcp", "artin0123-gemini-vision-mcp", "artin0123/gemini-vision-mcp", "gemini-vision-mcp" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:artin0123/gemini-vision-mcp", "canonical_url": "https://github.com/artin0123/gemini-vision-mcp", "description": "Analyze images and videos with Gemini to get fast, reliable visual insights. Handle content from U\u2026", "discovery_status": "observed", "display_name": "ai-smithery-artin0123-gemini-image-mcp-server", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 144, "generated_at": "2026-06-07T19:20:29.197805+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-smithery-artin0123-gemini-image-mcp-server", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/Artin0123-gemini-image-mcp-server", "repo_url": "https://github.com/Artin0123/gemini-vision-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-artin0123-gemini-image-mcp-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-artin0123-gemini-image-mcp-server", "tools": [ "analyze_image", "analyze_youtube_video" ], "tools_count": 2, "top_findings": [ "Detected capability: environment_access \u2014 src/index.ts:99", "References credential or secret pattern: API_KEY_GENERIC \u2014 manifest.json:12", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-artin0123-gemini-image-mcp-server.html", "url": "https://github.com/Artin0123/gemini-vision-mcp", "verdict_label": "Needs Oversight", "version": "1.4.3", "visible_controls": [] }, { "aliases": [ "ai-smithery-aryankeluskar-poke-video-mcp", "mcp:ai-smithery-aryankeluskar-poke-video-mcp", "mcp-ai-smithery-aryankeluskar-poke-video-mcp", "https-github-com-aryankeluskar-poke-video-mcp", "https://github.com/aryankeluskar/poke-video-mcp", "aryankeluskar/poke-video-mcp", "aryankeluskar-poke-video-mcp", "poke-video-mcp" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:aryankeluskar/poke-video-mcp", "canonical_url": "https://github.com/aryankeluskar/poke-video-mcp", "description": "Search your Flashback video library with natural language to instantly find relevant moments. Get\u2026", "discovery_status": "observed", "display_name": "ai-smithery-aryankeluskar-poke-video-mcp", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 1, "generated_at": "2026-06-07T19:20:29.201935+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-smithery-aryankeluskar-poke-video-mcp", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/aryankeluskar-poke-video-mcp", "repo_url": "https://github.com/aryankeluskar/poke-video-mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-aryankeluskar-poke-video-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-aryankeluskar-poke-video-mcp", "tools": [ "create_server", "get_setup_instructions", "query_videos", "search_videos_prompt" ], "tools_count": 4, "top_findings": [ "Detected capability: network_egress \u2014 src/video_query_server/server.py:40" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-aryankeluskar-poke-video-mcp.html", "url": "https://github.com/aryankeluskar/poke-video-mcp", "verdict_label": "Sandbox/Test OK", "version": "1.14.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-badroobot-my-test-mcp", "mcp:ai-smithery-badroobot-my-test-mcp", "mcp-ai-smithery-badroobot-my-test-mcp", "https://github.com/BadRooBot/python_mcp", "https-github-com-badroobot-python-mcp", "BadRooBot/python_mcp", "https://github.com/badroobot/python_mcp", "badroobot/python_mcp", "badroobot-python-mcp", "python_mcp", "python-mcp" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:badroobot/python_mcp", "canonical_url": "https://github.com/badroobot/python_mcp", "description": "Get current weather for any city and create images from your prompts. Streamline planning, reports\u2026", "discovery_status": "observed", "display_name": "ai-smithery-badroobot-my-test-mcp", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.197821+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-smithery-badroobot-my-test-mcp", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.smithery/BadRooBot-my_test_mcp", "repo_url": "https://github.com/BadRooBot/python_mcp", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-smithery-badroobot-my-test-mcp", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-badroobot-my-test-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-badroobot-my-test-mcp.html", "url": "https://github.com/BadRooBot/python_mcp", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.14.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-badroobot-test-m", "mcp-ai-smithery-badroobot-test-m", "mcp:ai-smithery-badroobot-test-m", "BadRooBot/test_m", "https://github.com/badroobot/test_m", "https://github.com/BadRooBot/test_m", "https-github-com-badroobot-test-m", "badroobot-test-m", "badroobot/test_m", "test-m", "test_m" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:badroobot/test_m", "canonical_url": "https://github.com/badroobot/test_m", "description": "Send quick greetings, scrape website content, and generate text or images on demand. Perform web s\u2026", "discovery_status": "observed", "display_name": "ai-smithery-badroobot-test-m", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 29, "generated_at": "2026-06-07T19:20:29.197896+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-smithery-badroobot-test-m", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/BadRooBot-test_m", "repo_url": "https://github.com/BadRooBot/test_m", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-badroobot-test-m", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-badroobot-test-m", "tools": [ "World", "ai_generate", "create_server", "hello", "my_tool", "scrape", "test-client" ], "tools_count": 7, "top_findings": [ "Install risk pattern: unpinned_dependency \u2014 Dockerfile:27", "Detected capability: browser_automation \u2014 Dockerfile:39", "Detected capability: network_egress \u2014 src/hello_server/server.py:445" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-badroobot-test-m.html", "url": "https://github.com/BadRooBot/test_m", "verdict_label": "Needs Oversight", "version": "1.14.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-bergeramit-bergeramit-hw3-tech", "mcp-ai-smithery-bergeramit-bergeramit-hw3-tech", "mcp:ai-smithery-bergeramit-bergeramit-hw3-tech", "https-github-com-bergeramit-bergeramit-hw3-tech", "https://github.com/bergeramit/bergeramit-hw3-tech", "bergeramit/bergeramit-hw3-tech", "bergeramit-bergeramit-hw3-tech", "bergeramit-hw3-tech" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:bergeramit/bergeramit-hw3-tech", "canonical_url": "https://github.com/bergeramit/bergeramit-hw3-tech", "description": "Add two numbers instantly and generate friendly greetings on demand. Speed up quick math and perso\u2026", "discovery_status": "observed", "display_name": "ai-smithery-bergeramit-bergeramit-hw3-tech", "ecosystem": "mcp", "evidence_score": 71, "evidence_status": "awaiting verification", "findings": 1, "generated_at": "2026-06-07T19:20:29.201974+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-smithery-bergeramit-bergeramit-hw3-tech", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.smithery/bergeramit-bergeramit-hw3-tech-1", "repo_url": "https://github.com/bergeramit/bergeramit-hw3-tech", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-smithery-bergeramit-bergeramit-hw3-tech", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-bergeramit-bergeramit-hw3-tech", "tools": [ "email_scam_detection", "get_greeting" ], "tools_count": 2, "top_findings": [ "Configuration environment variable access \u2014 main.py:50" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-bergeramit-bergeramit-hw3-tech.html", "url": "https://github.com/bergeramit/bergeramit-hw3-tech", "verdict_label": "Sandbox/Test OK", "version": "1.15.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-bhushangitfull-file-mcp-smith", "mcp-ai-smithery-bhushangitfull-file-mcp-smith", "mcp:ai-smithery-bhushangitfull-file-mcp-smith", "https://github.com/bhushangitfull/file-mcp-smith", "bhushangitfull/file-mcp-smith", "https-github-com-bhushangitfull-file-mcp-smith", "bhushangitfull-file-mcp-smith", "file-mcp-smith" ], "answer": "Source Not Verified", "bottom_line": "Meaningful risk signals. Review before team or production use.", "canonical_id": "github:bhushangitfull/file-mcp-smith", "canonical_url": "https://github.com/bhushangitfull/file-mcp-smith", "description": "Manage files and folders directly from your workspace. Read and write files, list directories, cre\u2026", "discovery_status": "observed", "display_name": "ai-smithery-bhushangitfull-file-mcp-smith", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 2, "generated_at": "2026-06-07T19:20:29.202014+00:00", "install_label": "Source Not Verified", "install_posture": "Needs Oversight", "internal_verdict": "medium_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-smithery-bhushangitfull-file-mcp-smith", "normalized_repo_url_from": "url", "posture": "needs_oversight", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.smithery/bhushangitfull-file-mcp-smith", "repo_url": "https://github.com/bhushangitfull/file-mcp-smith", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-bhushangitfull-file-mcp-smith", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-bhushangitfull-file-mcp-smith", "tools": [ "create_directory", "create_server", "delete_file", "list_directory", "read_file", "write_file" ], "tools_count": 6, "top_findings": [ "Detected capability: filesystem_write_delete \u2014 src/filesystem/server.py:74", "Detected capability: filesystem_read \u2014 src/filesystem/server.py:20" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-bhushangitfull-file-mcp-smith.html", "url": "https://github.com/bhushangitfull/file-mcp-smith", "verdict_label": "Install With Restrictions", "version": "1.16.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-bielacki-igdb-mcp-server", "mcp:ai-smithery-bielacki-igdb-mcp-server", "mcp-ai-smithery-bielacki-igdb-mcp-server", "https://github.com/bielacki/igdb-mcp-server", "https-github-com-bielacki-igdb-mcp-server", "bielacki/igdb-mcp-server", "bielacki-igdb-mcp-server", "igdb-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:bielacki/igdb-mcp-server", "canonical_url": "https://github.com/bielacki/igdb-mcp-server", "description": "Explore and discover video games from the Internet Game Database. Search titles, view detailed inf\u2026", "discovery_status": "observed", "display_name": "ai-smithery-bielacki-igdb-mcp-server", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 21, "generated_at": "2026-06-07T19:20:29.202080+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-smithery-bielacki-igdb-mcp-server", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/bielacki-igdb-mcp-server", "repo_url": "https://github.com/bielacki/igdb-mcp-server", "risk_band": "high", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-bielacki-igdb-mcp-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-bielacki-igdb-mcp-server", "tools": [ "create_server", "custom_query", "get_access_token", "get_endpoints", "get_game_details", "get_igdb_client", "get_most_anticipated_games", "get_query_syntax", "search_game", "search_games" ], "tools_count": 10, "top_findings": [ "Detected capability: environment_access \u2014 src/igdb_mcp_server/server.py:140", "References credential or secret pattern: API_KEY_GENERIC \u2014 src/igdb_mcp_server/server.py:23", "Detected capability: network_egress \u2014 src/igdb_mcp_server/server.py:75" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-bielacki-igdb-mcp-server.html", "url": "https://github.com/bielacki/igdb-mcp-server", "verdict_label": "Needs Oversight", "version": "1.14.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-bigvik193-reddit-ads-mcp", "mcp-ai-smithery-bigvik193-reddit-ads-mcp", "mcp:ai-smithery-bigvik193-reddit-ads-mcp", "https://github.com/bigvik193/reddit-ads-mcp", "BigVik193/reddit-ads-mcp", "https-github-com-bigvik193-reddit-ads-mcp", "https://github.com/BigVik193/reddit-ads-mcp", "bigvik193/reddit-ads-mcp", "bigvik193-reddit-ads-mcp", "reddit-ads-mcp" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:bigvik193/reddit-ads-mcp", "canonical_url": "https://github.com/bigvik193/reddit-ads-mcp", "description": "Manage Reddit advertising end-to-end: browse ad accounts and payment methods, and organize campaig\u2026", "discovery_status": "observed", "display_name": "ai-smithery-bigvik193-reddit-ads-mcp", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 155, "generated_at": "2026-06-07T19:20:29.198071+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-smithery-bigvik193-reddit-ads-mcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/BigVik193-reddit-ads-mcp-test", "repo_url": "https://github.com/BigVik193/reddit-ads-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-bigvik193-reddit-ads-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-bigvik193-reddit-ads-mcp", "tools": [ "createAd", "createAdGroup", "createCampaign", "createPost", "generateImage", "getAdAccounts", "getAdGroups", "getAds", "getCampaigns", "getFundingInstruments", "getPost", "getPosts", "getProfiles" ], "tools_count": 13, "top_findings": [ "Detected capability: environment_access \u2014 src/index.ts:162", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11", "References credential or secret pattern: API_KEY_GENERIC \u2014 smithery.yaml:7" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-bigvik193-reddit-ads-mcp.html", "url": "https://github.com/BigVik193/reddit-ads-mcp", "verdict_label": "Needs Oversight", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-bigvik193-reddit-ads-mcp-api", "mcp:ai-smithery-bigvik193-reddit-ads-mcp-api", "mcp-ai-smithery-bigvik193-reddit-ads-mcp-api", "https://github.com/BigVik193/reddit-ads-mcp-api", "BigVik193/reddit-ads-mcp-api", "https-github-com-bigvik193-reddit-ads-mcp-api", "https://github.com/bigvik193/reddit-ads-mcp-api", "bigvik193/reddit-ads-mcp-api", "bigvik193-reddit-ads-mcp-api", "reddit-ads-mcp-api" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:bigvik193/reddit-ads-mcp-api", "canonical_url": "https://github.com/bigvik193/reddit-ads-mcp-api", "description": "Manage Reddit advertising end to end across accounts, funding methods, campaigns, ad groups, and a\u2026", "discovery_status": "observed", "display_name": "ai-smithery-bigvik193-reddit-ads-mcp-api", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 138, "generated_at": "2026-06-07T19:20:29.198244+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-smithery-bigvik193-reddit-ads-mcp-api", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/BigVik193-reddit-ads-mcp-api", "repo_url": "https://github.com/BigVik193/reddit-ads-mcp-api", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-bigvik193-reddit-ads-mcp-api", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-bigvik193-reddit-ads-mcp-api", "tools": [ "createAd", "createAdGroup", "createCampaign", "createPost", "generateImage", "getAdAccounts", "getAdGroups", "getAds", "getCampaigns", "getFundingInstruments", "getProfiles" ], "tools_count": 11, "top_findings": [ "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11", "References credential or secret pattern: API_KEY_GENERIC \u2014 smithery.yaml:7", "Detected capability: network_egress \u2014 src/index.ts:16" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-bigvik193-reddit-ads-mcp-api.html", "url": "https://github.com/BigVik193/reddit-ads-mcp-api", "verdict_label": "Needs Oversight", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-bigvik193-reddit-user-mcp", "mcp-ai-smithery-bigvik193-reddit-user-mcp", "mcp:ai-smithery-bigvik193-reddit-user-mcp", "https://github.com/BigVik193/reddit-user-mcp", "https-github-com-bigvik193-reddit-user-mcp", "https://github.com/bigvik193/reddit-user-mcp", "BigVik193/reddit-user-mcp", "bigvik193-reddit-user-mcp", "bigvik193/reddit-user-mcp", "reddit-user-mcp" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:bigvik193/reddit-user-mcp", "canonical_url": "https://github.com/bigvik193/reddit-user-mcp", "description": "Browse and manage Reddit posts, comments, and threads. Fetch user activity, explore hot/new/rising\u2026", "discovery_status": "observed", "display_name": "ai-smithery-bigvik193-reddit-user-mcp", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 143, "generated_at": "2026-06-07T19:20:29.198417+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-smithery-bigvik193-reddit-user-mcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/BigVik193-reddit-user-mcp", "repo_url": "https://github.com/BigVik193/reddit-user-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-bigvik193-reddit-user-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-bigvik193-reddit-user-mcp", "tools": [ "get_hot_posts", "get_new_posts", "get_post_comments", "get_rising_posts", "get_user_comments", "get_user_posts", "hide_comment", "post_comment", "reply_to_comment" ], "tools_count": 9, "top_findings": [ "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11", "References credential or secret pattern: API_KEY_GENERIC \u2014 smithery.yaml:3", "Detected capability: network_egress \u2014 src/index.ts:37" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-bigvik193-reddit-user-mcp.html", "url": "https://github.com/BigVik193/reddit-user-mcp", "verdict_label": "Needs Oversight", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-blacklotusdev8-test-m", "mcp:ai-smithery-blacklotusdev8-test-m", "mcp-ai-smithery-blacklotusdev8-test-m", "https-github-com-blacklotusdev8-test-m", "blacklotusdev8/test_m", "https://github.com/blacklotusdev8/test_m", "blacklotusdev8-test-m", "test-m", "test_m" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:blacklotusdev8/test_m", "canonical_url": "https://github.com/blacklotusdev8/test_m", "description": "Greet anyone by name with a friendly hello. Scrape webpages to extract content for quick reference\u2026", "discovery_status": "observed", "display_name": "ai-smithery-blacklotusdev8-test-m", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 29, "generated_at": "2026-06-07T19:20:29.202149+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-smithery-blacklotusdev8-test-m", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/blacklotusdev8-test_m", "repo_url": "https://github.com/blacklotusdev8/test_m", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-blacklotusdev8-test-m", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-blacklotusdev8-test-m", "tools": [ "World", "ai_generate", "create_server", "hello", "my_tool", "scrape", "test-client" ], "tools_count": 7, "top_findings": [ "Install risk pattern: unpinned_dependency \u2014 Dockerfile:27", "Detected capability: browser_automation \u2014 Dockerfile:39", "Detected capability: network_egress \u2014 src/hello_server/server.py:445" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-blacklotusdev8-test-m.html", "url": "https://github.com/blacklotusdev8/test_m", "verdict_label": "Needs Oversight", "version": "1.14.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-blbl147-xhs-mcp", "mcp:ai-smithery-blbl147-xhs-mcp", "mcp-ai-smithery-blbl147-xhs-mcp", "https-github-com-blbl147-xhs-mcp", "blbl147/xhs-mcp", "https://github.com/blbl147/xhs-mcp", "blbl147-xhs-mcp", "xhs-mcp" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:blbl147/xhs-mcp", "canonical_url": "https://github.com/blbl147/xhs-mcp", "description": "\u641c\u7d22\u7b14\u8bb0\u3001\u6d4f\u89c8\u9996\u9875\u63a8\u8350\u3001\u67e5\u770b\u7b14\u8bb0\u5185\u5bb9\u4e0e\u8bc4\u8bba\uff0c\u5e76\u53d1\u8868\u4f60\u7684\u8bc4\u8bba\u3002\u76f4\u63a5\u5728\u5de5\u4f5c\u6d41\u4e2d\u4e0e\u5c0f\u7ea2\u4e66\u5185\u5bb9\u4e92\u52a8\uff0c\u9ad8\u6548\u8ddf\u8fdb\u8bdd\u9898\u3002", "discovery_status": "observed", "display_name": "ai-smithery-blbl147-xhs-mcp", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 3, "generated_at": "2026-06-07T19:20:29.202194+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-smithery-blbl147-xhs-mcp", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/blbl147-xhs-mcp", "repo_url": "https://github.com/blbl147/xhs-mcp", "risk_band": "elevated", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-blbl147-xhs-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-blbl147-xhs-mcp", "tools": [ "check_cookie", "get_nodeid_token", "get_note_comments", "get_note_content", "home_feed", "post_comment", "search_notes" ], "tools_count": 7, "top_findings": [ "Install risk pattern: curl_pipe_shell \u2014 Dockerfile:8", "Detected capability: filesystem_read \u2014 api/xhs_api.py:83", "Configuration environment variable access \u2014 main.py:26" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-blbl147-xhs-mcp.html", "url": "https://github.com/blbl147/xhs-mcp", "verdict_label": "Review Before Install", "version": "1.6.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-blockscout-mcp-server", "mcp:ai-smithery-blockscout-mcp-server", "mcp-ai-smithery-blockscout-mcp-server", "blockscout/mcp-server", "https://github.com/blockscout/mcp-server", "https-github-com-blockscout-mcp-server", "blockscout-mcp-server", "mcp-server" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:blockscout/mcp-server", "canonical_url": "https://github.com/blockscout/mcp-server", "description": "Provide AI agents and automation tools with contextual access to blockchain data including balance\u2026", "discovery_status": "observed", "display_name": "ai-smithery-blockscout-mcp-server", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 113, "generated_at": "2026-06-07T19:20:29.202331+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [], "name": "ai-smithery-blockscout-mcp-server", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/blockscout-mcp-server", "repo_url": "https://github.com/blockscout/mcp-server", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-blockscout-mcp-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-blockscout-mcp-server", "tools": [ "Blockscout", "TestContract", "__unlock_blockchain_analysis__", "blockscout-mcp", "create_tool_annotations", "direct_api_call", "echo_resolved_key", "get_address_by_ens_name", "get_address_by_ens_name_rest", "get_address_info", "get_address_info_rest", "get_address_logs_rest", "get_block_info", "get_block_info_rest", "get_block_number", "get_block_number_rest", "get_chains_list", "get_chains_list_rest", "get_contract_abi", "get_contract_abi_rest", "get_instructions_rest", "get_latest_block_rest", "get_token_transfers_by_address", "get_token_transfers_by_address_rest", "get_tokens_by_address", "get_tokens_by_address_rest", "get_transaction_info", "get_transaction_info_rest", "get_transaction_logs_rest", "get_transactions_by_address", "get_transactions_by_address_rest", "inspect_contract_code", "list_resources_rest", "list_tools_rest", "lookup_token_by_symbol", "nft_tokens_by_address", "nft_tokens_by_address_rest", "read_contract", "read_contract_rest", "tool" ], "tools_count": 40, "top_findings": [ "Install risk pattern: curl_pipe_shell \u2014 .devcontainer/devcontainer.json:10", "Detected capability: docker_privilege \u2014 .gemini/gemini.sh:20", "Detected capability: shell_execution \u2014 hatch_build.py:64" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-blockscout-mcp-server.html", "url": "https://github.com/blockscout/mcp-server", "verdict_label": "Review Before Install", "version": "1.13.1", "visible_controls": [] }, { "aliases": [ "ai-smithery-bowenxu0126-aistudio-hw3", "mcp:ai-smithery-bowenxu0126-aistudio-hw3", "mcp-ai-smithery-bowenxu0126-aistudio-hw3", "https-github-com-bowenxu0126-aistudio-hw3", "BowenXU0126/aistudio_hw3", "https://github.com/BowenXU0126/aistudio_hw3", "https://github.com/bowenxu0126/aistudio_hw3", "bowenxu0126-aistudio-hw3", "bowenxu0126/aistudio_hw3", "aistudio_hw3", "aistudio-hw3" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:bowenxu0126/aistudio_hw3", "canonical_url": "https://github.com/bowenxu0126/aistudio_hw3", "description": "Send personalized greetings with optional pirate flair. Compose friendly salutations for any name\u2026", "discovery_status": "observed", "display_name": "ai-smithery-bowenxu0126-aistudio-hw3", "ecosystem": "mcp", "evidence_score": 71, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.198475+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-smithery-bowenxu0126-aistudio-hw3", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.smithery/BowenXU0126-aistudio_hw3", "repo_url": "https://github.com/BowenXU0126/aistudio_hw3", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-smithery-bowenxu0126-aistudio-hw3", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-bowenxu0126-aistudio-hw3", "tools": [ "World", "create_project", "create_server", "create_task", "delete_task", "get_project_status", "get_task_details", "get_time_analytics", "hello", "list_tasks", "log_time", "my_tool", "start_timer", "stop_timer", "test-client", "update_task" ], "tools_count": 16, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-bowenxu0126-aistudio-hw3.html", "url": "https://github.com/BowenXU0126/aistudio_hw3", "verdict_label": "Sandbox/Test OK", "version": "1.16.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-brave", "mcp:ai-smithery-brave", "mcp-ai-smithery-brave", "brave/brave-search-mcp-server", "https://github.com/brave/brave-search-mcp-server", "https-github-com-brave-brave-search-mcp-server", "brave-brave-search-mcp-server", "brave-search-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:brave/brave-search-mcp-server", "canonical_url": "https://github.com/brave/brave-search-mcp-server", "description": "Visit https://brave.com/search/api/ for a free API key. Search the web, local businesses, images,\u2026", "discovery_status": "observed", "display_name": "ai-smithery-brave", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 92, "generated_at": "2026-06-07T19:20:29.202460+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "tool_names_extracted" ], "name": "ai-smithery-brave", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/brave", "repo_url": "https://github.com/brave/brave-search-mcp-server", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-brave", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-brave", "tools": [], "tools_count": 0, "top_findings": [ "Detected capability: environment_access \u2014 src/config.ts:33", "References credential or secret pattern: API_KEY_GENERIC \u2014 marketplace-revision-release.json:20", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-brave.html", "url": "https://github.com/brave/brave-search-mcp-server", "verdict_label": "Needs Oversight", "version": "2.0.58", "visible_controls": [] }, { "aliases": [ "ai-smithery-callmybot-cookbook-mcp-server", "mcp:ai-smithery-callmybot-cookbook-mcp-server", "mcp-ai-smithery-callmybot-cookbook-mcp-server", "https-github-com-callmybot-cookbook-mcp-server", "callmybot/cookbook-mcp-server", "https://github.com/callmybot/cookbook-mcp-server", "callmybot-cookbook-mcp-server", "cookbook-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:callmybot/cookbook-mcp-server", "canonical_url": "https://github.com/callmybot/cookbook-mcp-server", "description": "Count occurrences of any character in your text instantly. Specify the character and get precise c\u2026", "discovery_status": "observed", "display_name": "ai-smithery-callmybot-cookbook-mcp-server", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 72, "generated_at": "2026-06-07T19:20:29.202690+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-smithery-callmybot-cookbook-mcp-server", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/callmybot-cookbook-mcp-server", "repo_url": "https://github.com/callmybot/cookbook-mcp-server", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "sensitive_context", "score": null, "score_adjusted": false, "slug": "ai-smithery-callmybot-cookbook-mcp-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-callmybot-cookbook-mcp-server", "tools": [ "count_characters" ], "tools_count": 1, "top_findings": [ "Detected capability: environment_access \u2014 src/index.ts:104", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11", "Install risk pattern: npm_lifecycle_script \u2014 package.json:14" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-callmybot-cookbook-mcp-server.html", "url": "https://github.com/callmybot/cookbook-mcp-server", "verdict_label": "Needs Oversight", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-callmybot-domoticz", "mcp-ai-smithery-callmybot-domoticz", "mcp:ai-smithery-callmybot-domoticz", "https://github.com/callmybot/domoticz", "https-github-com-callmybot-domoticz", "callmybot/domoticz", "callmybot-domoticz", "domoticz" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:callmybot/domoticz", "canonical_url": "https://github.com/callmybot/domoticz", "description": "Greet anyone by name with a friendly hello. Explore the origin of 'Hello, World' for context in de\u2026", "discovery_status": "observed", "display_name": "ai-smithery-callmybot-domoticz", "ecosystem": "mcp", "evidence_score": 71, "evidence_status": "awaiting verification", "findings": 108, "generated_at": "2026-06-07T19:20:29.202821+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-smithery-callmybot-domoticz", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/callmybot-domoticz", "repo_url": "https://github.com/callmybot/domoticz", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-callmybot-domoticz", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-callmybot-domoticz", "tools": [ "World", "hello", "my-tool", "test-client", "your-project-name" ], "tools_count": 5, "top_findings": [ "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11", "Install/config context pattern: network_egress \u2014 package-lock.json:1223" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-callmybot-domoticz.html", "url": "https://github.com/callmybot/domoticz", "verdict_label": "Needs Oversight", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-callmybot-hello-mcp-server", "mcp-ai-smithery-callmybot-hello-mcp-server", "mcp:ai-smithery-callmybot-hello-mcp-server", "callmybot/hello-mcp-server", "https-github-com-callmybot-hello-mcp-server", "https://github.com/callmybot/hello-mcp-server", "callmybot-hello-mcp-server", "hello-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:callmybot/hello-mcp-server", "canonical_url": "https://github.com/callmybot/hello-mcp-server", "description": "Generate quick, friendly greetings by name. Personalize salutations for any context. Explore the o\u2026", "discovery_status": "observed", "display_name": "ai-smithery-callmybot-hello-mcp-server", "ecosystem": "mcp", "evidence_score": 71, "evidence_status": "awaiting verification", "findings": 108, "generated_at": "2026-06-07T19:20:29.202956+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-smithery-callmybot-hello-mcp-server", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/callmybot-hello-mcp-server", "repo_url": "https://github.com/callmybot/hello-mcp-server", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-callmybot-hello-mcp-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-callmybot-hello-mcp-server", "tools": [ "World", "hello", "my-tool", "test-client", "your-project-name" ], "tools_count": 5, "top_findings": [ "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11", "Install/config context pattern: network_egress \u2014 package-lock.json:1223" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-callmybot-hello-mcp-server.html", "url": "https://github.com/callmybot/hello-mcp-server", "verdict_label": "Needs Oversight", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-cc25a-openai-api-agent-project123123123", "mcp-ai-smithery-cc25a-openai-api-agent-project123123123", "mcp:ai-smithery-cc25a-openai-api-agent-project123123123", "https-github-com-cc25a-openai-api-agent-project", "https://github.com/cc25a/openai-api-agent-project", "cc25a/openai-api-agent-project", "cc25a-openai-api-agent-project", "openai-api-agent-project" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:cc25a/openai-api-agent-project", "canonical_url": "https://github.com/cc25a/openai-api-agent-project", "description": "Look up the latest stock prices by ticker symbol across global markets. Get current price and esse\u2026", "discovery_status": "observed", "display_name": "ai-smithery-cc25a-openai-api-agent-project123123123", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 25, "generated_at": "2026-06-07T19:20:29.203041+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [], "name": "ai-smithery-cc25a-openai-api-agent-project123123123", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/cc25a-openai-api-agent-project123123123", "repo_url": "https://github.com/cc25a/openai-api-agent-project", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-cc25a-openai-api-agent-project123123123", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-cc25a-openai-api-agent-project123123123", "tools": [ "login_page", "login_submit", "logout", "mcp_get_handler" ], "tools_count": 4, "top_findings": [ "Install risk pattern: curl_pipe_shell \u2014 .devcontainer/devcontainer.json:3", "Detected capability: environment_access \u2014 main.py:62", "References credential or secret pattern: OPENAI_API_KEY \u2014 main.py:76" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-cc25a-openai-api-agent-project123123123.html", "url": "https://github.com/cc25a/openai-api-agent-project", "verdict_label": "Review Before Install", "version": "1.14.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-chir24-unreal-mcp", "mcp:ai-smithery-chir24-unreal-mcp", "mcp-ai-smithery-chir24-unreal-mcp", "https-github-com-chir24-unreal-mcp", "https://github.com/chir24/unreal_mcp", "https://github.com/ChiR24/Unreal_mcp", "ChiR24/Unreal_mcp", "chir24-unreal-mcp", "chir24/unreal_mcp", "unreal-mcp", "unreal_mcp" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:chir24/unreal_mcp", "canonical_url": "https://github.com/chir24/unreal_mcp", "description": "A comprehensive Model Context Protocol (MCP) server that enables AI assistants to control Unreal E\u2026", "discovery_status": "observed", "display_name": "ai-smithery-chir24-unreal-mcp", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 238, "generated_at": "2026-06-07T19:20:29.198698+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [ "tool_names_extracted" ], "name": "ai-smithery-chir24-unreal-mcp", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/ChiR24-unreal_mcp_server", "repo_url": "https://github.com/ChiR24/Unreal_mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-chir24-unreal-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-chir24-unreal-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Detected capability: shell_execution \u2014 package.json:32", "Detected capability: filesystem_write_delete \u2014 scripts/clean-tmp.js:42", "Detected capability: environment_access \u2014 src/automation/bridge.ts:242" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-chir24-unreal-mcp.html", "url": "https://github.com/ChiR24/Unreal_mcp", "verdict_label": "Review Before Install", "version": "0.4.4", "visible_controls": [] }, { "aliases": [ "ai-smithery-cindyloo-dropbox-mcp-server", "mcp:ai-smithery-cindyloo-dropbox-mcp-server", "mcp-ai-smithery-cindyloo-dropbox-mcp-server", "cindyloo/dropbox-mcp-server", "https://github.com/cindyloo/dropbox-mcp-server", "https-github-com-cindyloo-dropbox-mcp-server", "cindyloo-dropbox-mcp-server", "dropbox-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:cindyloo/dropbox-mcp-server", "canonical_url": "https://github.com/cindyloo/dropbox-mcp-server", "description": "Search, browse, and read your Dropbox files. Find documents by name or content, list folders, and\u2026", "discovery_status": "observed", "display_name": "ai-smithery-cindyloo-dropbox-mcp-server", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 19, "generated_at": "2026-06-07T19:20:29.203104+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-smithery-cindyloo-dropbox-mcp-server", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/cindyloo-dropbox-mcp-server", "repo_url": "https://github.com/cindyloo/dropbox-mcp-server", "risk_band": "high", "risk_model": "capability_minus_visible_controls", "risk_type": "sensitive_context", "score": null, "score_adjusted": false, "slug": "ai-smithery-cindyloo-dropbox-mcp-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-cindyloo-dropbox-mcp-server", "tools": [ "get_file_content", "get_file_info", "list_files", "read_file", "search_file_content", "search_files" ], "tools_count": 6, "top_findings": [ "Detected capability: environment_access \u2014 dockerfile.py:65", "Install risk pattern: unpinned_dependency \u2014 Dockerfile:9", "References credential or secret pattern: API_KEY_GENERIC \u2014 dockerfile.py:65" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-cindyloo-dropbox-mcp-server.html", "url": "https://github.com/cindyloo/dropbox-mcp-server", "verdict_label": "Needs Oversight", "version": "1.15.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-clpi-clp-mcp", "mcp:ai-smithery-clpi-clp-mcp", "mcp-ai-smithery-clpi-clp-mcp", "https-github-com-clpi-clp-mcp", "clpi/clp-mcp", "https://github.com/clpi/clp-mcp", "clpi-clp-mcp", "clp-mcp" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:clpi/clp-mcp", "canonical_url": "https://github.com/clpi/clp-mcp", "description": "Manage simple context workflows with quick init and add actions. Access the 'Hello, World' origin\u2026", "discovery_status": "observed", "display_name": "ai-smithery-clpi-clp-mcp", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.203114+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-smithery-clpi-clp-mcp", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.smithery/clpi-clp-mcp", "repo_url": "https://github.com/clpi/clp-mcp", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-smithery-clpi-clp-mcp", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-clpi-clp-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-clpi-clp-mcp.html", "url": "https://github.com/clpi/clp-mcp", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "0.0.1", "visible_controls": [] }, { "aliases": [ "ai-smithery-cristianoaredes-mcp-dadosbr", "mcp:ai-smithery-cristianoaredes-mcp-dadosbr", "mcp-ai-smithery-cristianoaredes-mcp-dadosbr", "https-github-com-cristianoaredes-mcp-dadosbr", "https://github.com/cristianoaredes/mcp-dadosbr", "cristianoaredes/mcp-dadosbr", "cristianoaredes-mcp-dadosbr", "mcp-dadosbr" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:cristianoaredes/mcp-dadosbr", "canonical_url": "https://github.com/cristianoaredes/mcp-dadosbr", "description": "# MCP DadosBR Servidor MCP focado em dados p\u00fablicos do Brasil. Oferece duas ferramentas simples e\u2026", "discovery_status": "observed", "display_name": "ai-smithery-cristianoaredes-mcp-dadosbr", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 300, "generated_at": "2026-06-07T19:20:29.203386+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "dangerous_capabilities_observable" ], "name": "ai-smithery-cristianoaredes-mcp-dadosbr", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/cristianoaredes-mcp-dadosbr", "repo_url": "https://github.com/cristianoaredes/mcp-dadosbr", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-cristianoaredes-mcp-dadosbr", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-cristianoaredes-mcp-dadosbr", "tools": [ "cep_lookup", "cnpj_lookup", "dadosbr" ], "tools_count": 3, "top_findings": [ "Detected capability: database_access \u2014 package-lock.json:2442", "Detected capability: wallet_payment \u2014 package-lock.json:4951", "References credential or secret pattern: API_KEY_GENERIC \u2014 .env.example:5" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-cristianoaredes-mcp-dadosbr.html", "url": "https://github.com/cristianoaredes/mcp-dadosbr", "verdict_label": "Needs Oversight", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-cryptocultcurt-appfolio-mcp-server", "mcp-ai-smithery-cryptocultcurt-appfolio-mcp-server", "mcp:ai-smithery-cryptocultcurt-appfolio-mcp-server", "https://github.com/CryptoCultCurt/appfolio-mcp-server", "CryptoCultCurt/appfolio-mcp-server", "https-github-com-cryptocultcurt-appfolio-mcp-server", "https://github.com/cryptocultcurt/appfolio-mcp-server", "cryptocultcurt/appfolio-mcp-server", "cryptocultcurt-appfolio-mcp-server", "appfolio-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:cryptocultcurt/appfolio-mcp-server", "canonical_url": "https://github.com/cryptocultcurt/appfolio-mcp-server", "description": "Provide seamless access to Appfolio Property Manager Reporting API through a standardized MCP serv\u2026", "discovery_status": "observed", "display_name": "ai-smithery-cryptocultcurt-appfolio-mcp-server", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 31, "generated_at": "2026-06-07T19:20:29.198806+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-smithery-cryptocultcurt-appfolio-mcp-server", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/CryptoCultCurt-appfolio-mcp-server", "repo_url": "https://github.com/CryptoCultCurt/appfolio-mcp-server", "risk_band": "high", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-cryptocultcurt-appfolio-mcp-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-cryptocultcurt-appfolio-mcp-server", "tools": [ "get_account_totals_report", "get_aged_payables_summary_report", "get_aged_receivables_detail_report", "get_annual_budget_comparative_report", "get_annual_budget_forecast_report", "get_balance_sheet_report", "get_budget_comparative_report", "get_cancelled_workflows_report", "get_cashflow_12_month_report", "get_cashflow_report", "get_chart_of_accounts_report", "get_completed_workflows_report", "get_delinquency_as_of_report", "get_expense_distribution_report", "get_fixed_assets_report", "get_guest_card_inquiries_report", "get_in_progress_workflows_report", "get_income_statement_12_month_report", "get_income_statement_date_range_report", "get_lease_expiration_detail_by_month_report", "get_leasing_funnel_performance_report", "get_leasing_summary_report", "get_loans_report", "get_occupancy_summary_report", "get_owner_directory_report", "get_owner_leasing_report", "get_property_directory_report", "get_property_group_directory_report", "get_property_performance_report", "get_property_source_tracking_report", "get_receivables_activity_report", "get_renewal_summary_report", "get_rent_roll_itemized_report", "get_rental_applications_report", "get_resident_financial_activity_report", "get_screening_assessment_report", "get_security_deposit_funds_detail_report", "get_tenant_directory_report", "get_tenant_ledger_report", "get_trial_balance_by_property_report", "get_unit_directory_report", "get_unit_inspection_report", "get_unit_vacancy_detail_report", "get_vendor_directory_report", "get_vendor_ledger_report", "get_work_order_labor_summary_report", "get_work_order_report" ], "tools_count": 47, "top_findings": [ "Detected capability: environment_access \u2014 src/appfolio.ts:63", "Install risk pattern: unpinned_dependency \u2014 package.json:41", "Detected capability: network_egress \u2014 src/appfolio.ts:73" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-cryptocultcurt-appfolio-mcp-server.html", "url": "https://github.com/CryptoCultCurt/appfolio-mcp-server", "verdict_label": "Needs Oversight", "version": "1.0.1", "visible_controls": [] }, { "aliases": [ "ai-smithery-ctaylor86-mcp-video-download-server", "mcp-ai-smithery-ctaylor86-mcp-video-download-server", "mcp:ai-smithery-ctaylor86-mcp-video-download-server", "https-github-com-ctaylor86-mcp-video-download-server", "https://github.com/ctaylor86/mcp-video-download-server", "ctaylor86/mcp-video-download-server", "ctaylor86-mcp-video-download-server", "mcp-video-download-server" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:ctaylor86/mcp-video-download-server", "canonical_url": "https://github.com/ctaylor86/mcp-video-download-server", "description": "Connect your video workflows to cloud storage. Organize and access video assets across projects wi\u2026", "discovery_status": "observed", "display_name": "ai-smithery-ctaylor86-mcp-video-download-server", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 20, "generated_at": "2026-06-07T19:20:29.203482+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-smithery-ctaylor86-mcp-video-download-server", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/ctaylor86-mcp-video-download-server", "repo_url": "https://github.com/ctaylor86/mcp-video-download-server", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-ctaylor86-mcp-video-download-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-ctaylor86-mcp-video-download-server", "tools": [ "download_audio_to_cloud", "download_video_to_cloud", "get_video_metadata", "system_diagnostics", "test_connection" ], "tools_count": 5, "top_findings": [ "Detected capability: shell_execution \u2014 src/downloader.ts:1", "Detected capability: filesystem_write_delete \u2014 src/downloader.ts:159", "Install risk pattern: unpinned_dependency \u2014 package.json:38" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-ctaylor86-mcp-video-download-server.html", "url": "https://github.com/ctaylor86/mcp-video-download-server", "verdict_label": "Review Before Install", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-cuongpo-coti-mcp", "mcp:ai-smithery-cuongpo-coti-mcp", "mcp-ai-smithery-cuongpo-coti-mcp", "cuongpo/coti-mcp", "https://github.com/cuongpo/coti-mcp", "https-github-com-cuongpo-coti-mcp", "cuongpo-coti-mcp", "coti-mcp" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:cuongpo/coti-mcp", "canonical_url": "https://github.com/cuongpo/coti-mcp", "description": "Manage COTI accounts, deploy private ERC20 and ERC721 contracts, and transfer tokens and NFTs with\u2026", "discovery_status": "observed", "display_name": "ai-smithery-cuongpo-coti-mcp", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 298, "generated_at": "2026-06-07T19:20:29.203772+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-smithery-cuongpo-coti-mcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/cuongpo-coti-mcp-1", "repo_url": "https://github.com/cuongpo/coti-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-cuongpo-coti-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-cuongpo-coti-mcp", "tools": [ "approve_erc20_spender", "approve_private_erc721", "call_contract_function", "change_default_account", "create_account", "decode_event_data", "decrypt_value", "deploy_private_erc20_contract", "deploy_private_erc721_contract", "encrypt_value", "export_accounts", "generate_aes_key", "get_current_network", "get_native_balance", "get_private_erc20_allowance", "get_private_erc20_balance", "get_private_erc20_decimals", "get_private_erc20_total_supply", "get_private_erc721_approved", "get_private_erc721_balance", "get_private_erc721_is_approved_for_all", "get_private_erc721_token_owner", "get_private_erc721_token_uri", "get_private_erc721_total_supply", "get_transaction_logs", "get_transaction_status", "import_accounts", "list_accounts", "mint_private_erc20_token", "mint_private_erc721_token", "set_private_erc721_approval_for_all", "sign_message", "switch_network", "transfer_native", "transfer_private_erc20", "transfer_private_erc721", "verify_signature" ], "tools_count": 37, "top_findings": [ "Detected capability: wallet_payment \u2014 index.ts:61", "Detected capability: environment_access \u2014 index.ts:71", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-cuongpo-coti-mcp.html", "url": "https://github.com/cuongpo/coti-mcp", "verdict_label": "Needs Oversight", "version": "0.2.1", "visible_controls": [] }, { "aliases": [ "ai-smithery-danushkumar-v-mcp-discord", "mcp:ai-smithery-danushkumar-v-mcp-discord", "mcp-ai-smithery-danushkumar-v-mcp-discord", "https-github-com-danushkumar-v-mcp-discord", "https://github.com/danushkumar-v/mcp-discord", "Danushkumar-V/mcp-discord", "https://github.com/Danushkumar-V/mcp-discord", "danushkumar-v-mcp-discord", "danushkumar-v/mcp-discord", "mcp-discord" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:danushkumar-v/mcp-discord", "canonical_url": "https://github.com/danushkumar-v/mcp-discord", "description": "An MCP server that integrates with Discord to provide AI-powered features.", "discovery_status": "observed", "display_name": "ai-smithery-danushkumar-v-mcp-discord", "ecosystem": "mcp", "evidence_score": 71, "evidence_status": "awaiting verification", "findings": 84, "generated_at": "2026-06-07T19:20:29.198917+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "tool_names_extracted", "env_or_credential_examples_visible" ], "name": "ai-smithery-danushkumar-v-mcp-discord", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/Danushkumar-V-mcp-discord", "repo_url": "https://github.com/Danushkumar-V/mcp-discord", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-danushkumar-v-mcp-discord", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-danushkumar-v-mcp-discord", "tools": [], "tools_count": 0, "top_findings": [ "Detected capability: environment_access \u2014 src/index.ts:31", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11", "Detected capability: network_egress \u2014 src/tools/channel.ts:28" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-danushkumar-v-mcp-discord.html", "url": "https://github.com/Danushkumar-V/mcp-discord", "verdict_label": "Needs Oversight", "version": "1.2.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-demomagic-duckchain-mcp", "mcp-ai-smithery-demomagic-duckchain-mcp", "mcp:ai-smithery-demomagic-duckchain-mcp", "https://github.com/demomagic/duckchain-mcp", "demomagic/duckchain-mcp", "https-github-com-demomagic-duckchain-mcp", "demomagic-duckchain-mcp", "duckchain-mcp" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:demomagic/duckchain-mcp", "canonical_url": "https://github.com/demomagic/duckchain-mcp", "description": "Explore blockchain data across addresses, tokens, blocks, and transactions. Investigate any transa\u2026", "discovery_status": "observed", "display_name": "ai-smithery-demomagic-duckchain-mcp", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 1, "generated_at": "2026-06-07T19:20:29.203871+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-smithery-demomagic-duckchain-mcp", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/demomagic-duckchain-mcp", "repo_url": "https://github.com/demomagic/duckchain-mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-demomagic-duckchain-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-demomagic-duckchain-mcp", "tools": [ "check_search_redirect", "create_server", "explore_address", "get_address", "get_address_blocks_validated", "get_address_coin_balance_history", "get_address_coin_balance_history_by_day", "get_address_counters", "get_address_details", "get_address_internal_transactions", "get_address_logs", "get_address_nft", "get_address_nft_collections", "get_address_token_balances", "get_address_token_transfers", "get_address_tokens", "get_address_transactions", "get_address_withdrawals", "get_addresses", "get_addresses_list", "get_api_client", "get_block", "get_block_details", "get_block_transactions", "get_block_withdrawals", "get_blockchain_stats", "get_blocks", "get_indexing_status", "get_internal_transactions", "get_main_page_blocks", "get_main_page_transactions", "get_market_chart", "get_smart_contract", "get_smart_contract_details", "get_smart_contracts", "get_smart_contracts_counters", "get_smart_contracts_list", "get_stats", "get_token", "get_token_counters", "get_token_details", "get_token_holders", "get_token_instance", "get_token_instance_details", "get_token_instance_holders", "get_token_instance_transfers", "get_token_instance_transfers_count", "get_token_instances", "get_token_transfers", "get_token_transfers_by_token", "get_tokens", "get_tokens_list", "get_transaction", "get_transaction_details", "get_transaction_internal_transactions", "get_transaction_logs", "get_transaction_raw_trace", "get_transaction_state_changes", "get_transaction_summary", "get_transaction_token_transfers", "get_transactions", "get_transactions_chart", "refetch_token_instance_metadata", "refetch_token_instance_metadata_tool", "research_token", "search", "search_blockchain", "search_redirect" ], "tools_count": 68, "top_findings": [ "Detected capability: network_egress \u2014 src/duckchain/server.py:24" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-demomagic-duckchain-mcp.html", "url": "https://github.com/demomagic/duckchain-mcp", "verdict_label": "Sandbox/Test OK", "version": "1.13.1", "visible_controls": [] }, { "aliases": [ "ai-smithery-devbrother2024-typescript-mcp-server-boilerplate", "mcp:ai-smithery-devbrother2024-typescript-mcp-server-boilerplate", "mcp-ai-smithery-devbrother2024-typescript-mcp-server-boilerplate", "https://github.com/devbrother2024/typescript-mcp-server-boilerplate", "https-github-com-devbrother2024-typescript-mcp-server-boilerplate", "devbrother2024/typescript-mcp-server-boilerplate", "devbrother2024-typescript-mcp-server-boilerplate", "typescript-mcp-server-boilerplate" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:devbrother2024/typescript-mcp-server-boilerplate", "canonical_url": "https://github.com/devbrother2024/typescript-mcp-server-boilerplate", "description": "Kickstart development with a customizable TypeScript template featuring sample tools for greeting,\u2026", "discovery_status": "observed", "display_name": "ai-smithery-devbrother2024-typescript-mcp-server-boilerplate", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 48, "generated_at": "2026-06-07T19:20:29.203956+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-smithery-devbrother2024-typescript-mcp-server-boilerplate", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/devbrother2024-typescript-mcp-server-boilerplate", "repo_url": "https://github.com/devbrother2024/typescript-mcp-server-boilerplate", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-devbrother2024-typescript-mcp-server-boilerplate", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-devbrother2024-typescript-mcp-server-boilerplate", "tools": [ "calculator", "generate_image", "geocode", "get_time", "get_weather", "greet", "greeting" ], "tools_count": 7, "top_findings": [ "Detected capability: environment_access \u2014 src/index.ts:128", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11", "Detected capability: network_egress \u2014 src/index.ts:198" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-devbrother2024-typescript-mcp-server-boilerplate.html", "url": "https://github.com/devbrother2024/typescript-mcp-server-boilerplate", "verdict_label": "Needs Oversight", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-docfork-mcp", "mcp:ai-smithery-docfork-mcp", "mcp-ai-smithery-docfork-mcp", "https-github-com-docfork-docfork-mcp", "https://github.com/docfork/docfork-mcp", "docfork/docfork-mcp", "docfork-docfork-mcp", "docfork-mcp" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:docfork/docfork-mcp", "canonical_url": "https://github.com/docfork/docfork-mcp", "description": "@latest documentation and code examples to 9000+ libraries for LLMs and AI code editors in a singl\u2026", "discovery_status": "observed", "display_name": "ai-smithery-docfork-mcp", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 250, "generated_at": "2026-06-07T19:20:29.204205+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [], "name": "ai-smithery-docfork-mcp", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/docfork-mcp", "repo_url": "https://github.com/docfork/docfork-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-docfork-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-docfork-mcp", "tools": [ "docfork", "fetch_doc", "search_docs" ], "tools_count": 3, "top_findings": [ "Detected capability: shell_execution \u2014 packages/dgrep/src/lib/agents.ts:5", "Detected capability: environment_access \u2014 packages/dgrep/src/bin.ts:61", "Detected capability: filesystem_write_delete \u2014 packages/dgrep/src/lib/agents.ts:1" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-docfork-mcp.html", "url": "https://github.com/docfork/docfork-mcp", "verdict_label": "Review Before Install", "version": "0.7.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-dsharipova-mcp-hw", "mcp:ai-smithery-dsharipova-mcp-hw", "mcp-ai-smithery-dsharipova-mcp-hw", "https-github-com-dsharipova-mcp-hw", "dsharipova/mcp-hw", "https://github.com/dsharipova/mcp-hw", "dsharipova-mcp-hw", "mcp-hw" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:dsharipova/mcp-hw", "canonical_url": "https://github.com/dsharipova/mcp-hw", "description": "Create personalized greetings by name in the tone you choose. Get quick suggestions for friendly i\u2026", "discovery_status": "observed", "display_name": "ai-smithery-dsharipova-mcp-hw", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 118, "generated_at": "2026-06-07T19:20:29.204391+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-smithery-dsharipova-mcp-hw", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/dsharipova-mcp-hw", "repo_url": "https://github.com/dsharipova/mcp-hw", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-dsharipova-mcp-hw", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-dsharipova-mcp-hw", "tools": [ "World", "create_server", "hello", "my_tool", "test-client" ], "tools_count": 5, "top_findings": [ "Install risk pattern: unpinned_dependency \u2014 package-lock.json:7", "References credential or secret pattern: API_KEY_GENERIC \u2014 src/hello_server/server.py:20", "Detected capability: network_egress \u2014 src/hello_server/server.py:42" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-dsharipova-mcp-hw.html", "url": "https://github.com/dsharipova/mcp-hw", "verdict_label": "Needs Oversight", "version": "1.16.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-dynamicendpoints-autogen-mcp", "mcp-ai-smithery-dynamicendpoints-autogen-mcp", "mcp:ai-smithery-dynamicendpoints-autogen-mcp", "DynamicEndpoints/Autogen_MCP", "https-github-com-dynamicendpoints-autogen-mcp", "https://github.com/DynamicEndpoints/Autogen_MCP", "https://github.com/dynamicendpoints/autogen_mcp", "dynamicendpoints-autogen-mcp", "dynamicendpoints/autogen_mcp", "autogen_mcp", "autogen-mcp" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:dynamicendpoints/autogen_mcp", "canonical_url": "https://github.com/dynamicendpoints/autogen_mcp", "description": "Create and manage AI agents that collaborate and solve problems through natural language interacti\u2026", "discovery_status": "observed", "display_name": "ai-smithery-dynamicendpoints-autogen-mcp", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.198933+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-smithery-dynamicendpoints-autogen-mcp", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.smithery/DynamicEndpoints-autogen_mcp", "repo_url": "https://github.com/DynamicEndpoints/Autogen_MCP", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-smithery-dynamicendpoints-autogen-mcp", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-dynamicendpoints-autogen-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-dynamicendpoints-autogen-mcp.html", "url": "https://github.com/DynamicEndpoints/Autogen_MCP", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "0.3.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-dynamicendpoints-m365-core-mcp", "mcp:ai-smithery-dynamicendpoints-m365-core-mcp", "mcp-ai-smithery-dynamicendpoints-m365-core-mcp", "https://github.com/DynamicEndpoints/m365-core-mcp", "https://github.com/dynamicendpoints/m365-core-mcp", "DynamicEndpoints/m365-core-mcp", "https-github-com-dynamicendpoints-m365-core-mcp", "dynamicendpoints/m365-core-mcp", "dynamicendpoints-m365-core-mcp", "m365-core-mcp" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:dynamicendpoints/m365-core-mcp", "canonical_url": "https://github.com/dynamicendpoints/m365-core-mcp", "description": "*Updated June 17th 2025** Manage your Microsoft 365 services effortlessly. Create and manage distr\u2026", "discovery_status": "observed", "display_name": "ai-smithery-dynamicendpoints-m365-core-mcp", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.198939+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-smithery-dynamicendpoints-m365-core-mcp", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.smithery/DynamicEndpoints-m365-core-mcp", "repo_url": "https://github.com/DynamicEndpoints/m365-core-mcp", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-smithery-dynamicendpoints-m365-core-mcp", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-dynamicendpoints-m365-core-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-dynamicendpoints-m365-core-mcp.html", "url": "https://github.com/DynamicEndpoints/m365-core-mcp", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.1.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-dynamicendpoints-powershell-exec-mcp-server", "mcp:ai-smithery-dynamicendpoints-powershell-exec-mcp-server", "mcp-ai-smithery-dynamicendpoints-powershell-exec-mcp-server", "https://github.com/DynamicEndpoints/PowerShell-Exec-MCP-Server", "https://github.com/dynamicendpoints/powershell-exec-mcp-server", "DynamicEndpoints/PowerShell-Exec-MCP-Server", "https-github-com-dynamicendpoints-powershell-exec-mcp-server", "dynamicendpoints-powershell-exec-mcp-server", "dynamicendpoints/powershell-exec-mcp-server", "powershell-exec-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:dynamicendpoints/powershell-exec-mcp-server", "canonical_url": "https://github.com/dynamicendpoints/powershell-exec-mcp-server", "description": "Execute PowerShell commands securely with controlled timeouts and input validation. Retrieve syste\u2026", "discovery_status": "observed", "display_name": "ai-smithery-dynamicendpoints-powershell-exec-mcp-server", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.198945+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-smithery-dynamicendpoints-powershell-exec-mcp-server", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.smithery/DynamicEndpoints-powershell-exec-mcp-server", "repo_url": "https://github.com/DynamicEndpoints/PowerShell-Exec-MCP-Server", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-smithery-dynamicendpoints-powershell-exec-mcp-server", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-dynamicendpoints-powershell-exec-mcp-server", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-dynamicendpoints-powershell-exec-mcp-server.html", "url": "https://github.com/DynamicEndpoints/PowerShell-Exec-MCP-Server", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.13.1", "visible_controls": [] }, { "aliases": [ "ai-smithery-eliu243-oura-mcp-server", "mcp-ai-smithery-eliu243-oura-mcp-server", "mcp:ai-smithery-eliu243-oura-mcp-server", "https://github.com/eliu243/oura-mcp-server", "eliu243/oura-mcp-server", "https-github-com-eliu243-oura-mcp-server", "eliu243-oura-mcp-server", "oura-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:eliu243/oura-mcp-server", "canonical_url": "https://github.com/eliu243/oura-mcp-server", "description": "Connect your Oura Ring account securely in minutes. Enable authorized access to your sleep, activi\u2026", "discovery_status": "observed", "display_name": "ai-smithery-eliu243-oura-mcp-server", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.204411+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-smithery-eliu243-oura-mcp-server", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.smithery/eliu243-oura-mcp-server-eliu", "repo_url": "https://github.com/eliu243/oura-mcp-server", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-smithery-eliu243-oura-mcp-server", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-eliu243-oura-mcp-server", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-eliu243-oura-mcp-server.html", "url": "https://github.com/eliu243/oura-mcp-server", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.16.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-exa-labs-exa-code-mcp", "mcp-ai-smithery-exa-labs-exa-code-mcp", "mcp:ai-smithery-exa-labs-exa-code-mcp", "exa-labs/exa-code-mcp", "https://github.com/exa-labs/exa-code-mcp", "https-github-com-exa-labs-exa-code-mcp", "exa-labs-exa-code-mcp", "exa-code-mcp" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:exa-labs/exa-code-mcp", "canonical_url": "https://github.com/exa-labs/exa-code-mcp", "description": "Find open-source libraries and fetch contextual code snippets by version to accelerate development\u2026", "discovery_status": "observed", "display_name": "ai-smithery-exa-labs-exa-code-mcp", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.204417+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-smithery-exa-labs-exa-code-mcp", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.smithery/exa-labs-exa-code-mcp", "repo_url": "https://github.com/exa-labs/exa-code-mcp", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-smithery-exa-labs-exa-code-mcp", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-exa-labs-exa-code-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-exa-labs-exa-code-mcp.html", "url": "https://github.com/exa-labs/exa-code-mcp", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "0.0.1", "visible_controls": [] }, { "aliases": [ "ai-smithery-faithk7-gmail-mcp", "mcp-ai-smithery-faithk7-gmail-mcp", "mcp:ai-smithery-faithk7-gmail-mcp", "https-github-com-faithk7-gmail-mcp", "faithk7/gmail-mcp", "https://github.com/faithk7/gmail-mcp", "faithk7-gmail-mcp", "gmail-mcp" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:faithk7/gmail-mcp", "canonical_url": "https://github.com/faithk7/gmail-mcp", "description": "Manage Gmail messages, threads, labels, drafts, and settings from your workflows. Send and organiz\u2026", "discovery_status": "observed", "display_name": "ai-smithery-faithk7-gmail-mcp", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 41, "generated_at": "2026-06-07T19:20:29.204515+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-smithery-faithk7-gmail-mcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/faithk7-gmail-mcp", "repo_url": "https://github.com/faithk7/gmail-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-faithk7-gmail-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-faithk7-gmail-mcp", "tools": [ "add_delegate", "batch_delete_messages", "batch_modify_messages", "create_draft", "create_filter", "create_forwarding_address", "create_label", "create_send_as", "delete_draft", "delete_filter", "delete_forwarding_address", "delete_label", "delete_message", "delete_send_as", "delete_smime_info", "delete_thread", "get_attachment", "get_auto_forwarding", "get_delegate", "get_draft", "get_filter", "get_forwarding_address", "get_imap", "get_label", "get_language", "get_message", "get_pop", "get_profile", "get_send_as", "get_smime_info", "get_thread", "get_vacation", "insert_smime_info", "list_delegates", "list_drafts", "list_filters", "list_forwarding_addresses", "list_labels", "list_messages", "list_send_as", "list_smime_info", "list_threads", "modify_message", "modify_thread", "patch_label", "patch_send_as", "remove_delegate", "send_draft", "send_message", "set_default_smime_info", "stop_mail_watch", "trash_message", "trash_thread", "untrash_message", "untrash_thread", "update_auto_forwarding", "update_draft", "update_imap", "update_label", "update_language", "update_pop", "update_send_as", "update_vacation", "verify_send_as", "watch_mailbox" ], "tools_count": 65, "top_findings": [ "Detected capability: database_access \u2014 pnpm-lock.yaml:1075", "Detected capability: environment_access \u2014 src/config.ts:12", "Detected capability: filesystem_write_delete \u2014 src/index.ts:1344" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-faithk7-gmail-mcp.html", "url": "https://github.com/faithk7/gmail-mcp", "verdict_label": "Needs Oversight", "version": "1.7.4", "visible_controls": [] }, { "aliases": [ "ai-smithery-felixyifeiwang-felix-mcp-smithery", "mcp-ai-smithery-felixyifeiwang-felix-mcp-smithery", "mcp:ai-smithery-felixyifeiwang-felix-mcp-smithery", "https-github-com-felixyifeiwang-felix-mcp-smithery", "FelixYifeiWang/felix-mcp-smithery", "https://github.com/felixyifeiwang/felix-mcp-smithery", "https://github.com/FelixYifeiWang/felix-mcp-smithery", "felixyifeiwang-felix-mcp-smithery", "felixyifeiwang/felix-mcp-smithery", "felix-mcp-smithery" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:felixyifeiwang/felix-mcp-smithery", "canonical_url": "https://github.com/felixyifeiwang/felix-mcp-smithery", "description": "Streamline your workflow with Felix. Integrate it into your workspace and tailor its behavior to y\u2026", "discovery_status": "observed", "display_name": "ai-smithery-felixyifeiwang-felix-mcp-smithery", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 74, "generated_at": "2026-06-07T19:20:29.199054+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-smithery-felixyifeiwang-felix-mcp-smithery", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/FelixYifeiWang-felix-mcp-smithery", "repo_url": "https://github.com/FelixYifeiWang/felix-mcp-smithery", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-felixyifeiwang-felix-mcp-smithery", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-felixyifeiwang-felix-mcp-smithery", "tools": [ "hello", "randomNumber", "summarize", "weather" ], "tools_count": 4, "top_findings": [ "References credential or secret pattern: OPENAI_API_KEY \u2014 .env.example:1", "Detected capability: environment_access \u2014 index.js:12", "References credential or secret pattern: API_KEY_GENERIC \u2014 .env.example:1" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-felixyifeiwang-felix-mcp-smithery.html", "url": "https://github.com/FelixYifeiWang/felix-mcp-smithery", "verdict_label": "Needs Oversight", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-fengyinxia-jimeng-mcp", "mcp-ai-smithery-fengyinxia-jimeng-mcp", "mcp:ai-smithery-fengyinxia-jimeng-mcp", "fengyinxia/jimeng-mcp", "https://github.com/fengyinxia/jimeng-mcp", "https-github-com-fengyinxia-jimeng-mcp", "fengyinxia-jimeng-mcp", "jimeng-mcp" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:fengyinxia/jimeng-mcp", "canonical_url": "https://github.com/fengyinxia/jimeng-mcp", "description": "Create images and videos from prompts, with options for image mixing, reference images, and start/\u2026", "discovery_status": "observed", "display_name": "ai-smithery-fengyinxia-jimeng-mcp", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.204527+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-smithery-fengyinxia-jimeng-mcp", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.smithery/fengyinxia-jimeng-mcp", "repo_url": "https://github.com/fengyinxia/jimeng-mcp", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-smithery-fengyinxia-jimeng-mcp", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-fengyinxia-jimeng-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-fengyinxia-jimeng-mcp.html", "url": "https://github.com/fengyinxia/jimeng-mcp", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-flight505-mcp-dincoder", "mcp-ai-smithery-flight505-mcp-dincoder", "mcp:ai-smithery-flight505-mcp-dincoder", "https://github.com/flight505/mcp_dincoder", "flight505/MCP_DinCoder", "https://github.com/flight505/MCP_DinCoder", "https-github-com-flight505-mcp-dincoder", "flight505-mcp-dincoder", "flight505/mcp_dincoder", "mcp_dincoder", "mcp-dincoder" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:flight505/mcp_dincoder", "canonical_url": "https://github.com/flight505/mcp_dincoder", "description": "Driven Intent Negotiation \u2014 Contract-Oriented Deterministic Executable Runtime DinCoder brings the\u2026", "discovery_status": "observed", "display_name": "ai-smithery-flight505-mcp-dincoder", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 300, "generated_at": "2026-06-07T19:20:29.204807+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [], "name": "ai-smithery-flight505-mcp-dincoder", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/flight505-mcp_dincoder", "repo_url": "https://github.com/flight505/MCP_DinCoder", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-flight505-mcp-dincoder", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-flight505-mcp-dincoder", "tools": [ "artifacts_analyze", "artifacts_read", "clarify_add", "clarify_list", "clarify_resolve", "constitution_create", "contracts_generate", "example_tool", "git_create_branch", "metrics_export", "metrics_report", "plan_create", "prereqs_check", "quality_deps_update", "quality_format", "quality_license_check", "quality_lint", "quality_security_audit", "quality_test", "research_append", "spec_lint", "spec_refine", "spec_validate", "specify_describe", "specify_start", "tasks_filter", "tasks_generate", "tasks_search", "tasks_stats", "tasks_tick", "tasks_tick_range", "tasks_visualize", "templates_customize", "templates_list", "test_echo", "your-mcp-server" ], "tools_count": 36, "top_findings": [ "Detected capability: shell_execution \u2014 scripts/run-prompt-test.ts:20", "Detected capability: filesystem_write_delete \u2014 scripts/run-prompt-test.ts:46", "Detected capability: environment_access \u2014 src/index.ts:43" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-flight505-mcp-dincoder.html", "url": "https://github.com/flight505/MCP_DinCoder", "verdict_label": "Review Before Install", "version": "0.1.15", "visible_controls": [] }, { "aliases": [ "ai-smithery-harjap-singh-3105-splitwise-mcp", "mcp-ai-smithery-harjap-singh-3105-splitwise-mcp", "mcp:ai-smithery-harjap-singh-3105-splitwise-mcp", "https://github.com/harjap-singh-3105/splitwise_mcp", "HARJAP-SINGH-3105/Splitwise_MCP", "https://github.com/HARJAP-SINGH-3105/Splitwise_MCP", "https-github-com-harjap-singh-3105-splitwise-mcp", "harjap-singh-3105-splitwise-mcp", "harjap-singh-3105/splitwise_mcp", "splitwise_mcp", "splitwise-mcp" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:harjap-singh-3105/splitwise_mcp", "canonical_url": "https://github.com/harjap-singh-3105/splitwise_mcp", "description": "Manage Splitwise balances, expenses, and groups from your workspace. Fetch friends and recent acti\u2026", "discovery_status": "observed", "display_name": "ai-smithery-harjap-singh-3105-splitwise-mcp", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.199070+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-smithery-harjap-singh-3105-splitwise-mcp", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.smithery/HARJAP-SINGH-3105-splitwise_mcp", "repo_url": "https://github.com/HARJAP-SINGH-3105/Splitwise_MCP", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-smithery-harjap-singh-3105-splitwise-mcp", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-harjap-singh-3105-splitwise-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-harjap-singh-3105-splitwise-mcp.html", "url": "https://github.com/HARJAP-SINGH-3105/Splitwise_MCP", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.14.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-hint-services-obsidian-github-mcp", "mcp-ai-smithery-hint-services-obsidian-github-mcp", "mcp:ai-smithery-hint-services-obsidian-github-mcp", "https-github-com-hint-services-obsidian-github-mcp", "Hint-Services/obsidian-github-mcp", "https://github.com/Hint-Services/obsidian-github-mcp", "https://github.com/hint-services/obsidian-github-mcp", "hint-services-obsidian-github-mcp", "hint-services/obsidian-github-mcp", "obsidian-github-mcp" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:hint-services/obsidian-github-mcp", "canonical_url": "https://github.com/hint-services/obsidian-github-mcp", "description": "Connect AI assistants to your GitHub-hosted Obsidian vault to seamlessly access, search, and analy\u2026", "discovery_status": "observed", "display_name": "ai-smithery-hint-services-obsidian-github-mcp", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 13, "generated_at": "2026-06-07T19:20:29.199128+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-smithery-hint-services-obsidian-github-mcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/Hint-Services-obsidian-github-mcp", "repo_url": "https://github.com/Hint-Services/obsidian-github-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-hint-services-obsidian-github-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-hint-services-obsidian-github-mcp", "tools": [ "async_operation", "diagnoseSearch", "getCommitHistory", "getFileContents", "searchFiles", "searchIssues", "secure_tool", "stream_data" ], "tools_count": 8, "top_findings": [ "References credential or secret pattern: GITHUB_TOKEN \u2014 src/github/client.ts:20", "Broad or write-capable OAuth/API scope: github_write_scope \u2014 src/github/client.ts:533", "Detected capability: environment_access \u2014 src/index.ts:69" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-hint-services-obsidian-github-mcp.html", "url": "https://github.com/Hint-Services/obsidian-github-mcp", "verdict_label": "Needs Oversight", "version": "0.4.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-hithereiamaliff-mcp-datagovmy", "mcp:ai-smithery-hithereiamaliff-mcp-datagovmy", "mcp-ai-smithery-hithereiamaliff-mcp-datagovmy", "https-github-com-hithereiamaliff-mcp-datagovmy", "https://github.com/hithereiamaliff/mcp-datagovmy", "hithereiamaliff/mcp-datagovmy", "hithereiamaliff-mcp-datagovmy", "mcp-datagovmy" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:hithereiamaliff/mcp-datagovmy", "canonical_url": "https://github.com/hithereiamaliff/mcp-datagovmy", "description": "This MCP server provides seamless access to Malaysia's government open data, including datasets, w\u2026", "discovery_status": "observed", "display_name": "ai-smithery-hithereiamaliff-mcp-datagovmy", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 300, "generated_at": "2026-06-07T19:20:29.205161+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [], "name": "ai-smithery-hithereiamaliff-mcp-datagovmy", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/hithereiamaliff-mcp-datagovmy", "repo_url": "https://github.com/hithereiamaliff/mcp-datagovmy", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-hithereiamaliff-mcp-datagovmy", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-hithereiamaliff-mcp-datagovmy", "tools": [ "${toolName}" ], "tools_count": 1, "top_findings": [ "Detected capability: shell_execution \u2014 scripts/deploy.js:3", "References credential or secret pattern: GITHUB_TOKEN \u2014 .env.example:5", "Detected capability: filesystem_write_delete \u2014 scripts/update-tool-names.ts:63" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-hithereiamaliff-mcp-datagovmy.html", "url": "https://github.com/hithereiamaliff/mcp-datagovmy", "verdict_label": "Review Before Install", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-hjsh200219-pharminfo-mcp", "mcp:ai-smithery-hjsh200219-pharminfo-mcp", "mcp-ai-smithery-hjsh200219-pharminfo-mcp", "https://github.com/hjsh200219/pharminfo-mcp", "https-github-com-hjsh200219-pharminfo-mcp", "hjsh200219/pharminfo-mcp", "hjsh200219-pharminfo-mcp", "pharminfo-mcp" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:hjsh200219/pharminfo-mcp", "canonical_url": "https://github.com/hjsh200219/pharminfo-mcp", "description": "Look up Korean drug ingredient and product data by HIRA component and product codes via Pilldoc. V\u2026", "discovery_status": "observed", "display_name": "ai-smithery-hjsh200219-pharminfo-mcp", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.205498+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-smithery-hjsh200219-pharminfo-mcp", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.smithery/hjsh200219-pharminfo-mcp", "repo_url": "https://github.com/hjsh200219/pharminfo-mcp", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-smithery-hjsh200219-pharminfo-mcp", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-hjsh200219-pharminfo-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-hjsh200219-pharminfo-mcp.html", "url": "https://github.com/hjsh200219/pharminfo-mcp", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.14.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-hollaugo-financial-research-mcp-server", "mcp:ai-smithery-hollaugo-financial-research-mcp-server", "mcp-ai-smithery-hollaugo-financial-research-mcp-server", "hollaugo/tutorials/tree/main/smithery-example/financial-server", "https://github.com/hollaugo/tutorials/tree/main/smithery-example/financial-server", "https-github-com-hollaugo-tutorials-tree-main-smithery-example-financial-server", "hollaugo/tutorials", "hollaugo-tutorials", "tutorials", "https://github.com/hollaugo/tutorials", "https-github-com-hollaugo-tutorials" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:hollaugo/tutorials", "canonical_url": "https://github.com/hollaugo/tutorials", "description": "Analyze stocks with summaries, price targets, and analyst recommendations. Track SEC filings, divi\u2026", "discovery_status": "observed", "display_name": "ai-smithery-hollaugo-financial-research-mcp-server", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 1, "generated_at": "2026-06-07T19:20:29.205561+00:00", "install_label": "Source Not Verified", "install_posture": "Needs Oversight", "internal_verdict": "medium_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-smithery-hollaugo-financial-research-mcp-server", "normalized_repo_url_from": "url", "posture": "needs_oversight", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/hollaugo-financial-research-mcp-server", "repo_url": "https://github.com/hollaugo/tutorials", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-hollaugo-financial-research-mcp-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-hollaugo-financial-research-mcp-server", "tools": [ "create_server", "get_analyst_targets", "get_dividends", "get_financial_statements", "get_insider_transactions", "get_institutional_holders", "get_recommendations", "get_sec_filings", "get_sector_info", "get_splits", "get_stock_summary", "summarize_filing" ], "tools_count": 12, "top_findings": [ "Detected capability: network_egress \u2014 src/financial_server/server.py:307" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-hollaugo-financial-research-mcp-server.html", "url": "https://github.com/hollaugo/tutorials/tree/main/smithery-example/financial-server", "verdict_label": "Install With Restrictions", "version": "1.15.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-hustcc-mcp-mermaid", "mcp-ai-smithery-hustcc-mcp-mermaid", "mcp:ai-smithery-hustcc-mcp-mermaid", "https-github-com-hustcc-mcp-mermaid", "https://github.com/hustcc/mcp-mermaid", "hustcc/mcp-mermaid", "hustcc-mcp-mermaid", "mcp-mermaid" ], "answer": "Source Not Verified", "bottom_line": "Meaningful risk signals. Review before team or production use.", "canonical_id": "github:hustcc/mcp-mermaid", "canonical_url": "https://github.com/hustcc/mcp-mermaid", "description": "Generate dynamic Mermaid diagrams and charts with AI assistance. Customize styles and export diagr\u2026", "discovery_status": "observed", "display_name": "ai-smithery-hustcc-mcp-mermaid", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 10, "generated_at": "2026-06-07T19:20:29.205613+00:00", "install_label": "Source Not Verified", "install_posture": "Needs Oversight", "internal_verdict": "medium_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-smithery-hustcc-mcp-mermaid", "normalized_repo_url_from": "url", "posture": "needs_oversight", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.smithery/hustcc-mcp-mermaid", "repo_url": "https://github.com/hustcc/mcp-mermaid", "risk_band": "elevated", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-hustcc-mcp-mermaid", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-hustcc-mcp-mermaid", "tools": [ "generate_mermaid_diagram" ], "tools_count": 1, "top_findings": [ "Detected capability: filesystem_write_delete \u2014 src/server.ts:137", "Detected capability: browser_automation \u2014 Dockerfile:9", "Install risk pattern: npm_lifecycle_script \u2014 package.json:14" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-hustcc-mcp-mermaid.html", "url": "https://github.com/hustcc/mcp-mermaid", "verdict_label": "Install With Restrictions", "version": "0.1.3", "visible_controls": [] }, { "aliases": [ "ai-smithery-huuthangntk-claude-vision-mcp-server", "mcp:ai-smithery-huuthangntk-claude-vision-mcp-server", "mcp-ai-smithery-huuthangntk-claude-vision-mcp-server", "https-github-com-huuthangntk-claude-vision-mcp-server", "https://github.com/huuthangntk/claude-vision-mcp-server", "huuthangntk/claude-vision-mcp-server", "huuthangntk-claude-vision-mcp-server", "claude-vision-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:huuthangntk/claude-vision-mcp-server", "canonical_url": "https://github.com/huuthangntk/claude-vision-mcp-server", "description": "Analyze images from multiple angles to extract detailed insights or quick summaries. Describe visu\u2026", "discovery_status": "observed", "display_name": "ai-smithery-huuthangntk-claude-vision-mcp-server", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 160, "generated_at": "2026-06-07T19:20:29.205840+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-smithery-huuthangntk-claude-vision-mcp-server", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/huuthangntk-claude-vision-mcp-server", "repo_url": "https://github.com/huuthangntk/claude-vision-mcp-server", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-huuthangntk-claude-vision-mcp-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-huuthangntk-claude-vision-mcp-server", "tools": [ "claude-deep-think-mcp-server", "claude_think", "think" ], "tools_count": 3, "top_findings": [ "References credential or secret pattern: ANTHROPIC_API_KEY \u2014 env.example:2", "Detected capability: environment_access \u2014 test-server.ts:12", "Detected capability: filesystem_write_delete \u2014 test-server.ts:57" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-huuthangntk-claude-vision-mcp-server.html", "url": "https://github.com/huuthangntk/claude-vision-mcp-server", "verdict_label": "Needs Oversight", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-ilyagusev-academia-mcp", "mcp-ai-smithery-ilyagusev-academia-mcp", "mcp:ai-smithery-ilyagusev-academia-mcp", "https://github.com/IlyaGusev/academia_mcp", "https-github-com-ilyagusev-academia-mcp", "IlyaGusev/academia_mcp", "https://github.com/ilyagusev/academia_mcp", "ilyagusev-academia-mcp", "ilyagusev/academia_mcp", "academia_mcp", "academia-mcp" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:ilyagusev/academia_mcp", "canonical_url": "https://github.com/ilyagusev/academia_mcp", "description": "Search arXiv and ACL Anthology, retrieve citations and references, and browse web sources to accel\u2026", "discovery_status": "observed", "display_name": "ai-smithery-ilyagusev-academia-mcp", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 63, "generated_at": "2026-06-07T19:20:29.199218+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [], "name": "ai-smithery-ilyagusev-academia-mcp", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/IlyaGusev-academia_mcp", "repo_url": "https://github.com/IlyaGusev/academia_mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-ilyagusev-academia-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-ilyagusev-academia-mcp", "tools": [ "configure_uvicorn_style_logging", "create_server", "fetch_tools" ], "tools_count": 3, "top_findings": [ "Detected capability: shell_execution \u2014 academia_mcp/tools/latex.py:122", "Detected capability: filesystem_write_delete \u2014 academia_mcp/auth/token_manager.py:46", "References credential or secret pattern: OPENAI_API_KEY \u2014 academia_mcp/server.py:131" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-ilyagusev-academia-mcp.html", "url": "https://github.com/IlyaGusev/academia_mcp", "verdict_label": "Review Before Install", "version": "1.16.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-infranodus-mcp-server-infranodus", "mcp:ai-smithery-infranodus-mcp-server-infranodus", "mcp-ai-smithery-infranodus-mcp-server-infranodus", "infranodus/mcp-server-infranodus", "https-github-com-infranodus-mcp-server-infranodus", "https://github.com/infranodus/mcp-server-infranodus", "infranodus-mcp-server-infranodus", "mcp-server-infranodus" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:infranodus/mcp-server-infranodus", "canonical_url": "https://github.com/infranodus/mcp-server-infranodus", "description": "Map text into knowledge graphs to create a structured representation of conceptual relations and t\u2026", "discovery_status": "observed", "display_name": "ai-smithery-infranodus-mcp-server-infranodus", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 249, "generated_at": "2026-06-07T19:20:29.206100+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "tool_names_extracted" ], "name": "ai-smithery-infranodus-mcp-server-infranodus", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/infranodus-mcp-server-infranodus", "repo_url": "https://github.com/infranodus/mcp-server-infranodus", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-infranodus-mcp-server-infranodus", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-infranodus-mcp-server-infranodus", "tools": [], "tools_count": 0, "top_findings": [ "Detected capability: environment_access \u2014 bin/infranodus-mcp-server.js:13", "References credential or secret pattern: JWT_SECRET \u2014 render.yaml:19", "References credential or secret pattern: API_KEY_GENERIC \u2014 bin/infranodus-mcp-server.js:13" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-infranodus-mcp-server-infranodus.html", "url": "https://github.com/infranodus/mcp-server-infranodus", "verdict_label": "Needs Oversight", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-isnow890-data4library-mcp", "mcp:ai-smithery-isnow890-data4library-mcp", "mcp-ai-smithery-isnow890-data4library-mcp", "isnow890/data4library-mcp", "https://github.com/isnow890/data4library-mcp", "https-github-com-isnow890-data4library-mcp", "isnow890-data4library-mcp", "data4library-mcp" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:isnow890/data4library-mcp", "canonical_url": "https://github.com/isnow890/data4library-mcp", "description": "\ucc45 \uc2eb\uc5b4\ud558\ub294 \uc81c\uac00 \ucc45\uc5d0 \ub300\ud574 \uc544\ub294\ucc99\ud558\uace0 \uc2f6\uc5b4\uc11c \ub9cc\ub4e4\uc5c8\uc2b5\ub2c8\ub2e4.. \ub0b4 \uc8fc\ubcc0 \ub3c4\uc11c\uad00 \uc2e4\uc2dc\uac04 \ub300\ucd9c \ud655\uc778 \uc77d\uace0 \uc2f6\uc740 \ucc45\uc744 \uac80\uc0c9\ud558\uba74 \uc8fc\ubcc0 \ub3c4\uc11c\uad00 \ub300\ucd9c \uac00\ub2a5 \uc5ec\ubd80\ub97c \uc989\uc2dc \ud655\uc778 \uad73\uc774 \ub3c4\uc11c\uad00\u2026", "discovery_status": "observed", "display_name": "ai-smithery-isnow890-data4library-mcp", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 98, "generated_at": "2026-06-07T19:20:29.206246+00:00", "install_label": "Source Not Verified", "install_posture": "Needs Oversight", "internal_verdict": "medium_risk", "missing_evidence": [], "name": "ai-smithery-isnow890-data4library-mcp", "normalized_repo_url_from": "url", "posture": "needs_oversight", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/isnow890-data4library-mcp", "repo_url": "https://github.com/isnow890/data4library-mcp", "risk_band": "elevated", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-isnow890-data4library-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-isnow890-data4library-mcp", "tools": [ "check_book_availability", "get_book_detail", "get_book_keywords", "get_book_usage_analysis", "get_detailed_region_codes", "get_detailed_subject_codes", "get_hot_trend", "get_library_info", "get_mania_recommendations", "get_monthly_keywords", "get_new_arrival_books", "get_popular_books_by_library", "get_reader_recommendations", "get_reading_quantity", "get_region_codes", "get_subject_codes", "get_usage_trend", "search_books", "search_detailed_kdc_codes", "search_detailed_region_codes", "search_items", "search_libraries", "search_libraries_by_book", "search_library_codes", "search_nearby_libraries", "search_popular_books", "search_popular_books_by_library" ], "tools_count": 27, "top_findings": [ "Detected capability: environment_access \u2014 src/index.ts:63", "References credential or secret pattern: API_KEY_GENERIC \u2014 .env.example:3", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-isnow890-data4library-mcp.html", "url": "https://github.com/isnow890/data4library-mcp", "verdict_label": "Install With Restrictions", "version": "1.0.5", "visible_controls": [] }, { "aliases": [ "ai-smithery-jekakos-mcp-user-data-enrichment", "mcp-ai-smithery-jekakos-mcp-user-data-enrichment", "mcp:ai-smithery-jekakos-mcp-user-data-enrichment", "https://github.com/jekakos/mcp-user-data-enrichment", "jekakos/mcp-user-data-enrichment", "https-github-com-jekakos-mcp-user-data-enrichment", "jekakos-mcp-user-data-enrichment", "mcp-user-data-enrichment" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:jekakos/mcp-user-data-enrichment", "canonical_url": "https://github.com/jekakos/mcp-user-data-enrichment", "description": "Enrich user data by adding social network links based on provided personal information. Integrate\u2026", "discovery_status": "observed", "display_name": "ai-smithery-jekakos-mcp-user-data-enrichment", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 62, "generated_at": "2026-06-07T19:20:29.206343+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-smithery-jekakos-mcp-user-data-enrichment", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/jekakos-mcp-user-data-enrichment", "repo_url": "https://github.com/jekakos/mcp-user-data-enrichment", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-jekakos-mcp-user-data-enrichment", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-jekakos-mcp-user-data-enrichment", "tools": [ "enrich_user_data", "user-data-enrichment" ], "tools_count": 2, "top_findings": [ "Detected capability: shell_execution \u2014 src/http-wrapper.js:3", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11", "Detected capability: network_egress \u2014 src/http-wrapper.js:103" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-jekakos-mcp-user-data-enrichment.html", "url": "https://github.com/jekakos/mcp-user-data-enrichment", "verdict_label": "Review Before Install", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-jenniferjiang0511-mit-ai-studio-hw3", "mcp-ai-smithery-jenniferjiang0511-mit-ai-studio-hw3", "mcp:ai-smithery-jenniferjiang0511-mit-ai-studio-hw3", "jenniferjiang0511/MIT-AI-studio-HW3", "https-github-com-jenniferjiang0511-mit-ai-studio-hw3", "https://github.com/jenniferjiang0511/MIT-AI-studio-HW3", "https://github.com/jenniferjiang0511/mit-ai-studio-hw3", "jenniferjiang0511-mit-ai-studio-hw3", "jenniferjiang0511/mit-ai-studio-hw3", "mit-ai-studio-hw3" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:jenniferjiang0511/mit-ai-studio-hw3", "canonical_url": "https://github.com/jenniferjiang0511/mit-ai-studio-hw3", "description": "Greet people by name and check local forecasts and weather alerts across the U.S. Switch to a play\u2026", "discovery_status": "observed", "display_name": "ai-smithery-jenniferjiang0511-mit-ai-studio-hw3", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 6, "generated_at": "2026-06-07T19:20:29.206398+00:00", "install_label": "Source Not Verified", "install_posture": "Needs Oversight", "internal_verdict": "medium_risk", "missing_evidence": [], "name": "ai-smithery-jenniferjiang0511-mit-ai-studio-hw3", "normalized_repo_url_from": "url", "posture": "needs_oversight", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/jenniferjiang0511-mit-ai-studio-hw3", "repo_url": "https://github.com/jenniferjiang0511/MIT-AI-studio-HW3", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-jenniferjiang0511-mit-ai-studio-hw3", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-jenniferjiang0511-mit-ai-studio-hw3", "tools": [ "World", "create_server", "get_alerts", "get_forecast", "hello", "my_tool", "test-client" ], "tools_count": 7, "top_findings": [ "References credential or secret pattern: API_KEY_GENERIC \u2014 src/hello_server/server.py:25", "Detected capability: network_egress \u2014 src/hello_server/server.py:34" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-jenniferjiang0511-mit-ai-studio-hw3.html", "url": "https://github.com/jenniferjiang0511/MIT-AI-studio-HW3", "verdict_label": "Install With Restrictions", "version": "1.15.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-jessicayanwang-test", "mcp-ai-smithery-jessicayanwang-test", "mcp:ai-smithery-jessicayanwang-test", "jessicayanwang/frankfurtermcp", "https-github-com-jessicayanwang-frankfurtermcp", "https://github.com/jessicayanwang/frankfurtermcp", "jessicayanwang-frankfurtermcp", "frankfurtermcp" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:jessicayanwang/frankfurtermcp", "canonical_url": "https://github.com/jessicayanwang/frankfurtermcp", "description": "Fetch latest and historical currency exchange rates from Frankfurter. Convert amounts between curr\u2026", "discovery_status": "observed", "display_name": "ai-smithery-jessicayanwang-test", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 12, "generated_at": "2026-06-07T19:20:29.206449+00:00", "install_label": "Source Not Verified", "install_posture": "Needs Oversight", "internal_verdict": "medium_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-smithery-jessicayanwang-test", "normalized_repo_url_from": "url", "posture": "needs_oversight", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/jessicayanwang-test", "repo_url": "https://github.com/jessicayanwang/frankfurtermcp", "risk_band": "elevated", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-jessicayanwang-test", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-jessicayanwang-test", "tools": [ "get_historical_exchange_rates", "get_latest_exchange_rates", "get_supported_currencies" ], "tools_count": 3, "top_findings": [ "Install risk pattern: unpinned_dependency \u2014 local.dockerfile:16", "Detected capability: network_egress \u2014 src/frankfurtermcp/mixin.py:86", "Configuration environment variable access \u2014 src/frankfurtermcp/mixin.py:152" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-jessicayanwang-test.html", "url": "https://github.com/jessicayanwang/frankfurtermcp", "verdict_label": "Install With Restrictions", "version": "1.13.1", "visible_controls": [] }, { "aliases": [ "ai-smithery-jirispilka-actors-mcp-server", "mcp-ai-smithery-jirispilka-actors-mcp-server", "mcp:ai-smithery-jirispilka-actors-mcp-server", "https-github-com-jirispilka-actors-mcp-server", "https://github.com/jirispilka/actors-mcp-server", "jirispilka/actors-mcp-server", "jirispilka-actors-mcp-server", "actors-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:jirispilka/actors-mcp-server", "canonical_url": "https://github.com/jirispilka/actors-mcp-server", "description": "Greet anyone by name with friendly, personalized messages. Explore the origin of Hello, World thro\u2026", "discovery_status": "observed", "display_name": "ai-smithery-jirispilka-actors-mcp-server", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 300, "generated_at": "2026-06-07T19:20:29.206723+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "dangerous_capabilities_observable" ], "name": "ai-smithery-jirispilka-actors-mcp-server", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/jirispilka-actors-mcp-server", "repo_url": "https://github.com/jirispilka/actors-mcp-server", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-jirispilka-actors-mcp-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-jirispilka-actors-mcp-server", "tools": [ "hello" ], "tools_count": 1, "top_findings": [ "References credential or secret pattern: ANTHROPIC_API_KEY \u2014 .env.example:2", "References credential or secret pattern: API_KEY_GENERIC \u2014 .env.example:2", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-jirispilka-actors-mcp-server.html", "url": "https://github.com/jirispilka/actors-mcp-server", "verdict_label": "Needs Oversight", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-jjlabsio-korea-stock-mcp", "mcp-ai-smithery-jjlabsio-korea-stock-mcp", "mcp:ai-smithery-jjlabsio-korea-stock-mcp", "https://github.com/jjlabsio/korea-stock-mcp", "jjlabsio/korea-stock-mcp", "https-github-com-jjlabsio-korea-stock-mcp", "jjlabsio-korea-stock-mcp", "korea-stock-mcp" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:jjlabsio/korea-stock-mcp", "canonical_url": "https://github.com/jjlabsio/korea-stock-mcp", "description": "Search company disclosures and financial statements from the Korean market. Retrieve stock profile\u2026", "discovery_status": "observed", "display_name": "ai-smithery-jjlabsio-korea-stock-mcp", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 111, "generated_at": "2026-06-07T19:20:29.206894+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [], "name": "ai-smithery-jjlabsio-korea-stock-mcp", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/jjlabsio-korea-stock-mcp", "repo_url": "https://github.com/jjlabsio/korea-stock-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-jjlabsio-korea-stock-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-jjlabsio-korea-stock-mcp", "tools": [ "get_corp_code", "get_disclosure", "get_disclosure_list", "get_disclosure_section", "get_financial_statement", "get_market_type", "get_stock_base_info", "get_stock_trade_info", "get_today_date" ], "tools_count": 9, "top_findings": [ "Detected capability: shell_execution \u2014 src/dart/disclosure-xml.ts:110", "Detected capability: environment_access \u2014 scripts/generate-corp-codes.ts:13", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-jjlabsio-korea-stock-mcp.html", "url": "https://github.com/jjlabsio/korea-stock-mcp", "verdict_label": "Review Before Install", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-jmoak-chrono-mcp", "mcp:ai-smithery-jmoak-chrono-mcp", "mcp-ai-smithery-jmoak-chrono-mcp", "https-github-com-jmoak-chrono-mcp", "https://github.com/JMoak/chrono-mcp", "https://github.com/jmoak/chrono-mcp", "JMoak/chrono-mcp", "jmoak-chrono-mcp", "jmoak/chrono-mcp", "chrono-mcp" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:jmoak/chrono-mcp", "canonical_url": "https://github.com/jmoak/chrono-mcp", "description": "Convert and compare dates and times across any timezone with flexible, locale-aware formatting. Ad\u2026", "discovery_status": "observed", "display_name": "ai-smithery-jmoak-chrono-mcp", "ecosystem": "mcp", "evidence_score": 57, "evidence_status": "awaiting verification", "findings": 85, "generated_at": "2026-06-07T19:20:29.199441+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "tool_names_extracted", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-smithery-jmoak-chrono-mcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/JMoak-chrono-mcp", "repo_url": "https://github.com/JMoak/chrono-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "sensitive_context", "score": null, "score_adjusted": false, "slug": "ai-smithery-jmoak-chrono-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-jmoak-chrono-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11", "Install/config context pattern: environment_access \u2014 package.json:44", "Configuration environment variable access \u2014 src/cli.ts:9" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-jmoak-chrono-mcp.html", "url": "https://github.com/JMoak/chrono-mcp", "verdict_label": "Needs Oversight", "version": "0.2.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-junojunhyun-festival-finder-mcp", "mcp:ai-smithery-junojunhyun-festival-finder-mcp", "mcp-ai-smithery-junojunhyun-festival-finder-mcp", "https://github.com/junojunhyun/festival-finder-mcp", "https-github-com-junojunhyun-festival-finder-mcp", "JunoJunHyun/Festival-Finder-mcp", "https://github.com/JunoJunHyun/Festival-Finder-mcp", "junojunhyun-festival-finder-mcp", "junojunhyun/festival-finder-mcp", "festival-finder-mcp" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:junojunhyun/festival-finder-mcp", "canonical_url": "https://github.com/junojunhyun/festival-finder-mcp", "description": "Discover festivals worldwide by location, date, and genre. Compare options with key details like d\u2026", "discovery_status": "observed", "display_name": "ai-smithery-junojunhyun-festival-finder-mcp", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 11, "generated_at": "2026-06-07T19:20:29.199504+00:00", "install_label": "Source Not Verified", "install_posture": "Needs Oversight", "internal_verdict": "medium_risk", "missing_evidence": [], "name": "ai-smithery-junojunhyun-festival-finder-mcp", "normalized_repo_url_from": "url", "posture": "needs_oversight", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/JunoJunHyun-festival-finder-mcp", "repo_url": "https://github.com/JunoJunHyun/Festival-Finder-mcp", "risk_band": "elevated", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-junojunhyun-festival-finder-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-junojunhyun-festival-finder-mcp", "tools": [ "get_festival_list", "get_performance_detail", "get_performance_list" ], "tools_count": 3, "top_findings": [ "Detected capability: environment_access \u2014 core_logic.py:9", "Install risk pattern: unpinned_dependency \u2014 Dockerfile:8", "References credential or secret pattern: API_KEY_GENERIC \u2014 core_logic.py:9" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-junojunhyun-festival-finder-mcp.html", "url": "https://github.com/JunoJunHyun/Festival-Finder-mcp", "verdict_label": "Install With Restrictions", "version": "1.16.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-keithah-hostex-mcp", "mcp:ai-smithery-keithah-hostex-mcp", "mcp-ai-smithery-keithah-hostex-mcp", "keithah/hostex-mcp", "https-github-com-keithah-hostex-mcp", "https://github.com/keithah/hostex-mcp", "keithah-hostex-mcp", "hostex-mcp" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:keithah/hostex-mcp", "canonical_url": "https://github.com/keithah/hostex-mcp", "description": "Manage your Hostex vacation rentals\u2014properties, reservations, availability, listings, and guest me\u2026", "discovery_status": "observed", "display_name": "ai-smithery-keithah-hostex-mcp", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 113, "generated_at": "2026-06-07T19:20:29.207049+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-smithery-keithah-hostex-mcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/keithah-hostex-mcp", "repo_url": "https://github.com/keithah/hostex-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-keithah-hostex-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-keithah-hostex-mcp", "tools": [ "hostex_cancel_reservation", "hostex_create_reservation", "hostex_create_review", "hostex_create_webhook", "hostex_delete_webhook", "hostex_get_conversation", "hostex_get_custom_fields", "hostex_get_listing_calendar", "hostex_list_availabilities", "hostex_list_conversations", "hostex_list_custom_channels", "hostex_list_income_methods", "hostex_list_properties", "hostex_list_reservations", "hostex_list_reviews", "hostex_list_room_types", "hostex_list_webhooks", "hostex_post_guest_review", "hostex_send_message", "hostex_update_availabilities", "hostex_update_custom_fields", "hostex_update_listing_prices", "hostex_update_lock_code" ], "tools_count": 23, "top_findings": [ "Detected capability: environment_access \u2014 test-built.js:4", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11", "Install risk pattern: npm_lifecycle_script \u2014 package.json:18" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-keithah-hostex-mcp.html", "url": "https://github.com/keithah/hostex-mcp", "verdict_label": "Needs Oversight", "version": "0.2.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-keithah-tessie-mcp", "mcp:ai-smithery-keithah-tessie-mcp", "mcp-ai-smithery-keithah-tessie-mcp", "https-github-com-keithah-tessie-mcp", "keithah/tessie-mcp", "https://github.com/keithah/tessie-mcp", "keithah-tessie-mcp", "tessie-mcp" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:keithah/tessie-mcp", "canonical_url": "https://github.com/keithah/tessie-mcp", "description": "Unofficial integration! ## \u2728 Key Features ### \ud83d\udcb0 Financial Intelligence - **Smart Charging Cost An\u2026", "discovery_status": "observed", "display_name": "ai-smithery-keithah-tessie-mcp", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 288, "generated_at": "2026-06-07T19:20:29.207329+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [], "name": "ai-smithery-keithah-tessie-mcp", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/keithah-tessie-mcp", "repo_url": "https://github.com/keithah/tessie-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-keithah-tessie-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-keithah-tessie-mcp", "tools": [ "fetch_vehicle_battery", "fetch_vehicle_state", "get_active_context", "get_driving_path", "manage_vehicle_command", "search_drives" ], "tools_count": 6, "top_findings": [ "Detected capability: shell_execution \u2014 .smithery/stdio/index.cjs:12", "Detected capability: environment_access \u2014 scripts/smoke.ts:6", "Install risk pattern: unpinned_dependency \u2014 .smithery/stdio/index.cjs:2" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-keithah-tessie-mcp.html", "url": "https://github.com/keithah/tessie-mcp", "verdict_label": "Review Before Install", "version": "1.1.1", "visible_controls": [] }, { "aliases": [ "ai-smithery-keremurat-json", "mcp:ai-smithery-keremurat-json", "mcp-ai-smithery-keremurat-json", "https://github.com/keremurat/mcp", "keremurat/mcp", "https-github-com-keremurat-mcp", "keremurat-mcp", "mcp" ], "answer": "Source Not Verified", "bottom_line": "Meaningful risk signals. Review before team or production use.", "canonical_id": "github:keremurat/mcp", "canonical_url": "https://github.com/keremurat/mcp", "description": "Compare two JSON files deeply, regardless of order. Get a detailed difference report highlighting\u2026", "discovery_status": "observed", "display_name": "ai-smithery-keremurat-json", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 6, "generated_at": "2026-06-07T19:20:29.207410+00:00", "install_label": "Source Not Verified", "install_posture": "Needs Oversight", "internal_verdict": "medium_risk", "missing_evidence": [], "name": "ai-smithery-keremurat-json", "normalized_repo_url_from": "url", "posture": "needs_oversight", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.smithery/keremurat-mcp", "repo_url": "https://github.com/keremurat/mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-keremurat-json", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-keremurat-json", "tools": [ "Ahmet", "John", "compare_json", "dummy_tool", "my_new_tool" ], "tools_count": 5, "top_findings": [ "Install risk pattern: unpinned_dependency \u2014 Dockerfile:11", "Detected capability: filesystem_read \u2014 app.py:75", "Configuration environment variable access \u2014 server.py:70" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-keremurat-json.html", "url": "https://github.com/keremurat/mcp", "verdict_label": "Install With Restrictions", "version": "1.16.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-kesslerio-attio-mcp-server", "mcp:ai-smithery-kesslerio-attio-mcp-server", "mcp-ai-smithery-kesslerio-attio-mcp-server", "kesslerio/attio-mcp-server", "https-github-com-kesslerio-attio-mcp-server", "https://github.com/kesslerio/attio-mcp-server", "kesslerio-attio-mcp-server", "attio-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:kesslerio/attio-mcp-server", "canonical_url": "https://github.com/kesslerio/attio-mcp-server", "description": "Streamline your Attio workflows using natural language to search, create, update, and organize com\u2026", "discovery_status": "observed", "display_name": "ai-smithery-kesslerio-attio-mcp-server", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 300, "generated_at": "2026-06-07T19:20:29.207823+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [], "name": "ai-smithery-kesslerio-attio-mcp-server", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/kesslerio-attio-mcp-server-beta", "repo_url": "https://github.com/kesslerio/attio-mcp-server", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-kesslerio-attio-mcp-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-kesslerio-attio-mcp-server", "tools": [ "aaa-health-check", "add-record-to-list", "advanced-filter-list-entries", "create-note", "create-record", "delete-record", "fetch", "filter-list-entries", "filter-list-entries-by-parent", "filter-list-entries-by-parent-id", "get-list-details", "get-list-entries", "get-lists", "get-record-list-memberships", "get-workspace-member", "list-notes", "list-workspace-members", "records_batch", "records_discover_attributes", "records_get_attributes", "records_get_details", "records_get_info", "records_search", "records_search_advanced", "records_search_batch", "records_search_by_content", "records_search_by_relationship", "records_search_by_timeframe", "remove-record-from-list", "search", "search-companies", "search-companies-by-domain", "search-workspace-members", "smart-search-companies", "update-list-entry", "update-record" ], "tools_count": 36, "top_findings": [ "Detected capability: shell_execution \u2014 bun.lock:486", "Detected capability: docker_privilege \u2014 package.json:96", "Detected capability: environment_access \u2014 scripts/analyze-token-footprint.ts:16" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-kesslerio-attio-mcp-server.html", "url": "https://github.com/kesslerio/attio-mcp-server", "verdict_label": "Review Before Install", "version": "1.1.1", "visible_controls": [] }, { "aliases": [ "ai-smithery-kim-soung-won-mcp-smithery-exam", "mcp:ai-smithery-kim-soung-won-mcp-smithery-exam", "mcp-ai-smithery-kim-soung-won-mcp-smithery-exam", "https-github-com-kim-soung-won-mcp-smithery-exam", "https://github.com/kim-soung-won/mcp-smithery-exam", "https://github.com/Kim-soung-won/mcp-smithery-exam", "Kim-soung-won/mcp-smithery-exam", "kim-soung-won/mcp-smithery-exam", "kim-soung-won-mcp-smithery-exam", "mcp-smithery-exam" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:kim-soung-won/mcp-smithery-exam", "canonical_url": "https://github.com/kim-soung-won/mcp-smithery-exam", "description": "Craft quick, personalized greetings by name. Generate ready-to-use greeting prompts for a consiste\u2026", "discovery_status": "observed", "display_name": "ai-smithery-kim-soung-won-mcp-smithery-exam", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 4, "generated_at": "2026-06-07T19:20:29.199550+00:00", "install_label": "Source Not Verified", "install_posture": "Needs Oversight", "internal_verdict": "medium_risk", "missing_evidence": [], "name": "ai-smithery-kim-soung-won-mcp-smithery-exam", "normalized_repo_url_from": "url", "posture": "needs_oversight", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/Kim-soung-won-mcp-smithery-exam", "repo_url": "https://github.com/Kim-soung-won/mcp-smithery-exam", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-kim-soung-won-mcp-smithery-exam", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-kim-soung-won-mcp-smithery-exam", "tools": [ "World", "create_server", "hello", "multiply", "my_tool", "test-client" ], "tools_count": 6, "top_findings": [ "References credential or secret pattern: API_KEY_GENERIC \u2014 src/hello_server/server.py:20", "Detected capability: network_egress \u2014 src/hello_server/server.py:42" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-kim-soung-won-mcp-smithery-exam.html", "url": "https://github.com/Kim-soung-won/mcp-smithery-exam", "verdict_label": "Install With Restrictions", "version": "1.14.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-kirbah-mcp-youtube", "mcp:ai-smithery-kirbah-mcp-youtube", "mcp-ai-smithery-kirbah-mcp-youtube", "https://github.com/kirbah/mcp-youtube", "kirbah/mcp-youtube", "https-github-com-kirbah-mcp-youtube", "kirbah-mcp-youtube", "mcp-youtube" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:kirbah/mcp-youtube", "canonical_url": "https://github.com/kirbah/mcp-youtube", "description": "Provide token-optimized, structured YouTube data to enhance your LLM applications. Access efficien\u2026", "discovery_status": "observed", "display_name": "ai-smithery-kirbah-mcp-youtube", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 294, "generated_at": "2026-06-07T19:20:29.208140+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [ "tool_names_extracted" ], "name": "ai-smithery-kirbah-mcp-youtube", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/kirbah-mcp-youtube", "repo_url": "https://github.com/kirbah/mcp-youtube", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-kirbah-mcp-youtube", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-kirbah-mcp-youtube", "tools": [], "tools_count": 0, "top_findings": [ "Install risk pattern: curl_pipe_shell \u2014 install_nvm.sh:6", "References credential or secret pattern: DATABASE_URL \u2014 .gemini/settings.json:8", "Detected capability: environment_access \u2014 src/index.ts:31" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-kirbah-mcp-youtube.html", "url": "https://github.com/kirbah/mcp-youtube", "verdict_label": "Review Before Install", "version": "0.2.6", "visible_controls": [] }, { "aliases": [ "ai-smithery-kkjdaniel-bgg-mcp", "mcp-ai-smithery-kkjdaniel-bgg-mcp", "mcp:ai-smithery-kkjdaniel-bgg-mcp", "https://github.com/kkjdaniel/bgg-mcp", "kkjdaniel/bgg-mcp", "https-github-com-kkjdaniel-bgg-mcp", "kkjdaniel-bgg-mcp", "bgg-mcp" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:kkjdaniel/bgg-mcp", "canonical_url": "https://github.com/kkjdaniel/bgg-mcp", "description": "BGG MCP provides access to the BoardGameGeek API through the Model Context Protocol, enabling retr\u2026", "discovery_status": "observed", "display_name": "ai-smithery-kkjdaniel-bgg-mcp", "ecosystem": "mcp", "evidence_score": 43, "evidence_status": "awaiting verification", "findings": 1, "generated_at": "2026-06-07T19:20:29.208215+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "dangerous_capabilities_observable" ], "name": "ai-smithery-kkjdaniel-bgg-mcp", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.smithery/kkjdaniel-bgg-mcp", "repo_url": "https://github.com/kkjdaniel/bgg-mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-smithery-kkjdaniel-bgg-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-kkjdaniel-bgg-mcp", "tools": [], "tools_count": 0, "top_findings": [ "References credential or secret pattern: API_KEY_GENERIC \u2014 server.json:20" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-kkjdaniel-bgg-mcp.html", "url": "https://github.com/kkjdaniel/bgg-mcp", "verdict_label": "Sandbox/Test OK", "version": "1.3.2", "visible_controls": [] }, { "aliases": [ "ai-smithery-kodey-ai-salesforce-mcp", "mcp:ai-smithery-kodey-ai-salesforce-mcp", "mcp-ai-smithery-kodey-ai-salesforce-mcp", "kodey-ai/salesforce-mcp", "https-github-com-kodey-ai-salesforce-mcp", "https://github.com/kodey-ai/salesforce-mcp", "kodey-ai-salesforce-mcp", "salesforce-mcp" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:kodey-ai/salesforce-mcp", "canonical_url": "https://github.com/kodey-ai/salesforce-mcp", "description": "Run SOQL queries against your Salesforce org to retrieve records and insights. Explore objects, fi\u2026", "discovery_status": "observed", "display_name": "ai-smithery-kodey-ai-salesforce-mcp", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 271, "generated_at": "2026-06-07T19:20:29.208474+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [], "name": "ai-smithery-kodey-ai-salesforce-mcp", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/kodey-ai-salesforce-mcp-server", "repo_url": "https://github.com/kodey-ai/salesforce-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-kodey-ai-salesforce-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-kodey-ai-salesforce-mcp", "tools": [ "salesforce_insert", "salesforce_read" ], "tools_count": 2, "top_findings": [ "Detected capability: shell_execution \u2014 get-refresh-token.mjs:149", "Detected capability: environment_access \u2014 get-refresh-token.mjs:21", "Detected capability: filesystem_write_delete \u2014 packages/mcp-provider-code-analyzer/src/actions/run-analyzer.ts:118" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-kodey-ai-salesforce-mcp.html", "url": "https://github.com/kodey-ai/salesforce-mcp", "verdict_label": "Review Before Install", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-kwp-lab-rss-reader-mcp", "mcp-ai-smithery-kwp-lab-rss-reader-mcp", "mcp:ai-smithery-kwp-lab-rss-reader-mcp", "kwp-lab/rss-reader-mcp", "https://github.com/kwp-lab/rss-reader-mcp", "https-github-com-kwp-lab-rss-reader-mcp", "kwp-lab-rss-reader-mcp", "rss-reader-mcp" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:kwp-lab/rss-reader-mcp", "canonical_url": "https://github.com/kwp-lab/rss-reader-mcp", "description": "Track and browse RSS feeds with ease. Fetch the latest entries from any feed URL and extract full\u2026", "discovery_status": "observed", "display_name": "ai-smithery-kwp-lab-rss-reader-mcp", "ecosystem": "mcp", "evidence_score": 71, "evidence_status": "awaiting verification", "findings": 226, "generated_at": "2026-06-07T19:20:29.208724+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "tool_names_extracted", "env_or_credential_examples_visible" ], "name": "ai-smithery-kwp-lab-rss-reader-mcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/kwp-lab-rss-reader-mcp", "repo_url": "https://github.com/kwp-lab/rss-reader-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-kwp-lab-rss-reader-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-kwp-lab-rss-reader-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11", "Detected capability: network_egress \u2014 src/index.ts:5", "Install/config context pattern: network_egress \u2014 package-lock.json:15" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-kwp-lab-rss-reader-mcp.html", "url": "https://github.com/kwp-lab/rss-reader-mcp", "verdict_label": "Needs Oversight", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-leandrogavidia-vechain-mcp-server", "mcp:ai-smithery-leandrogavidia-vechain-mcp-server", "mcp-ai-smithery-leandrogavidia-vechain-mcp-server", "https://github.com/leandrogavidia/vechain-mcp-server", "leandrogavidia/vechain-mcp-server", "https-github-com-leandrogavidia-vechain-mcp-server", "leandrogavidia-vechain-mcp-server", "vechain-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:leandrogavidia/vechain-mcp-server", "canonical_url": "https://github.com/leandrogavidia/vechain-mcp-server", "description": "Search VeChain documentation, query on-chain data, and fetch fee suggestions with direct links to\u2026", "discovery_status": "observed", "display_name": "ai-smithery-leandrogavidia-vechain-mcp-server", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 45, "generated_at": "2026-06-07T19:20:29.208837+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "tool_names_extracted" ], "name": "ai-smithery-leandrogavidia-vechain-mcp-server", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/leandrogavidia-vechain-mcp-server", "repo_url": "https://github.com/leandrogavidia/vechain-mcp-server", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-leandrogavidia-vechain-mcp-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-leandrogavidia-vechain-mcp-server", "tools": [], "tools_count": 0, "top_findings": [ "Detected capability: wallet_payment \u2014 package.json:28", "Detected capability: environment_access \u2014 src/tools.ts:540", "References credential or secret pattern: API_KEY_GENERIC \u2014 .env.example:1" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-leandrogavidia-vechain-mcp-server.html", "url": "https://github.com/leandrogavidia/vechain-mcp-server", "verdict_label": "Needs Oversight", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-leghis-smart-thinking", "mcp:ai-smithery-leghis-smart-thinking", "mcp-ai-smithery-leghis-smart-thinking", "https://github.com/leghis/smart-thinking", "Leghis/Smart-Thinking", "https://github.com/Leghis/Smart-Thinking", "https-github-com-leghis-smart-thinking", "leghis/smart-thinking", "leghis-smart-thinking", "smart-thinking" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:leghis/smart-thinking", "canonical_url": "https://github.com/leghis/smart-thinking", "description": "Find relevant Smart\u2011Thinking memories fast. Fetch full entries by ID to get complete context. Spee\u2026", "discovery_status": "observed", "display_name": "ai-smithery-leghis-smart-thinking", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 68, "generated_at": "2026-06-07T19:20:29.199644+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [], "name": "ai-smithery-leghis-smart-thinking", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/Leghis-smart-thinking", "repo_url": "https://github.com/Leghis/Smart-Thinking", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-leghis-smart-thinking", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-leghis-smart-thinking", "tools": [ "fetch", "search", "smartthinking" ], "tools_count": 3, "top_findings": [ "Detected capability: shell_execution \u2014 scripts/make-executable.js:7", "Detected capability: filesystem_write_delete \u2014 scripts/make-executable.js:35", "Install risk pattern: npm_lifecycle_script \u2014 package.json:26" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-leghis-smart-thinking.html", "url": "https://github.com/Leghis/Smart-Thinking", "verdict_label": "Review Before Install", "version": "0.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-lineex-pubmed-mcp-smithery", "mcp-ai-smithery-lineex-pubmed-mcp-smithery", "mcp:ai-smithery-lineex-pubmed-mcp-smithery", "https-github-com-lineex-pubmed-mcp-smithery", "https://github.com/lineex/pubmed-mcp-smithery", "lineex/pubmed-mcp-smithery", "lineex-pubmed-mcp-smithery", "pubmed-mcp-smithery" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:lineex/pubmed-mcp-smithery", "canonical_url": "https://github.com/lineex/pubmed-mcp-smithery", "description": "Search PubMed with precision using keyword and journal filters and smart sorting. Uncover MeSH ter\u2026", "discovery_status": "observed", "display_name": "ai-smithery-lineex-pubmed-mcp-smithery", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 2, "generated_at": "2026-06-07T19:20:29.208889+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-smithery-lineex-pubmed-mcp-smithery", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/lineex-pubmed-mcp-smithery", "repo_url": "https://github.com/lineex/pubmed-mcp-smithery", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-lineex-pubmed-mcp-smithery", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-lineex-pubmed-mcp-smithery", "tools": [ "format_paper_details", "get_mesh_terms", "get_pubmed_count", "pico_search", "search_pubmed" ], "tools_count": 5, "top_findings": [ "Install risk pattern: unpinned_dependency \u2014 Dockerfile:17", "Detected capability: network_egress \u2014 pubmed_enhanced_mcp_server.py:21" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-lineex-pubmed-mcp-smithery.html", "url": "https://github.com/lineex/pubmed-mcp-smithery", "verdict_label": "Sandbox/Test OK", "version": "1.14.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-linkupplatform-linkup-mcp-server", "mcp:ai-smithery-linkupplatform-linkup-mcp-server", "mcp-ai-smithery-linkupplatform-linkup-mcp-server", "LinkupPlatform/linkup-mcp-server", "https-github-com-linkupplatform-linkup-mcp-server", "https://github.com/linkupplatform/linkup-mcp-server", "https://github.com/LinkupPlatform/linkup-mcp-server", "linkupplatform/linkup-mcp-server", "linkupplatform-linkup-mcp-server", "linkup-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:linkupplatform/linkup-mcp-server", "canonical_url": "https://github.com/linkupplatform/linkup-mcp-server", "description": "Search the web in real time to get trustworthy, source-backed answers. Find the latest news and co\u2026", "discovery_status": "observed", "display_name": "ai-smithery-linkupplatform-linkup-mcp-server", "ecosystem": "mcp", "evidence_score": 71, "evidence_status": "awaiting verification", "findings": 300, "generated_at": "2026-06-07T19:20:29.199919+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-smithery-linkupplatform-linkup-mcp-server", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/LinkupPlatform-linkup-mcp-server", "repo_url": "https://github.com/LinkupPlatform/linkup-mcp-server", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-linkupplatform-linkup-mcp-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-linkupplatform-linkup-mcp-server", "tools": [ "Linkup", "linkup-fetch", "linkup-mcp-server", "linkup-search" ], "tools_count": 4, "top_findings": [ "Detected capability: wallet_payment \u2014 package-lock.json:4685", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11", "Install risk pattern: npm_lifecycle_script \u2014 package.json:19" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-linkupplatform-linkup-mcp-server.html", "url": "https://github.com/LinkupPlatform/linkup-mcp-server", "verdict_label": "Needs Oversight", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-lukaskostka99-marketing-miner-mcp", "mcp:ai-smithery-lukaskostka99-marketing-miner-mcp", "mcp-ai-smithery-lukaskostka99-marketing-miner-mcp", "https-github-com-lukaskostka99-marketing-miner-mcp", "https://github.com/lukaskostka99/marketing-miner-mcp", "lukaskostka99/marketing-miner-mcp", "lukaskostka99-marketing-miner-mcp", "marketing-miner-mcp" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:lukaskostka99/marketing-miner-mcp", "canonical_url": "https://github.com/lukaskostka99/marketing-miner-mcp", "description": "Discover high-impact keyword ideas across Central and Eastern European and English markets. Analyz\u2026", "discovery_status": "observed", "display_name": "ai-smithery-lukaskostka99-marketing-miner-mcp", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 84, "generated_at": "2026-06-07T19:20:29.208999+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-smithery-lukaskostka99-marketing-miner-mcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/lukaskostka99-marketing-miner-mcp", "repo_url": "https://github.com/lukaskostka99/marketing-miner-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-lukaskostka99-marketing-miner-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-lukaskostka99-marketing-miner-mcp", "tools": [ "marketing_miner_batch_search_volume", "marketing_miner_get_keyword_suggestions", "marketing_miner_get_search_volume", "marketing_miner_get_website_stats", "marketing_miner_get_website_stats_range" ], "tools_count": 5, "top_findings": [ "Install risk pattern: unpinned_dependency \u2014 package-lock.json:10", "References credential or secret pattern: API_KEY_GENERIC \u2014 src/index.ts:40", "Detected capability: network_egress \u2014 src/index.ts:163" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-lukaskostka99-marketing-miner-mcp.html", "url": "https://github.com/lukaskostka99/marketing-miner-mcp", "verdict_label": "Needs Oversight", "version": "1.14.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-luminati-io-brightdata-mcp", "mcp-ai-smithery-luminati-io-brightdata-mcp", "mcp:ai-smithery-luminati-io-brightdata-mcp", "brightdata/brightdata-mcp-sse", "https-github-com-brightdata-brightdata-mcp-sse", "https://github.com/brightdata/brightdata-mcp-sse", "brightdata-brightdata-mcp-sse", "brightdata-mcp-sse" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:brightdata/brightdata-mcp-sse", "canonical_url": "https://github.com/brightdata/brightdata-mcp-sse", "description": "One MCP for the Web. Easily search, crawl, navigate, and extract websites without getting blocked.\u2026", "discovery_status": "observed", "display_name": "ai-smithery-luminati-io-brightdata-mcp", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.209020+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-smithery-luminati-io-brightdata-mcp", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.smithery/luminati-io-brightdata-mcp", "repo_url": "https://github.com/brightdata/brightdata-mcp-sse", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-smithery-luminati-io-brightdata-mcp", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-luminati-io-brightdata-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-luminati-io-brightdata-mcp.html", "url": "https://github.com/brightdata/brightdata-mcp-sse", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-magenie33-quality-dimension-generator", "mcp:ai-smithery-magenie33-quality-dimension-generator", "mcp-ai-smithery-magenie33-quality-dimension-generator", "magenie33/quality-dimension-generator", "https://github.com/magenie33/quality-dimension-generator", "https-github-com-magenie33-quality-dimension-generator", "magenie33-quality-dimension-generator", "quality-dimension-generator" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:magenie33/quality-dimension-generator", "canonical_url": "https://github.com/magenie33/quality-dimension-generator", "description": "Generate tailored quality criteria and scoring guides from your task descriptions. Refine objectiv\u2026", "discovery_status": "observed", "display_name": "ai-smithery-magenie33-quality-dimension-generator", "ecosystem": "mcp", "evidence_score": 71, "evidence_status": "awaiting verification", "findings": 2, "generated_at": "2026-06-07T19:20:29.209067+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-smithery-magenie33-quality-dimension-generator", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.smithery/magenie33-quality-dimension-generator", "repo_url": "https://github.com/magenie33/quality-dimension-generator", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-smithery-magenie33-quality-dimension-generator", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-magenie33-quality-dimension-generator", "tools": [ "generate_quality_dimensions_prompt", "generate_task_analysis_prompt" ], "tools_count": 2, "top_findings": [ "Install risk pattern: unpinned_dependency \u2014 package.json:49" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-magenie33-quality-dimension-generator.html", "url": "https://github.com/magenie33/quality-dimension-generator", "verdict_label": "Sandbox/Test OK", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-metehangzl-pokemcp", "mcp-ai-smithery-metehangzl-pokemcp", "mcp:ai-smithery-metehangzl-pokemcp", "MetehanGZL/PokeMCP", "https-github-com-metehangzl-pokemcp", "https://github.com/MetehanGZL/PokeMCP", "https://github.com/metehangzl/pokemcp", "metehangzl/pokemcp", "metehangzl-pokemcp", "pokemcp" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:metehangzl/pokemcp", "canonical_url": "https://github.com/metehangzl/pokemcp", "description": "Provide detailed Pok\u00e9mon data and information through a standardized MCP interface. Enable LLMs an\u2026", "discovery_status": "observed", "display_name": "ai-smithery-metehangzl-pokemcp", "ecosystem": "mcp", "evidence_score": 71, "evidence_status": "awaiting verification", "findings": 42, "generated_at": "2026-06-07T19:20:29.200032+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-smithery-metehangzl-pokemcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/MetehanGZL-pokemcp", "repo_url": "https://github.com/MetehanGZL/PokeMCP", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-smithery-metehangzl-pokemcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-metehangzl-pokemcp", "tools": [ "make_move", "pokemon_query", "random_pokemon", "random_pokemon_by_type", "random_pokemon_from_region", "start_battle", "use_item" ], "tools_count": 7, "top_findings": [ "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-metehangzl-pokemcp.html", "url": "https://github.com/MetehanGZL/PokeMCP", "verdict_label": "Needs Oversight", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-mfukushim-map-traveler-mcp", "mcp:ai-smithery-mfukushim-map-traveler-mcp", "mcp-ai-smithery-mfukushim-map-traveler-mcp", "https://github.com/mfukushim/map-traveler-mcp", "https-github-com-mfukushim-map-traveler-mcp", "mfukushim/map-traveler-mcp", "mfukushim-map-traveler-mcp", "map-traveler-mcp" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:mfukushim/map-traveler-mcp", "canonical_url": "https://github.com/mfukushim/map-traveler-mcp", "description": "Create immersive travel experiences by instructing an avatar to navigate Google Maps. Report on th\u2026", "discovery_status": "observed", "display_name": "ai-smithery-mfukushim-map-traveler-mcp", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 109, "generated_at": "2026-06-07T19:20:29.209199+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [ "tool_names_extracted" ], "name": "ai-smithery-mfukushim-map-traveler-mcp", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/mfukushim-map-traveler-mcp", "repo_url": "https://github.com/mfukushim/map-traveler-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-mfukushim-map-traveler-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-mfukushim-map-traveler-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Detected capability: shell_execution \u2014 src/ImageService.ts:20", "Detected capability: database_access \u2014 pnpm-lock.yaml:58", "Detected capability: filesystem_write_delete \u2014 src/ImageService.ts:345" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-mfukushim-map-traveler-mcp.html", "url": "https://github.com/mfukushim/map-traveler-mcp", "verdict_label": "Review Before Install", "version": "0.2.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-miguelgarzons-mcp-cun", "mcp-ai-smithery-miguelgarzons-mcp-cun", "mcp:ai-smithery-miguelgarzons-mcp-cun", "https://github.com/miguelgarzons/mcp-cun", "miguelgarzons/mcp-cun", "https-github-com-miguelgarzons-mcp-cun", "miguelgarzons-mcp-cun", "mcp-cun" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:miguelgarzons/mcp-cun", "canonical_url": "https://github.com/miguelgarzons/mcp-cun", "description": "Greet people by name with friendly, personalized messages. Add a warm touch to onboarding, demos,\u2026", "discovery_status": "observed", "display_name": "ai-smithery-miguelgarzons-mcp-cun", "ecosystem": "mcp", "evidence_score": 71, "evidence_status": "awaiting verification", "findings": 2, "generated_at": "2026-06-07T19:20:29.209256+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-smithery-miguelgarzons-mcp-cun", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.smithery/miguelgarzons-mcp-cun", "repo_url": "https://github.com/miguelgarzons/mcp-cun", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-smithery-miguelgarzons-mcp-cun", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-miguelgarzons-mcp-cun", "tools": [ "World", "hello", "my_tool", "test-client" ], "tools_count": 4, "top_findings": [ "Install risk pattern: unpinned_dependency \u2014 Dockerfile:17", "Configuration environment variable access \u2014 src/character_counter/server.py:25" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-miguelgarzons-mcp-cun.html", "url": "https://github.com/miguelgarzons/mcp-cun", "verdict_label": "Sandbox/Test OK", "version": "1.15.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-minionszyw-bazi", "mcp-ai-smithery-minionszyw-bazi", "mcp:ai-smithery-minionszyw-bazi", "https://github.com/minionszyw/bazi", "https-github-com-minionszyw-bazi", "minionszyw/bazi", "minionszyw-bazi", "bazi" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:minionszyw/bazi", "canonical_url": "https://github.com/minionszyw/bazi", "description": "Generate BaZi charts from birth details. Explore Four Pillars, solar terms, and Luck Pillars for d\u2026", "discovery_status": "observed", "display_name": "ai-smithery-minionszyw-bazi", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.209265+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-smithery-minionszyw-bazi", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.smithery/minionszyw-bazi", "repo_url": "https://github.com/minionszyw/bazi", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-smithery-minionszyw-bazi", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-minionszyw-bazi", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-minionszyw-bazi.html", "url": "https://github.com/minionszyw/bazi", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.14.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-mjucius-cozi-mcp", "mcp-ai-smithery-mjucius-cozi-mcp", "mcp:ai-smithery-mjucius-cozi-mcp", "https://github.com/mjucius/cozi_mcp", "mjucius/cozi_mcp", "https-github-com-mjucius-cozi-mcp", "mjucius-cozi-mcp", "cozi_mcp", "cozi-mcp" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:mjucius/cozi_mcp", "canonical_url": "https://github.com/mjucius/cozi_mcp", "description": "Manage your family's calendars and lists in Cozi. View, create, and update appointments; organize\u2026", "discovery_status": "observed", "display_name": "ai-smithery-mjucius-cozi-mcp", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 147, "generated_at": "2026-06-07T19:20:29.209416+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-smithery-mjucius-cozi-mcp", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/mjucius-cozi_mcp", "repo_url": "https://github.com/mjucius/cozi_mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-mjucius-cozi-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-mjucius-cozi-mcp", "tools": [ "add_item", "create_appointment", "create_list", "delete_appointment", "delete_list", "family_members", "get_calendar", "get_list_items", "get_lists", "remove_items", "update_appointment", "update_item" ], "tools_count": 12, "top_findings": [ "Detected capability: shell_execution \u2014 src/cozi/models.ts:27", "Detected capability: environment_access \u2014 scripts/smoke-write.ts:25", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-mjucius-cozi-mcp.html", "url": "https://github.com/mjucius/cozi_mcp", "verdict_label": "Review Before Install", "version": "1.14.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-morosss-sdfsdf", "mcp:ai-smithery-morosss-sdfsdf", "mcp-ai-smithery-morosss-sdfsdf", "https-github-com-morosss-sdfsdf", "morosss/sdfsdf", "https://github.com/morosss/sdfsdf", "morosss-sdfsdf", "sdfsdf" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:morosss/sdfsdf", "canonical_url": "https://github.com/morosss/sdfsdf", "description": "Find academic papers across major sources like arXiv, PubMed, bioRxiv, and more. Download PDFs whe\u2026", "discovery_status": "observed", "display_name": "ai-smithery-morosss-sdfsdf", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 18, "generated_at": "2026-06-07T19:20:29.209490+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-smithery-morosss-sdfsdf", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/morosss-sdfsdf", "repo_url": "https://github.com/morosss/sdfsdf", "risk_band": "high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-morosss-sdfsdf", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-morosss-sdfsdf", "tools": [ "async_search", "fetch", "search" ], "tools_count": 3, "top_findings": [ "Detected capability: filesystem_write_delete \u2014 paper_search_mcp/academic_platforms/sci_hub.py:22", "Detected capability: environment_access \u2014 paper_search_mcp/academic_platforms/semantic.py:153", "Detected capability: network_egress \u2014 paper_search_mcp/academic_platforms/arxiv.py:32" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-morosss-sdfsdf.html", "url": "https://github.com/morosss/sdfsdf", "verdict_label": "Needs Oversight", "version": "1.14.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-motorboy1-my-mcp-server", "mcp:ai-smithery-motorboy1-my-mcp-server", "mcp-ai-smithery-motorboy1-my-mcp-server", "motorboy1/my-mcp-server", "https://github.com/motorboy1/my-mcp-server", "https-github-com-motorboy1-my-mcp-server", "motorboy1-my-mcp-server", "my-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:motorboy1/my-mcp-server", "canonical_url": "https://github.com/motorboy1/my-mcp-server", "description": "Send friendly greetings by name. Discover the origin story of 'Hello, World' for quick context.", "discovery_status": "observed", "display_name": "ai-smithery-motorboy1-my-mcp-server", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.209501+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-smithery-motorboy1-my-mcp-server", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.smithery/motorboy1-my-mcp-server", "repo_url": "https://github.com/motorboy1/my-mcp-server", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-smithery-motorboy1-my-mcp-server", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-motorboy1-my-mcp-server", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-motorboy1-my-mcp-server.html", "url": "https://github.com/motorboy1/my-mcp-server", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-mrugankpednekar-bill-splitter-mcp", "mcp:ai-smithery-mrugankpednekar-bill-splitter-mcp", "mcp-ai-smithery-mrugankpednekar-bill-splitter-mcp", "mrugankpednekar/bill_splitter_mcp", "https://github.com/mrugankpednekar/bill_splitter_mcp", "https-github-com-mrugankpednekar-bill-splitter-mcp", "mrugankpednekar-bill-splitter-mcp", "bill-splitter-mcp", "bill_splitter_mcp" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:mrugankpednekar/bill_splitter_mcp", "canonical_url": "https://github.com/mrugankpednekar/bill_splitter_mcp", "description": "Track and split shared expenses across trips, events, and groups. Create groups, add expenses, and\u2026", "discovery_status": "observed", "display_name": "ai-smithery-mrugankpednekar-bill-splitter-mcp", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 9, "generated_at": "2026-06-07T19:20:29.209547+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-smithery-mrugankpednekar-bill-splitter-mcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/mrugankpednekar-bill_splitter_mcp", "repo_url": "https://github.com/mrugankpednekar/bill_splitter_mcp", "risk_band": "high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-mrugankpednekar-bill-splitter-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-mrugankpednekar-bill-splitter-mcp", "tools": [ "add_split", "balances", "create_group", "history", "quick_settle", "record_debt" ], "tools_count": 6, "top_findings": [ "Detected capability: database_access \u2014 server.py:3", "Install risk pattern: unpinned_dependency \u2014 Dockerfile:7" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-mrugankpednekar-bill-splitter-mcp.html", "url": "https://github.com/mrugankpednekar/bill_splitter_mcp", "verdict_label": "Needs Oversight", "version": "1.15.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-mrugankpednekar-mcp-optimizer", "mcp-ai-smithery-mrugankpednekar-mcp-optimizer", "mcp:ai-smithery-mrugankpednekar-mcp-optimizer", "https-github-com-mrugankpednekar-mcp-optimizer", "https://github.com/mrugankpednekar/mcp-optimizer", "mrugankpednekar/mcp-optimizer", "mrugankpednekar-mcp-optimizer", "mcp-optimizer" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:mrugankpednekar/mcp-optimizer", "canonical_url": "https://github.com/mrugankpednekar/mcp-optimizer", "description": "Optimize crew and workforce schedules, resource allocation, and routing with linear and mixed-inte\u2026", "discovery_status": "observed", "display_name": "ai-smithery-mrugankpednekar-mcp-optimizer", "ecosystem": "mcp", "evidence_score": 71, "evidence_status": "awaiting verification", "findings": 2, "generated_at": "2026-06-07T19:20:29.209590+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "tool_names_extracted", "dangerous_capabilities_observable" ], "name": "ai-smithery-mrugankpednekar-mcp-optimizer", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.smithery/mrugankpednekar-mcp-optimizer", "repo_url": "https://github.com/mrugankpednekar/mcp-optimizer", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-smithery-mrugankpednekar-mcp-optimizer", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-mrugankpednekar-mcp-optimizer", "tools": [], "tools_count": 0, "top_findings": [ "Configuration environment variable access \u2014 src/crew_optimizer/server.py:254" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-mrugankpednekar-mcp-optimizer.html", "url": "https://github.com/mrugankpednekar/mcp-optimizer", "verdict_label": "Sandbox/Test OK", "version": "1.16.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-nekzus-npm-sentinel-mcp", "mcp:ai-smithery-nekzus-npm-sentinel-mcp", "mcp-ai-smithery-nekzus-npm-sentinel-mcp", "https-github-com-nekzus-npm-sentinel-mcp", "Nekzus/npm-sentinel-mcp", "https://github.com/Nekzus/npm-sentinel-mcp", "https://github.com/nekzus/npm-sentinel-mcp", "nekzus/npm-sentinel-mcp", "nekzus-npm-sentinel-mcp", "npm-sentinel-mcp" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:nekzus/npm-sentinel-mcp", "canonical_url": "https://github.com/nekzus/npm-sentinel-mcp", "description": "Provide AI-powered real-time analysis and intelligence on NPM packages, including security, depend\u2026", "discovery_status": "observed", "display_name": "ai-smithery-nekzus-npm-sentinel-mcp", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 300, "generated_at": "2026-06-07T19:20:29.200608+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-smithery-nekzus-npm-sentinel-mcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/Nekzus-npm-sentinel-mcp", "repo_url": "https://github.com/Nekzus/npm-sentinel-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-nekzus-npm-sentinel-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-nekzus-npm-sentinel-mcp", "tools": [ "npmAlternatives", "npmChangelogAnalysis", "npmCompare", "npmDeprecated", "npmDeps", "npmLatest", "npmLicenseCompatibility", "npmMaintainers", "npmMaintenance", "npmPackageReadme", "npmQuality", "npmRepoStats", "npmScore", "npmSearch", "npmSize", "npmTrends", "npmTypes", "npmVersions", "npmVulnerabilities" ], "tools_count": 19, "top_findings": [ "Detected capability: network_egress \u2014 index.ts:10", "Detected capability: filesystem_read \u2014 index.ts:40", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-nekzus-npm-sentinel-mcp.html", "url": "https://github.com/Nekzus/npm-sentinel-mcp", "verdict_label": "Needs Oversight", "version": "1.11.8", "visible_controls": [] }, { "aliases": [ "ai-smithery-neverinfamous-memory-journal-mcp", "mcp-ai-smithery-neverinfamous-memory-journal-mcp", "mcp:ai-smithery-neverinfamous-memory-journal-mcp", "https://github.com/neverinfamous/memory-journal-mcp", "neverinfamous/memory-journal-mcp", "https-github-com-neverinfamous-memory-journal-mcp", "neverinfamous-memory-journal-mcp", "memory-journal-mcp" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:neverinfamous/memory-journal-mcp", "canonical_url": "https://github.com/neverinfamous/memory-journal-mcp", "description": "A MCP server built for developers enabling Git based project management with project and personal\u2026", "discovery_status": "observed", "display_name": "ai-smithery-neverinfamous-memory-journal-mcp", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 300, "generated_at": "2026-06-07T19:20:29.209865+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [], "name": "ai-smithery-neverinfamous-memory-journal-mcp", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/neverinfamous-memory-journal-mcp", "repo_url": "https://github.com/neverinfamous/memory-journal-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-neverinfamous-memory-journal-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-neverinfamous-memory-journal-mcp", "tools": [ "MyAgent", "MyMCP", "add", "get_user", "get_weather", "increment", "my_tool" ], "tools_count": 7, "top_findings": [ "Detected capability: docker_privilege \u2014 Dockerfile:101", "Detected capability: shell_execution \u2014 scripts/run-checks.ts:1", "References credential or secret pattern: GITHUB_TOKEN \u2014 .env.example:26" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-neverinfamous-memory-journal-mcp.html", "url": "https://github.com/neverinfamous/memory-journal-mcp", "verdict_label": "Review Before Install", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-oxylabs-oxylabs-mcp", "mcp:ai-smithery-oxylabs-oxylabs-mcp", "mcp-ai-smithery-oxylabs-oxylabs-mcp", "oxylabs/oxylabs-mcp", "https://github.com/oxylabs/oxylabs-mcp", "https-github-com-oxylabs-oxylabs-mcp", "oxylabs-oxylabs-mcp", "oxylabs-mcp" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:oxylabs/oxylabs-mcp", "canonical_url": "https://github.com/oxylabs/oxylabs-mcp", "description": "Fetch and process content from specified URLs using the Oxylabs Web Scraper API.", "discovery_status": "observed", "display_name": "ai-smithery-oxylabs-oxylabs-mcp", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 28, "generated_at": "2026-06-07T19:20:29.209968+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-smithery-oxylabs-oxylabs-mcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/oxylabs-oxylabs-mcp", "repo_url": "https://github.com/oxylabs/oxylabs-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "sensitive_context", "score": null, "score_adjusted": false, "slug": "ai-smithery-oxylabs-oxylabs-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-oxylabs-oxylabs-mcp", "tools": [ "ai_browser_agent", "ai_crawler", "ai_map", "ai_scraper", "ai_search", "amazon_product_scraper", "amazon_search_scraper", "generate_schema", "google_search_scraper", "universal_scraper" ], "tools_count": 10, "top_findings": [ "Detected capability: environment_access \u2014 src/oxylabs_mcp/utils.py:182", "Install risk pattern: unpinned_dependency \u2014 Dockerfile:13", "References credential or secret pattern: API_KEY_GENERIC \u2014 server.json:38" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-oxylabs-oxylabs-mcp.html", "url": "https://github.com/oxylabs/oxylabs-mcp", "verdict_label": "Needs Oversight", "version": "1.13.1", "visible_controls": [] }, { "aliases": [ "ai-smithery-pablolec-keyprobe-mcp", "mcp-ai-smithery-pablolec-keyprobe-mcp", "mcp:ai-smithery-pablolec-keyprobe-mcp", "https://github.com/PabloLec/KeyProbe-MCP", "PabloLec/KeyProbe-MCP", "https://github.com/pablolec/keyprobe-mcp", "https-github-com-pablolec-keyprobe-mcp", "pablolec-keyprobe-mcp", "pablolec/keyprobe-mcp", "keyprobe-mcp" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:pablolec/keyprobe-mcp", "canonical_url": "https://github.com/pablolec/keyprobe-mcp", "description": "Audit certificates and keystores to surface expiry risks, weak algorithms, and misconfigurations.\u2026", "discovery_status": "observed", "display_name": "ai-smithery-pablolec-keyprobe-mcp", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 21, "generated_at": "2026-06-07T19:20:29.200699+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [ "tool_names_extracted" ], "name": "ai-smithery-pablolec-keyprobe-mcp", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/PabloLec-keyprobe-mcp", "repo_url": "https://github.com/PabloLec/KeyProbe-MCP", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-pablolec-keyprobe-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-pablolec-keyprobe-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Install risk pattern: curl_pipe_shell \u2014 Dockerfile:14", "Detected capability: wallet_payment \u2014 keyprobe/format_identify.py:6", "References credential or secret pattern: PRIVATE_KEY \u2014 keyprobe/format_identify.py:6" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-pablolec-keyprobe-mcp.html", "url": "https://github.com/PabloLec/KeyProbe-MCP", "verdict_label": "Review Before Install", "version": "1.13.1", "visible_controls": [] }, { "aliases": [ "ai-smithery-phionx-mcp-hello-server", "mcp:ai-smithery-phionx-mcp-hello-server", "mcp-ai-smithery-phionx-mcp-hello-server", "Phionx/mcp-hello-server", "https-github-com-phionx-mcp-hello-server", "https://github.com/phionx/mcp-hello-server", "https://github.com/Phionx/mcp-hello-server", "phionx-mcp-hello-server", "phionx/mcp-hello-server", "mcp-hello-server" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:phionx/mcp-hello-server", "canonical_url": "https://github.com/phionx/mcp-hello-server", "description": "Send personalized greetings to anyone. Enable Pirate Mode for swashbuckling salutations. Explore t\u2026", "discovery_status": "observed", "display_name": "ai-smithery-phionx-mcp-hello-server", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 1, "generated_at": "2026-06-07T19:20:29.200743+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "dangerous_capabilities_observable" ], "name": "ai-smithery-phionx-mcp-hello-server", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.smithery/Phionx-mcp-hello-server", "repo_url": "https://github.com/Phionx/mcp-hello-server", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-smithery-phionx-mcp-hello-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-phionx-mcp-hello-server", "tools": [ "World", "add_custom_variable", "check_equation", "create_server", "hello", "list_units", "my_tool", "test-client" ], "tools_count": 8, "top_findings": [ "References credential or secret pattern: API_KEY_GENERIC \u2014 src/hello_server/server.py:25" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-phionx-mcp-hello-server.html", "url": "https://github.com/Phionx/mcp-hello-server", "verdict_label": "Sandbox/Test OK", "version": "1.16.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-pinkpixel-dev-web-scout-mcp", "mcp:ai-smithery-pinkpixel-dev-web-scout-mcp", "mcp-ai-smithery-pinkpixel-dev-web-scout-mcp", "https://github.com/pinkpixel-dev/web-scout-mcp", "https-github-com-pinkpixel-dev-web-scout-mcp", "pinkpixel-dev/web-scout-mcp", "pinkpixel-dev-web-scout-mcp", "web-scout-mcp" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:pinkpixel-dev/web-scout-mcp", "canonical_url": "https://github.com/pinkpixel-dev/web-scout-mcp", "description": "Search the web and extract clean, readable text from webpages. Process multiple URLs at once to sp\u2026", "discovery_status": "observed", "display_name": "ai-smithery-pinkpixel-dev-web-scout-mcp", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 74, "generated_at": "2026-06-07T19:20:29.210235+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-smithery-pinkpixel-dev-web-scout-mcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/pinkpixel-dev-web-scout-mcp", "repo_url": "https://github.com/pinkpixel-dev/web-scout-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-pinkpixel-dev-web-scout-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-pinkpixel-dev-web-scout-mcp", "tools": [ "DuckDuckGoWebSearch", "UrlContentExtractor" ], "tools_count": 2, "top_findings": [ "Detected capability: filesystem_write_delete \u2014 src/index.ts:217", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11", "Detected capability: network_egress \u2014 src/index.ts:129" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-pinkpixel-dev-web-scout-mcp.html", "url": "https://github.com/pinkpixel-dev/web-scout-mcp", "verdict_label": "Needs Oversight", "version": "1.5.5", "visible_controls": [] }, { "aliases": [ "ai-smithery-pixdataorg-coderide", "mcp:ai-smithery-pixdataorg-coderide", "mcp-ai-smithery-pixdataorg-coderide", "PixdataOrg/coderide-mcp", "https://github.com/PixdataOrg/coderide-mcp", "https://github.com/pixdataorg/coderide-mcp", "https-github-com-pixdataorg-coderide-mcp", "pixdataorg/coderide-mcp", "pixdataorg-coderide-mcp", "coderide-mcp" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:pixdataorg/coderide-mcp", "canonical_url": "https://github.com/pixdataorg/coderide-mcp", "description": "CodeRide eliminates the context reset cycle once and for all. Through MCP integration, it seamless\u2026", "discovery_status": "observed", "display_name": "ai-smithery-pixdataorg-coderide", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 70, "generated_at": "2026-06-07T19:20:29.200836+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [ "tool_names_extracted" ], "name": "ai-smithery-pixdataorg-coderide", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/PixdataOrg-coderide", "repo_url": "https://github.com/PixdataOrg/coderide-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-pixdataorg-coderide", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-pixdataorg-coderide", "tools": [], "tools_count": 0, "top_findings": [ "Detected capability: shell_execution \u2014 src/tools/start-project.ts:171", "Detected capability: environment_access \u2014 src/index.ts:426", "Broad or write-capable OAuth/API scope: github_write_scope \u2014 src/utils/base-tool.ts:34" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-pixdataorg-coderide.html", "url": "https://github.com/PixdataOrg/coderide-mcp", "verdict_label": "Review Before Install", "version": "0.9.1", "visible_controls": [] }, { "aliases": [ "ai-smithery-plainyogurt21-sec-edgar-mcp", "mcp-ai-smithery-plainyogurt21-sec-edgar-mcp", "mcp:ai-smithery-plainyogurt21-sec-edgar-mcp", "https-github-com-plainyogurt21-sec-edgar-mcp", "https://github.com/plainyogurt21/sec-edgar-mcp", "plainyogurt21/sec-edgar-mcp", "plainyogurt21-sec-edgar-mcp", "sec-edgar-mcp" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:plainyogurt21/sec-edgar-mcp", "canonical_url": "https://github.com/plainyogurt21/sec-edgar-mcp", "description": "Provide AI assistants with real-time access to official SEC EDGAR filings and financial data. Enab\u2026", "discovery_status": "observed", "display_name": "ai-smithery-plainyogurt21-sec-edgar-mcp", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 9, "generated_at": "2026-06-07T19:20:29.210299+00:00", "install_label": "Source Not Verified", "install_posture": "Needs Oversight", "internal_verdict": "medium_risk", "missing_evidence": [], "name": "ai-smithery-plainyogurt21-sec-edgar-mcp", "normalized_repo_url_from": "url", "posture": "needs_oversight", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/plainyogurt21-sec-edgar-mcp", "repo_url": "https://github.com/plainyogurt21/sec-edgar-mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-plainyogurt21-sec-edgar-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-plainyogurt21-sec-edgar-mcp", "tools": [ "analyze_8k", "analyze_form4_transactions", "analyze_insider_sentiment", "compare_periods", "discover_company_metrics", "discover_xbrl_concepts", "get_cik_by_ticker", "get_company_facts", "get_company_info", "get_filing_content", "get_filing_sections", "get_financials", "get_form4_details", "get_insider_summary", "get_insider_transactions", "get_key_metrics", "get_recent_filings", "get_recommended_tools", "get_segment_data", "get_xbrl_concepts", "search_companies" ], "tools_count": 21, "top_findings": [ "Detected capability: network_egress \u2014 sec_edgar_mcp/document_parser.py:86", "References credential or secret pattern: API_KEY_GENERIC \u2014 Dockerfile:26", "Configuration environment variable access \u2014 sec_edgar_mcp/config.py:7" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-plainyogurt21-sec-edgar-mcp.html", "url": "https://github.com/plainyogurt21/sec-edgar-mcp", "verdict_label": "Install With Restrictions", "version": "1.14.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-pratiksha-kanoja-magicslide-mcp-test", "mcp-ai-smithery-pratiksha-kanoja-magicslide-mcp-test", "mcp:ai-smithery-pratiksha-kanoja-magicslide-mcp-test", "https://github.com/Pratiksha-Kanoja/magicslide-mcp-test", "https://github.com/pratiksha-kanoja/magicslide-mcp-test", "https-github-com-pratiksha-kanoja-magicslide-mcp-test", "Pratiksha-Kanoja/magicslide-mcp-test", "pratiksha-kanoja/magicslide-mcp-test", "pratiksha-kanoja-magicslide-mcp-test", "magicslide-mcp-test" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:pratiksha-kanoja/magicslide-mcp-test", "canonical_url": "https://github.com/pratiksha-kanoja/magicslide-mcp-test", "description": "Create polished slide decks from text or YouTube links in seconds. Fetch video transcripts to tran\u2026", "discovery_status": "observed", "display_name": "ai-smithery-pratiksha-kanoja-magicslide-mcp-test", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.200849+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-smithery-pratiksha-kanoja-magicslide-mcp-test", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.smithery/Pratiksha-Kanoja-magicslide-mcp-test", "repo_url": "https://github.com/Pratiksha-Kanoja/magicslide-mcp-test", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-smithery-pratiksha-kanoja-magicslide-mcp-test", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-pratiksha-kanoja-magicslide-mcp-test", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-pratiksha-kanoja-magicslide-mcp-test.html", "url": "https://github.com/Pratiksha-Kanoja/magicslide-mcp-test", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-pythondev-pro-egw-writings-mcp-server", "mcp:ai-smithery-pythondev-pro-egw-writings-mcp-server", "mcp-ai-smithery-pythondev-pro-egw-writings-mcp-server", "pythondev-pro/egw_writings_mcp_server", "https-github-com-pythondev-pro-egw-writings-mcp-server", "https://github.com/pythondev-pro/egw_writings_mcp_server", "pythondev-pro-egw-writings-mcp-server", "egw_writings_mcp_server", "egw-writings-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:pythondev-pro/egw_writings_mcp_server", "canonical_url": "https://github.com/pythondev-pro/egw_writings_mcp_server", "description": "Search Ellen G. White\u2019s writings by keyword to surface relevant quotations. Retrieve exact passage\u2026", "discovery_status": "observed", "display_name": "ai-smithery-pythondev-pro-egw-writings-mcp-server", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.210309+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-smithery-pythondev-pro-egw-writings-mcp-server", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.smithery/pythondev-pro-egw_writings_mcp_server", "repo_url": "https://github.com/pythondev-pro/egw_writings_mcp_server", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-smithery-pythondev-pro-egw-writings-mcp-server", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-pythondev-pro-egw-writings-mcp-server", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-pythondev-pro-egw-writings-mcp-server.html", "url": "https://github.com/pythondev-pro/egw_writings_mcp_server", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.12.4", "visible_controls": [] }, { "aliases": [ "ai-smithery-rainbowgore-stealthee-mcp-tools", "mcp:ai-smithery-rainbowgore-stealthee-mcp-tools", "mcp-ai-smithery-rainbowgore-stealthee-mcp-tools", "https://github.com/rainbowgore/stealthee-mcp-tools", "https://github.com/rainbowgore/stealthee-MCP-tools", "rainbowgore/stealthee-MCP-tools", "https-github-com-rainbowgore-stealthee-mcp-tools", "rainbowgore-stealthee-mcp-tools", "rainbowgore/stealthee-mcp-tools", "stealthee-mcp-tools" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:rainbowgore/stealthee-mcp-tools", "canonical_url": "https://github.com/rainbowgore/stealthee-mcp-tools", "description": "Spot pre-launch products before they trend. Search the web and tech sites, extract and parse pages\u2026", "discovery_status": "observed", "display_name": "ai-smithery-rainbowgore-stealthee-mcp-tools", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 141, "generated_at": "2026-06-07T19:20:29.210470+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-smithery-rainbowgore-stealthee-mcp-tools", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/rainbowgore-stealthee-mcp-tools", "repo_url": "https://github.com/rainbowgore/stealthee-MCP-tools", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-rainbowgore-stealthee-mcp-tools", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-rainbowgore-stealthee-mcp-tools", "tools": [ "batch_score_signals", "create_app", "create_server", "list_tools", "log_requests", "parse_fields", "run_pipeline", "score_signal", "search_tech_sites", "stealth-launch-radar", "url_extract", "web_search" ], "tools_count": 12, "top_findings": [ "References credential or secret pattern: OPENAI_API_KEY \u2014 .env.example:3", "References credential or secret pattern: ANTHROPIC_API_KEY \u2014 .env.example:11", "References credential or secret pattern: DATABASE_URL \u2014 .env.example:14" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-rainbowgore-stealthee-mcp-tools.html", "url": "https://github.com/rainbowgore/stealthee-MCP-tools", "verdict_label": "Needs Oversight", "version": "1.14.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-ramadasmr-networkcalc-mcp", "mcp:ai-smithery-ramadasmr-networkcalc-mcp", "mcp-ai-smithery-ramadasmr-networkcalc-mcp", "ramadasmr/networkcalc-mcp", "https-github-com-ramadasmr-networkcalc-mcp", "https://github.com/ramadasmr/networkcalc-mcp", "ramadasmr-networkcalc-mcp", "networkcalc-mcp" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:ramadasmr/networkcalc-mcp", "canonical_url": "https://github.com/ramadasmr/networkcalc-mcp", "description": "Look up DNS information for any domain to troubleshoot issues and gather insights. Get fast, relia\u2026", "discovery_status": "observed", "display_name": "ai-smithery-ramadasmr-networkcalc-mcp", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 47, "generated_at": "2026-06-07T19:20:29.210576+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-smithery-ramadasmr-networkcalc-mcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/ramadasmr-networkcalc-mcp", "repo_url": "https://github.com/ramadasmr/networkcalc-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-ramadasmr-networkcalc-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-ramadasmr-networkcalc-mcp", "tools": [ "calculate_subnet", "certificate_info", "dns_lookup", "fetch_cert_info", "fetch_dns_lookup", "fetch_spf_lookup", "fetch_subnet_info", "fetch_whois_lookup", "spf_lookup", "whois_lookup" ], "tools_count": 10, "top_findings": [ "Install risk pattern: unpinned_dependency \u2014 Dockerfile:16", "Detected capability: network_egress \u2014 main.py:3", "Configuration environment variable access \u2014 main.py:117" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-ramadasmr-networkcalc-mcp.html", "url": "https://github.com/ramadasmr/networkcalc-mcp", "verdict_label": "Needs Oversight", "version": "1.13.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-ref-tools-ref-tools-mcp", "mcp-ai-smithery-ref-tools-ref-tools-mcp", "mcp:ai-smithery-ref-tools-ref-tools-mcp", "https-github-com-ref-tools-ref-tools-mcp", "https://github.com/ref-tools/ref-tools-mcp", "ref-tools/ref-tools-mcp", "ref-tools-ref-tools-mcp", "ref-tools-mcp" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:ref-tools/ref-tools-mcp", "canonical_url": "https://github.com/ref-tools/ref-tools-mcp", "description": "Provide your AI coding tools with token-efficient access to up-to-date technical documentation for\u2026", "discovery_status": "observed", "display_name": "ai-smithery-ref-tools-ref-tools-mcp", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 142, "generated_at": "2026-06-07T19:20:29.210735+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "tool_names_extracted" ], "name": "ai-smithery-ref-tools-ref-tools-mcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/ref-tools-ref-tools-mcp", "repo_url": "https://github.com/ref-tools/ref-tools-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-ref-tools-ref-tools-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-ref-tools-ref-tools-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Detected capability: environment_access \u2014 index.ts:238", "References credential or secret pattern: API_KEY_GENERIC \u2014 index.ts:230", "Detected capability: network_egress \u2014 index.ts:279" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-ref-tools-ref-tools-mcp.html", "url": "https://github.com/ref-tools/ref-tools-mcp", "verdict_label": "Needs Oversight", "version": "3.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-rencosta2025-context7fork", "mcp-ai-smithery-rencosta2025-context7fork", "mcp:ai-smithery-rencosta2025-context7fork", "https-github-com-rencosta2025-context7fork", "renCosta2025/context7fork", "https://github.com/rencosta2025/context7fork", "https://github.com/renCosta2025/context7fork", "rencosta2025/context7fork", "rencosta2025-context7fork", "context7fork" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:rencosta2025/context7fork", "canonical_url": "https://github.com/rencosta2025/context7fork", "description": "Get up-to-date, version-specific documentation and code examples from official sources directly in\u2026", "discovery_status": "observed", "display_name": "ai-smithery-rencosta2025-context7fork", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 134, "generated_at": "2026-06-07T19:20:29.210952+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [], "name": "ai-smithery-rencosta2025-context7fork", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/renCosta2025-context7fork", "repo_url": "https://github.com/renCosta2025/context7fork", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-rencosta2025-context7fork", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-rencosta2025-context7fork", "tools": [ "Upstash", "context7", "get-library-docs", "resolve-library-id" ], "tools_count": 4, "top_findings": [ "Detected capability: shell_execution \u2014 bun.lock:160", "Install risk pattern: unpinned_dependency \u2014 bun.lock:6", "References credential or secret pattern: API_KEY_GENERIC \u2014 src/index.ts:307" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-rencosta2025-context7fork.html", "url": "https://github.com/renCosta2025/context7fork", "verdict_label": "Review Before Install", "version": "1.0.13", "visible_controls": [] }, { "aliases": [ "ai-smithery-rfdez-pvpc-mcp-server", "mcp-ai-smithery-rfdez-pvpc-mcp-server", "mcp:ai-smithery-rfdez-pvpc-mcp-server", "https-github-com-rfdez-pvpc-mcp-server", "https://github.com/rfdez/pvpc-mcp-server", "rfdez/pvpc-mcp-server", "rfdez-pvpc-mcp-server", "pvpc-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:rfdez/pvpc-mcp-server", "canonical_url": "https://github.com/rfdez/pvpc-mcp-server", "description": "Retrieve daily PVPC electricity tariffs for 2.0 TD consumers, published by Red El\u00e9ctrica.", "discovery_status": "observed", "display_name": "ai-smithery-rfdez-pvpc-mcp-server", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 117, "generated_at": "2026-06-07T19:20:29.211107+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "dangerous_capabilities_observable" ], "name": "ai-smithery-rfdez-pvpc-mcp-server", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/rfdez-pvpc-mcp-server", "repo_url": "https://github.com/rfdez/pvpc-mcp-server", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-smithery-rfdez-pvpc-mcp-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-rfdez-pvpc-mcp-server", "tools": [ "fetch_prices" ], "tools_count": 1, "top_findings": [ "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11", "References credential or secret pattern: API_KEY_GENERIC \u2014 src/index.ts:99" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-rfdez-pvpc-mcp-server.html", "url": "https://github.com/rfdez/pvpc-mcp-server", "verdict_label": "Needs Oversight", "version": "3.2.3", "visible_controls": [] }, { "aliases": [ "ai-smithery-saidsef-mcp-github-pr-issue-analyser", "mcp-ai-smithery-saidsef-mcp-github-pr-issue-analyser", "mcp:ai-smithery-saidsef-mcp-github-pr-issue-analyser", "https-github-com-saidsef-mcp-github-pr-issue-analyser", "saidsef/mcp-github-pr-issue-analyser", "https://github.com/saidsef/mcp-github-pr-issue-analyser", "saidsef-mcp-github-pr-issue-analyser", "mcp-github-pr-issue-analyser" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:saidsef/mcp-github-pr-issue-analyser", "canonical_url": "https://github.com/saidsef/mcp-github-pr-issue-analyser", "description": "A Model Context Protocol (MCP) application for automated GitHub PR analysis and issue management.\u2026", "discovery_status": "observed", "display_name": "ai-smithery-saidsef-mcp-github-pr-issue-analyser", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 62, "generated_at": "2026-06-07T19:20:29.211226+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "tool_names_extracted" ], "name": "ai-smithery-saidsef-mcp-github-pr-issue-analyser", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/saidsef-mcp-github-pr-issue-analyser", "repo_url": "https://github.com/saidsef/mcp-github-pr-issue-analyser", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-saidsef-mcp-github-pr-issue-analyser", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-saidsef-mcp-github-pr-issue-analyser", "tools": [], "tools_count": 0, "top_findings": [ "References credential or secret pattern: GITHUB_TOKEN \u2014 deployment/base/deployment.yml:39", "Detected capability: environment_access \u2014 src/mcp_github/auth.py:38", "Broad or write-capable OAuth/API scope: github_write_scope \u2014 src/mcp_github/auth.py:112" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-saidsef-mcp-github-pr-issue-analyser.html", "url": "https://github.com/saidsef/mcp-github-pr-issue-analyser", "verdict_label": "Needs Oversight", "version": "1.15.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-samihalawa-whatsapp-go-mcp", "mcp:ai-smithery-samihalawa-whatsapp-go-mcp", "mcp-ai-smithery-samihalawa-whatsapp-go-mcp", "samihalawa/whatsapp-go-mcp", "https://github.com/samihalawa/whatsapp-go-mcp", "https-github-com-samihalawa-whatsapp-go-mcp", "samihalawa-whatsapp-go-mcp", "whatsapp-go-mcp" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:samihalawa/whatsapp-go-mcp", "canonical_url": "https://github.com/samihalawa/whatsapp-go-mcp", "description": "Scan QR codes and go! No more troublesome autos or APIs! Send text messages, images, links, locati\u2026", "discovery_status": "observed", "display_name": "ai-smithery-samihalawa-whatsapp-go-mcp", "ecosystem": "mcp", "evidence_score": 43, "evidence_status": "awaiting verification", "findings": 1, "generated_at": "2026-06-07T19:20:29.211274+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "source_code_visible", "tool_definitions_visible", "tool_names_extracted", "dangerous_capabilities_observable" ], "name": "ai-smithery-samihalawa-whatsapp-go-mcp", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.smithery/samihalawa-whatsapp-go-mcp", "repo_url": "https://github.com/samihalawa/whatsapp-go-mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-samihalawa-whatsapp-go-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-samihalawa-whatsapp-go-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Install/config context pattern: filesystem_write_delete \u2014 Dockerfile:46" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-samihalawa-whatsapp-go-mcp.html", "url": "https://github.com/samihalawa/whatsapp-go-mcp", "verdict_label": "Sandbox/Test OK", "version": "v7.5.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-scrapegraphai-scrapegraph-mcp", "mcp-ai-smithery-scrapegraphai-scrapegraph-mcp", "mcp:ai-smithery-scrapegraphai-scrapegraph-mcp", "https://github.com/ScrapeGraphAI/scrapegraph-mcp", "https://github.com/scrapegraphai/scrapegraph-mcp", "ScrapeGraphAI/scrapegraph-mcp", "https-github-com-scrapegraphai-scrapegraph-mcp", "scrapegraphai-scrapegraph-mcp", "scrapegraphai/scrapegraph-mcp", "scrapegraph-mcp" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:scrapegraphai/scrapegraph-mcp", "canonical_url": "https://github.com/scrapegraphai/scrapegraph-mcp", "description": "Enable language models to perform advanced AI-powered web scraping with enterprise-grade reliabili\u2026", "discovery_status": "observed", "display_name": "ai-smithery-scrapegraphai-scrapegraph-mcp", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 66, "generated_at": "2026-06-07T19:20:29.200951+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-smithery-scrapegraphai-scrapegraph-mcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/ScrapeGraphAI-scrapegraph-mcp", "repo_url": "https://github.com/ScrapeGraphAI/scrapegraph-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-scrapegraphai-scrapegraph-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-scrapegraphai-scrapegraph-mcp", "tools": [ "api_status", "crawl_get_status", "crawl_resume", "crawl_start", "crawl_stop", "create_server", "credits", "extract", "get_api_key", "history", "monitor_activity", "monitor_create", "monitor_delete", "monitor_get", "monitor_list", "monitor_pause", "monitor_resume", "new_tool", "schema", "scrape", "search", "tool_name" ], "tools_count": 22, "top_findings": [ "References credential or secret pattern: API_KEY_GENERIC \u2014 .env.example:31", "Install risk pattern: unpinned_dependency \u2014 Dockerfile:10", "Detected capability: network_egress \u2014 src/scrapegraph_mcp/server.py:13" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-scrapegraphai-scrapegraph-mcp.html", "url": "https://github.com/ScrapeGraphAI/scrapegraph-mcp", "verdict_label": "Needs Oversight", "version": "1.16.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-sebastianall1977-gmail-mcp", "mcp:ai-smithery-sebastianall1977-gmail-mcp", "mcp-ai-smithery-sebastianall1977-gmail-mcp", "https://github.com/sebastianall1977/gmail-mcp", "sebastianall1977/gmail-mcp", "https-github-com-sebastianall1977-gmail-mcp", "sebastianall1977-gmail-mcp", "gmail-mcp" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:sebastianall1977/gmail-mcp", "canonical_url": "https://github.com/sebastianall1977/gmail-mcp", "description": "Manage Gmail end-to-end: search, read, send, draft, label, and organize threads. Automate workflow\u2026", "discovery_status": "observed", "display_name": "ai-smithery-sebastianall1977-gmail-mcp", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 61, "generated_at": "2026-06-07T19:20:29.211361+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-smithery-sebastianall1977-gmail-mcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/sebastianall1977-gmail-mcp", "repo_url": "https://github.com/sebastianall1977/gmail-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-sebastianall1977-gmail-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-sebastianall1977-gmail-mcp", "tools": [ "list_messages" ], "tools_count": 1, "top_findings": [ "Detected capability: database_access \u2014 pnpm-lock.yaml:1075", "Detected capability: environment_access \u2014 src/config.ts:12", "Broad or write-capable OAuth/API scope: google_broad_scope \u2014 src/index.ts:60" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-sebastianall1977-gmail-mcp.html", "url": "https://github.com/sebastianall1977/gmail-mcp", "verdict_label": "Needs Oversight", "version": "1.7.4", "visible_controls": [] }, { "aliases": [ "ai-smithery-serkan-ozal-driflyte-mcp-server", "mcp:ai-smithery-serkan-ozal-driflyte-mcp-server", "mcp-ai-smithery-serkan-ozal-driflyte-mcp-server", "serkan-ozal/driflyte-mcp-server", "https://github.com/serkan-ozal/driflyte-mcp-server", "https-github-com-serkan-ozal-driflyte-mcp-server", "serkan-ozal-driflyte-mcp-server", "driflyte-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:serkan-ozal/driflyte-mcp-server", "canonical_url": "https://github.com/serkan-ozal/driflyte-mcp-server", "description": "Discover available topics and explore up-to-date, topic-tagged web content. Search to surface the\u2026", "discovery_status": "observed", "display_name": "ai-smithery-serkan-ozal-driflyte-mcp-server", "ecosystem": "mcp", "evidence_score": 71, "evidence_status": "awaiting verification", "findings": 300, "generated_at": "2026-06-07T19:20:29.211628+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-smithery-serkan-ozal-driflyte-mcp-server", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/serkan-ozal-driflyte-mcp-server", "repo_url": "https://github.com/serkan-ozal/driflyte-mcp-server", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-serkan-ozal-driflyte-mcp-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-serkan-ozal-driflyte-mcp-server", "tools": [ "list-topics", "search" ], "tools_count": 2, "top_findings": [ "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11", "Install/config context pattern: filesystem_write_delete \u2014 package.json:48" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-serkan-ozal-driflyte-mcp-server.html", "url": "https://github.com/serkan-ozal/driflyte-mcp-server", "verdict_label": "Needs Oversight", "version": "0.1.15", "visible_controls": [] }, { "aliases": [ "ai-smithery-shoumikdc-arxiv-mcp", "mcp-ai-smithery-shoumikdc-arxiv-mcp", "mcp:ai-smithery-shoumikdc-arxiv-mcp", "https-github-com-shoumikdc-arxiv-mcp", "https://github.com/shoumikdc/arxiv-mcp", "https://github.com/shoumikdc/arXiv-mcp", "shoumikdc/arXiv-mcp", "shoumikdc-arxiv-mcp", "shoumikdc/arxiv-mcp", "arxiv-mcp" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:shoumikdc/arxiv-mcp", "canonical_url": "https://github.com/shoumikdc/arxiv-mcp", "description": "Discover the latest arXiv papers by category and keyword. Control how many results you get to spee\u2026", "discovery_status": "observed", "display_name": "ai-smithery-shoumikdc-arxiv-mcp", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 4, "generated_at": "2026-06-07T19:20:29.211704+00:00", "install_label": "Source Not Verified", "install_posture": "Needs Oversight", "internal_verdict": "medium_risk", "missing_evidence": [], "name": "ai-smithery-shoumikdc-arxiv-mcp", "normalized_repo_url_from": "url", "posture": "needs_oversight", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/shoumikdc-arxiv-mcp", "repo_url": "https://github.com/shoumikdc/arXiv-mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-shoumikdc-arxiv-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-shoumikdc-arxiv-mcp", "tools": [ "World", "create_server", "fetch_current_arxiv_postings_rss", "hello", "keyword_search_arxiv_rss", "my_tool", "test-client" ], "tools_count": 7, "top_findings": [ "References credential or secret pattern: API_KEY_GENERIC \u2014 src/hello_server/server.py:20", "Detected capability: network_egress \u2014 src/hello_server/server.py:43" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-shoumikdc-arxiv-mcp.html", "url": "https://github.com/shoumikdc/arXiv-mcp", "verdict_label": "Install With Restrictions", "version": "1.15.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-slhad-aha-mcp", "mcp:ai-smithery-slhad-aha-mcp", "mcp-ai-smithery-slhad-aha-mcp", "slhad/aha-mcp", "https://github.com/slhad/aha-mcp", "https-github-com-slhad-aha-mcp", "slhad-aha-mcp", "aha-mcp" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:slhad/aha-mcp", "canonical_url": "https://github.com/slhad/aha-mcp", "description": "A TypeScript MCP server for Home Assistant, enabling programmatic management of entities, automati\u2026", "discovery_status": "observed", "display_name": "ai-smithery-slhad-aha-mcp", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 219, "generated_at": "2026-06-07T19:20:29.211917+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-smithery-slhad-aha-mcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/slhad-aha-mcp", "repo_url": "https://github.com/slhad/aha-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-slhad-aha-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-slhad-aha-mcp", "tools": [ "call-service", "continue-config-entry-flow", "create-config-entry-flow", "create-config-entry-options-flow", "create-lovelace-dashboard", "create-rest-automation", "delete-automation", "delete-lovelace-dashboard", "delete-rest-automation-by-rest-id", "delete-rest-script-by-alias", "finish-config-entry-flow", "update-automation-by-entity-id", "update-config-entry-options-flow", "update-device-registry", "update-lovelace-config", "update-rest-automation-by-rest-id", "upsertScriptRest-rest-script-by-alias", "validate-config" ], "tools_count": 18, "top_findings": [ "Detected capability: filesystem_write_delete \u2014 scripts/tools-to-markdown.js:3", "Detected capability: environment_access \u2014 src/index.ts:63", "References credential or secret pattern: API_KEY_GENERIC \u2014 .vscode/launch.json:5" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-slhad-aha-mcp.html", "url": "https://github.com/slhad/aha-mcp", "verdict_label": "Needs Oversight", "version": "0.1.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-smithery-ai-cookbook-python-quickstart", "mcp-ai-smithery-smithery-ai-cookbook-python-quickstart", "mcp:ai-smithery-smithery-ai-cookbook-python-quickstart", "https-github-com-smithery-ai-smithery-cookbook-tree-main-servers-python-quickstart", "https://github.com/smithery-ai/smithery-cookbook/tree/main/servers/python/quickstart", "smithery-ai/smithery-cookbook/tree/main/servers/python/quickstart", "smithery-ai/smithery-cookbook", "smithery-ai-smithery-cookbook", "smithery-cookbook", "https://github.com/smithery-ai/smithery-cookbook", "https-github-com-smithery-ai-smithery-cookbook" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:smithery-ai/smithery-cookbook", "canonical_url": "https://github.com/smithery-ai/smithery-cookbook", "description": "A simple MCP server built with FastMCP and python", "discovery_status": "observed", "display_name": "ai-smithery-smithery-ai-cookbook-python-quickstart", "ecosystem": "mcp", "evidence_score": 71, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.211980+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-smithery-smithery-ai-cookbook-python-quickstart", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.smithery/smithery-ai-cookbook-python-quickstart", "repo_url": "https://github.com/smithery-ai/smithery-cookbook", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-smithery-smithery-ai-cookbook-python-quickstart", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-smithery-ai-cookbook-python-quickstart", "tools": [ "World", "count_character", "create_server", "hello", "my_tool", "test-client" ], "tools_count": 6, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-smithery-ai-cookbook-python-quickstart.html", "url": "https://github.com/smithery-ai/smithery-cookbook/tree/main/servers/python/quickstart", "verdict_label": "Sandbox/Test OK", "version": "1.13.1", "visible_controls": [] }, { "aliases": [ "ai-smithery-smithery-ai-fetch", "mcp:ai-smithery-smithery-ai-fetch", "mcp-ai-smithery-smithery-ai-fetch", "https-github-com-smithery-ai-mcp-servers-tree-main-fetch", "smithery-ai/mcp-servers/tree/main/fetch", "https://github.com/smithery-ai/mcp-servers/tree/main/fetch", "smithery-ai/mcp-servers", "smithery-ai-mcp-servers", "mcp-servers", "https://github.com/smithery-ai/mcp-servers", "https-github-com-smithery-ai-mcp-servers" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:smithery-ai/mcp-servers", "canonical_url": "https://github.com/smithery-ai/mcp-servers", "description": "A simple tool that performs a fetch request to a webpage.", "discovery_status": "observed", "display_name": "ai-smithery-smithery-ai-fetch", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.212041+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-smithery-smithery-ai-fetch", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.smithery/smithery-ai-fetch", "repo_url": "https://github.com/smithery-ai/mcp-servers", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-smithery-smithery-ai-fetch", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-smithery-ai-fetch", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-smithery-ai-fetch.html", "url": "https://github.com/smithery-ai/mcp-servers/tree/main/fetch", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-sunub-obsidian-mcp-server", "mcp-ai-smithery-sunub-obsidian-mcp-server", "mcp:ai-smithery-sunub-obsidian-mcp-server", "sunub/obsidian-mcp-server", "https://github.com/sunub/obsidian-mcp-server", "https-github-com-sunub-obsidian-mcp-server", "sunub-obsidian-mcp-server", "obsidian-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:sunub/obsidian-mcp-server", "canonical_url": "https://github.com/sunub/obsidian-mcp-server", "description": "Search your Obsidian vault to quickly find notes by title or keyword, summarize related content, a\u2026", "discovery_status": "observed", "display_name": "ai-smithery-sunub-obsidian-mcp-server", "ecosystem": "mcp", "evidence_score": 71, "evidence_status": "awaiting verification", "findings": 300, "generated_at": "2026-06-07T19:20:29.212443+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [ "tool_names_extracted", "env_or_credential_examples_visible" ], "name": "ai-smithery-sunub-obsidian-mcp-server", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/sunub-obsidian-mcp-server", "repo_url": "https://github.com/sunub/obsidian-mcp-server", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-sunub-obsidian-mcp-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-sunub-obsidian-mcp-server", "tools": [], "tools_count": 0, "top_findings": [ "Detected capability: shell_execution \u2014 src/cli/context/KeypressContext.util.ts:200", "Detected capability: filesystem_write_delete \u2014 src/cli/services/InputOffloadService.ts:1", "Install risk pattern: unpinned_dependency \u2014 bun.lock:7" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-sunub-obsidian-mcp-server.html", "url": "https://github.com/sunub/obsidian-mcp-server", "verdict_label": "Review Before Install", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-szge-lolwiki-mcp", "mcp:ai-smithery-szge-lolwiki-mcp", "mcp-ai-smithery-szge-lolwiki-mcp", "https://github.com/szge/lolwiki-mcp", "szge/lolwiki-mcp", "https-github-com-szge-lolwiki-mcp", "szge-lolwiki-mcp", "lolwiki-mcp" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:szge/lolwiki-mcp", "canonical_url": "https://github.com/szge/lolwiki-mcp", "description": "Generate friendly greetings for any audience. Toggle Pirate Mode for a playful, swashbuckling styl\u2026", "discovery_status": "observed", "display_name": "ai-smithery-szge-lolwiki-mcp", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 4, "generated_at": "2026-06-07T19:20:29.212521+00:00", "install_label": "Source Not Verified", "install_posture": "Needs Oversight", "internal_verdict": "medium_risk", "missing_evidence": [], "name": "ai-smithery-szge-lolwiki-mcp", "normalized_repo_url_from": "url", "posture": "needs_oversight", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/szge-lolwiki-mcp", "repo_url": "https://github.com/szge/lolwiki-mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-szge-lolwiki-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-szge-lolwiki-mcp", "tools": [ "World", "create_server", "hello", "my_tool", "test-client" ], "tools_count": 5, "top_findings": [ "References credential or secret pattern: API_KEY_GENERIC \u2014 src/hello_server/server.py:20", "Detected capability: network_egress \u2014 src/hello_server/server.py:42" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-szge-lolwiki-mcp.html", "url": "https://github.com/szge/lolwiki-mcp", "verdict_label": "Install With Restrictions", "version": "1.16.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-takodata-tako-mcp", "mcp-ai-smithery-takodata-tako-mcp", "mcp:ai-smithery-takodata-tako-mcp", "https://github.com/TakoData/tako-mcp", "TakoData/tako-mcp", "https://github.com/takodata/tako-mcp", "https-github-com-takodata-tako-mcp", "takodata-tako-mcp", "takodata/tako-mcp", "tako-mcp" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:takodata/tako-mcp", "canonical_url": "https://github.com/takodata/tako-mcp", "description": "Provide real-time data querying and visualization by integrating Tako with your agents. Generate o\u2026", "discovery_status": "observed", "display_name": "ai-smithery-takodata-tako-mcp", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 135, "generated_at": "2026-06-07T19:20:29.201114+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-smithery-takodata-tako-mcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/TakoData-tako-mcp", "repo_url": "https://github.com/TakoData/tako-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-takodata-tako-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-takodata-tako-mcp", "tools": [ "Tako", "create_chart", "create_report", "data_search_tako", "deep_search_tako", "explore_knowledge_graph", "export_report", "generate_search_tako_prompt", "get_card_insights", "get_chart_image", "get_chart_schema", "get_credit_balance", "get_insights_for_per_card", "get_report", "grounding", "knowledge_search", "list_chart_schemas", "list_reports", "list_tools", "open_chart_ui", "search_tako", "start_deep_knowledge_search", "tako-mcp", "test-client", "upload_file_from_local_path", "upload_file_from_url", "upload_file_to_visualize", "visualize_dataset", "visualize_file", "wait_for_knowledge_search", "web_search_tako" ], "tools_count": 31, "top_findings": [ "Detected capability: environment_access \u2014 src/tako_mcp/main.py:18", "Detected capability: filesystem_write_delete \u2014 src/tako_mcp/main.py:186", "Install risk pattern: unpinned_dependency \u2014 Dockerfile:6" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-takodata-tako-mcp.html", "url": "https://github.com/TakoData/tako-mcp", "verdict_label": "Needs Oversight", "version": "1.16.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-truss44-mcp-crypto-price", "mcp-ai-smithery-truss44-mcp-crypto-price", "mcp:ai-smithery-truss44-mcp-crypto-price", "truss44/mcp-crypto-price", "https://github.com/truss44/mcp-crypto-price", "https-github-com-truss44-mcp-crypto-price", "truss44-mcp-crypto-price", "mcp-crypto-price" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:truss44/mcp-crypto-price", "canonical_url": "https://github.com/truss44/mcp-crypto-price", "description": "Provide real-time cryptocurrency price data and market analysis.", "discovery_status": "observed", "display_name": "ai-smithery-truss44-mcp-crypto-price", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 36, "generated_at": "2026-06-07T19:20:29.212596+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-smithery-truss44-mcp-crypto-price", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/truss44-mcp-crypto-price", "repo_url": "https://github.com/truss44/mcp-crypto-price", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-truss44-mcp-crypto-price", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-truss44-mcp-crypto-price", "tools": [ "get-crypto-price", "get-exchanges", "get-historical-analysis", "get-market-analysis", "get-rates", "get-technical-analysis", "get-top-assets" ], "tools_count": 7, "top_findings": [ "Detected capability: environment_access \u2014 src/http.ts:17", "Detected capability: wallet_payment \u2014 src/http.ts:203", "Install risk pattern: npm_lifecycle_script \u2014 package.json:24" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-truss44-mcp-crypto-price.html", "url": "https://github.com/truss44/mcp-crypto-price", "verdict_label": "Needs Oversight", "version": "2.1.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-turnono-datacommons-mcp-server", "mcp-ai-smithery-turnono-datacommons-mcp-server", "mcp:ai-smithery-turnono-datacommons-mcp-server", "https-github-com-turnono-datacommons-mcp-server", "https://github.com/turnono/datacommons-mcp-server", "turnono/datacommons-mcp-server", "turnono-datacommons-mcp-server", "datacommons-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:turnono/datacommons-mcp-server", "canonical_url": "https://github.com/turnono/datacommons-mcp-server", "description": "Discover statistical indicators and topics in Data Commons. Retrieve observations for specific var\u2026", "discovery_status": "observed", "display_name": "ai-smithery-turnono-datacommons-mcp-server", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 26, "generated_at": "2026-06-07T19:20:29.212663+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-smithery-turnono-datacommons-mcp-server", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/turnono-datacommons-mcp-server", "repo_url": "https://github.com/turnono/datacommons-mcp-server", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-turnono-datacommons-mcp-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-turnono-datacommons-mcp-server", "tools": [ "create_mcp_server", "create_server", "get_observations", "search_indicators" ], "tools_count": 4, "top_findings": [ "Detected capability: environment_access \u2014 datacommons_mcp/server.py:84", "Detected capability: filesystem_write_delete \u2014 datacommons_mcp/topics.py:399", "Install risk pattern: unpinned_dependency \u2014 datacommons_mcp.egg-info/SOURCES.txt:2" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-turnono-datacommons-mcp-server.html", "url": "https://github.com/turnono/datacommons-mcp-server", "verdict_label": "Needs Oversight", "version": "1.16.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-wgong-sqlite-mcp-server", "mcp:ai-smithery-wgong-sqlite-mcp-server", "mcp-ai-smithery-wgong-sqlite-mcp-server", "https-github-com-wgong-sqlite-mcp-server-tree-main-sqlite-explorer-fastmcp-mcp-server", "https://github.com/wgong/sqlite-mcp-server/tree/main/sqlite-explorer-fastmcp-mcp-server", "wgong/sqlite-mcp-server/tree/main/sqlite-explorer-fastmcp-mcp-server", "wgong-sqlite-mcp-server", "wgong/sqlite-mcp-server", "sqlite-mcp-server", "https://github.com/wgong/sqlite-mcp-server", "https-github-com-wgong-sqlite-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:wgong/sqlite-mcp-server", "canonical_url": "https://github.com/wgong/sqlite-mcp-server", "description": "Explore, query, and inspect SQLite databases with ease. List tables, preview results, and view det\u2026", "discovery_status": "observed", "display_name": "ai-smithery-wgong-sqlite-mcp-server", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 66, "generated_at": "2026-06-07T19:20:29.212764+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [], "name": "ai-smithery-wgong-sqlite-mcp-server", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/wgong-sqlite-mcp-server", "repo_url": "https://github.com/wgong/sqlite-mcp-server", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-wgong-sqlite-mcp-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-wgong-sqlite-mcp-server", "tools": [ "GitHub", "Specification", "add", "analyze-project", "async_tool", "calculate_bmi", "create_server", "create_thumbnail", "describe_table", "echo", "echo_tool", "fetch_weather", "fileUri", "health_check", "list_tables", "load_image", "long_task", "my_tool", "name_shrimp", "query_data", "read_profile", "read_query", "remember", "take_screenshot", "text_me", "textme", "timeframe", "tool_with_context" ], "tools_count": 28, "top_findings": [ "Detected capability: shell_execution \u2014 fastmcp-documentation.txt:2820", "Install risk pattern: curl_pipe_shell \u2014 mcp-documentation.txt:4111", "References credential or secret pattern: DATABASE_URL \u2014 fastmcp-documentation.txt:469" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-wgong-sqlite-mcp-server.html", "url": "https://github.com/wgong/sqlite-mcp-server/tree/main/sqlite-explorer-fastmcp-mcp-server", "verdict_label": "Review Before Install", "version": "1.16.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-xinkuang-china-stock-mcp", "mcp-ai-smithery-xinkuang-china-stock-mcp", "mcp:ai-smithery-xinkuang-china-stock-mcp", "xinkuang/china-stock-mcp", "https-github-com-xinkuang-china-stock-mcp", "https://github.com/xinkuang/china-stock-mcp", "xinkuang-china-stock-mcp", "china-stock-mcp" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:xinkuang/china-stock-mcp", "canonical_url": "https://github.com/xinkuang/china-stock-mcp", "description": "Access real-time and historical market data for China A-shares and Hong Kong stocks, along with ne\u2026", "discovery_status": "observed", "display_name": "ai-smithery-xinkuang-china-stock-mcp", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 42, "generated_at": "2026-06-07T19:20:29.212864+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-smithery-xinkuang-china-stock-mcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/xinkuang-china-stock-mcp", "repo_url": "https://github.com/xinkuang/china-stock-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-xinkuang-china-stock-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-xinkuang-china-stock-mcp", "tools": [ "get_all_cni_indices", "get_all_investor_sentiment_fetcher", "get_balance_sheet", "get_cash_flow", "get_cni_index_detail", "get_cni_index_hist", "get_financial_metrics", "get_fund_flow", "get_get_financial_metrics_fetcher", "get_hist_data", "get_income_statement", "get_inner_trade_data", "get_investor_sentiment", "get_investor_sentiment_fetcher", "get_macro_data", "get_macro_data_fetcher", "get_news_data", "get_product_info", "get_product_info_fetcher", "get_profit_forecast", "get_realtime_data", "get_shareholder_info", "get_shareholder_info_fetcher", "get_stock_a_code_name", "get_stock_a_code_name_fetch", "get_stock_basic_info", "get_stock_basic_info_fetcher", "get_stock_board_industry_summary", "get_stock_circulate_stock_holder", "get_stock_cyq", "get_stock_fhps_detail", "get_stock_management_change", "get_stock_research_report", "get_stock_restricted_release_queue", "get_stock_technical_rank", "get_stock_value", "get_stock_volatility", "get_time_info", "hist_data_fetcher", "realtime_data_fetcher", "your_tool_name", "\u5de5\u5177\u4e2d\u6587\u540d\u79f0" ], "tools_count": 42, "top_findings": [ "Detected capability: filesystem_write_delete \u2014 src/china_stock_mcp/cache_utils.py:79", "Install risk pattern: unpinned_dependency \u2014 Dockerfile:7", "Detected capability: network_egress \u2014 uv.lock:15" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-xinkuang-china-stock-mcp.html", "url": "https://github.com/xinkuang/china-stock-mcp", "verdict_label": "Needs Oversight", "version": "1.15.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-yuna0x0-anilist-mcp", "mcp-ai-smithery-yuna0x0-anilist-mcp", "mcp:ai-smithery-yuna0x0-anilist-mcp", "yuna0x0/anilist-mcp", "https://github.com/yuna0x0/anilist-mcp", "https-github-com-yuna0x0-anilist-mcp", "yuna0x0-anilist-mcp", "anilist-mcp" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:yuna0x0/anilist-mcp", "canonical_url": "https://github.com/yuna0x0/anilist-mcp", "description": "Access and interact with anime and manga data seamlessly. Retrieve detailed information about your\u2026", "discovery_status": "observed", "display_name": "ai-smithery-yuna0x0-anilist-mcp", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 14, "generated_at": "2026-06-07T19:20:29.212929+00:00", "install_label": "Source Not Verified", "install_posture": "Needs Oversight", "internal_verdict": "medium_risk", "missing_evidence": [], "name": "ai-smithery-yuna0x0-anilist-mcp", "normalized_repo_url_from": "url", "posture": "needs_oversight", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/yuna0x0-anilist-mcp", "repo_url": "https://github.com/yuna0x0/anilist-mcp", "risk_band": "elevated", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-yuna0x0-anilist-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-yuna0x0-anilist-mcp", "tools": [ "add_list_entry", "anilist-mcp", "delete_activity", "delete_thread", "favourite_anime", "favourite_character", "favourite_manga", "favourite_staff", "favourite_studio", "follow_user", "get_activity", "get_anime", "get_authorized_user", "get_character", "get_full_user_info", "get_genres", "get_manga", "get_media_tags", "get_recommendation", "get_recommendations_for_media", "get_site_statistics", "get_staff", "get_studio", "get_thread", "get_thread_comments", "get_todays_birthday_characters", "get_todays_birthday_staff", "get_user_activity", "get_user_anime_list", "get_user_manga_list", "get_user_profile", "get_user_recent_activity", "get_user_stats", "post_message_activity", "post_text_activity", "remove_list_entry", "search_activity", "search_anime", "search_character", "search_manga", "search_staff", "search_studio", "search_user", "update_list_entry", "update_user", "yuna0x0" ], "tools_count": 46, "top_findings": [ "Detected capability: environment_access \u2014 index.ts:74", "Install risk pattern: npm_lifecycle_script \u2014 package.json:23", "Install risk pattern: unpinned_dependency \u2014 package.json:44" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-yuna0x0-anilist-mcp.html", "url": "https://github.com/yuna0x0/anilist-mcp", "verdict_label": "Install With Restrictions", "version": "1.3.7", "visible_controls": [] }, { "aliases": [ "ai-smithery-yuna0x0-hackmd-mcp", "mcp-ai-smithery-yuna0x0-hackmd-mcp", "mcp:ai-smithery-yuna0x0-hackmd-mcp", "https-github-com-yuna0x0-hackmd-mcp", "https://github.com/yuna0x0/hackmd-mcp", "yuna0x0/hackmd-mcp", "yuna0x0-hackmd-mcp", "hackmd-mcp" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:yuna0x0/hackmd-mcp", "canonical_url": "https://github.com/yuna0x0/hackmd-mcp", "description": "Interact with your HackMD notes and teams seamlessly. Manage your notes, view reading history, and\u2026", "discovery_status": "observed", "display_name": "ai-smithery-yuna0x0-hackmd-mcp", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 14, "generated_at": "2026-06-07T19:20:29.212986+00:00", "install_label": "Source Not Verified", "install_posture": "Needs Oversight", "internal_verdict": "medium_risk", "missing_evidence": [], "name": "ai-smithery-yuna0x0-hackmd-mcp", "normalized_repo_url_from": "url", "posture": "needs_oversight", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/yuna0x0-hackmd-mcp", "repo_url": "https://github.com/yuna0x0/hackmd-mcp", "risk_band": "elevated", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-yuna0x0-hackmd-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-yuna0x0-hackmd-mcp", "tools": [ "create_note", "create_team_note", "delete_note", "delete_team_note", "get_history", "get_note", "get_user_info", "hackmd-mcp", "list_team_notes", "list_teams", "list_user_notes", "update_note", "update_team_note", "yuna0x0" ], "tools_count": 14, "top_findings": [ "Detected capability: environment_access \u2014 index.ts:152", "Install risk pattern: npm_lifecycle_script \u2014 package.json:23", "Install risk pattern: unpinned_dependency \u2014 package.json:34" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-yuna0x0-hackmd-mcp.html", "url": "https://github.com/yuna0x0/hackmd-mcp", "verdict_label": "Install With Restrictions", "version": "1.5.3", "visible_controls": [] }, { "aliases": [ "ai-smithery-zeta-chain-cli", "mcp:ai-smithery-zeta-chain-cli", "mcp-ai-smithery-zeta-chain-cli", "https-github-com-zeta-chain-cli-tree-main-src-mcp", "https://github.com/zeta-chain/cli/tree/main/src/mcp", "zeta-chain/cli/tree/main/src/mcp", "zeta-chain-cli", "zeta-chain/cli", "cli", "https-github-com-zeta-chain-cli", "https://github.com/zeta-chain/cli" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:zeta-chain/cli", "canonical_url": "https://github.com/zeta-chain/cli", "description": "Create friendly, customizable greetings for any name or audience. Break the ice in demos, onboardi\u2026", "discovery_status": "observed", "display_name": "ai-smithery-zeta-chain-cli", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 47, "generated_at": "2026-06-07T19:20:29.213078+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-smithery-zeta-chain-cli", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.smithery/zeta-chain-cli", "repo_url": "https://github.com/zeta-chain/cli", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-smithery-zeta-chain-cli", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-zeta-chain-cli", "tools": [ "accounts_create", "accounts_delete", "accounts_import", "accounts_list", "accounts_show", "bitcoin_inscription_call", "bitcoin_inscription_deposit", "bitcoin_inscription_deposit-and-call", "bitcoin_inscription_encode", "bitcoin_memo_call", "bitcoin_memo_deposit", "bitcoin_memo_deposit-and-call", "docs", "evm_call", "evm_deposit", "evm_deposit-and-call", "faucet", "localnet_check", "localnet_start", "localnet_stop", "localnet_ton_balance", "localnet_ton_faucet", "localnet_ton_wallet", "localnet_ton_withdraw", "mcp_install", "mcp_list", "mcp_remove", "new", "query_balances", "query_cctx", "query_chains_list", "query_chains_show", "query_contracts_list", "query_contracts_show", "query_fees_list", "query_fees_show", "query_tokens_list", "query_tokens_show", "solana_call", "solana_deposit", "solana_deposit-and-call", "solana_encode", "sui_deposit", "sui_deposit-and-call", "sui_encode", "ton_deposit", "ton_deposit-and-call", "zetachain_call", "zetachain_withdraw", "zetachain_withdraw-and-call" ], "tools_count": 50, "top_findings": [ "Detected capability: shell_execution \u2014 index.ts:6", "Detected capability: wallet_payment \u2014 commands.json:104", "Install risk pattern: unpinned_dependency \u2014 package.json:4" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-zeta-chain-cli.html", "url": "https://github.com/zeta-chain/cli/tree/main/src/mcp", "verdict_label": "Review Before Install", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-zhaoganghao-hellomcp", "mcp-ai-smithery-zhaoganghao-hellomcp", "mcp:ai-smithery-zhaoganghao-hellomcp", "https://github.com/zhaoganghao/hellomcp", "https-github-com-zhaoganghao-hellomcp", "zhaoganghao/hellomcp", "zhaoganghao-hellomcp", "hellomcp" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:zhaoganghao/hellomcp", "canonical_url": "https://github.com/zhaoganghao/hellomcp", "description": "Greet people by name with friendly, concise messages. Explore the origin of 'Hello, World' for fun\u2026", "discovery_status": "observed", "display_name": "ai-smithery-zhaoganghao-hellomcp", "ecosystem": "mcp", "evidence_score": 71, "evidence_status": "awaiting verification", "findings": 107, "generated_at": "2026-06-07T19:20:29.213209+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-smithery-zhaoganghao-hellomcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.smithery/zhaoganghao-hellomcp", "repo_url": "https://github.com/zhaoganghao/hellomcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-smithery-zhaoganghao-hellomcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-zhaoganghao-hellomcp", "tools": [ "World", "hello", "my-tool", "test-client", "your-project-name" ], "tools_count": 5, "top_findings": [ "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11", "Install/config context pattern: network_egress \u2014 package-lock.json:1241" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-smithery-zhaoganghao-hellomcp.html", "url": "https://github.com/zhaoganghao/hellomcp", "verdict_label": "Needs Oversight", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-smithery-zwldarren-akshare-one-mcp", "mcp-ai-smithery-zwldarren-akshare-one-mcp", "mcp:ai-smithery-zwldarren-akshare-one-mcp", "https://github.com/zwldarren/akshare-one-mcp", "https-github-com-zwldarren-akshare-one-mcp", "zwldarren/akshare-one-mcp", "zwldarren-akshare-one-mcp", "akshare-one-mcp" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:zwldarren/akshare-one-mcp", "canonical_url": "https://github.com/zwldarren/akshare-one-mcp", "description": "Provide access to Chinese stock market data including historical prices, real-time data, news, and\u2026", "discovery_status": "observed", "display_name": "ai-smithery-zwldarren-akshare-one-mcp", "ecosystem": "mcp", "evidence_score": 71, "evidence_status": "awaiting verification", "findings": 1, "generated_at": "2026-06-07T19:20:29.213265+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-smithery-zwldarren-akshare-one-mcp", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.smithery/zwldarren-akshare-one-mcp", "repo_url": "https://github.com/zwldarren/akshare-one-mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-smithery-zwldarren-akshare-one-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-smithery-zwldarren-akshare-one-mcp", "tools": [ "get_balance_sheet", "get_cash_flow", "get_financial_metrics", "get_hist_data", "get_income_statement", "get_inner_trade_data", "get_news_data", "get_realtime_data", "get_time_info" ], "tools_count": 9, "top_findings": [ "Install risk pattern: unpinned_dependency \u2014 Dockerfile:7" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-smithery-zwldarren-akshare-one-mcp.html", "url": "https://github.com/zwldarren/akshare-one-mcp", "verdict_label": "Sandbox/Test OK", "version": "1.14.0", "visible_controls": [] }, { "aliases": [ "ai-social-api-socialapi", "mcp:ai-social-api-socialapi", "mcp-ai-social-api-socialapi", "https://github.com/SocialAPI-AI/mcp-socialapi", "https-github-com-socialapi-ai-mcp-socialapi", "SocialAPI-AI/mcp-socialapi", "https://github.com/socialapi-ai/mcp-socialapi", "socialapi-ai-mcp-socialapi", "socialapi-ai/mcp-socialapi", "mcp-socialapi" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:socialapi-ai/mcp-socialapi", "canonical_url": "https://github.com/socialapi-ai/mcp-socialapi", "description": "MCP server for SocialAPI \u2014 manage social media comments, DMs, reviews, and mentions across platforms", "discovery_status": "observed", "display_name": "ai-social-api-socialapi", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.213273+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-social-api-socialapi", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.social-api/socialapi", "repo_url": "https://github.com/SocialAPI-AI/mcp-socialapi", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-social-api-socialapi", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-social-api-socialapi", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": true, "has_remotes": false, "package_registry_types": [ "npm" ], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-social-api-socialapi.html", "url": "https://github.com/SocialAPI-AI/mcp-socialapi", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.2.0", "visible_controls": [] }, { "aliases": [ "ai-specproof-specproof-mcp", "SpecProof", "specproof", "mcp:ai-specproof-specproof-mcp", "mcp-ai-specproof-specproof-mcp", "https-github-com-ibouazizi-specproof", "https://github.com/ibouazizi/specproof", "ibouazizi/specproof", "ibouazizi-specproof" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:ibouazizi/specproof", "canonical_url": "https://github.com/ibouazizi/specproof", "description": "SpecProof: Search standards specs with MCP-ready precision.", "discovery_status": "observed", "display_name": "SpecProof", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.213279+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-specproof-specproof-mcp", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.specproof/specproof-mcp", "repo_url": "https://github.com/ibouazizi/specproof", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-specproof-specproof-mcp", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-specproof-specproof-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-specproof-specproof-mcp.html", "url": "https://github.com/ibouazizi/specproof", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-speko-mcp", "speko", "Speko", "mcp:ai-speko-mcp", "mcp-ai-speko-mcp", "https://github.com/spekoai/mcp-bridge", "https-github-com-spekoai-mcp-bridge", "https://github.com/SpekoAI/mcp-bridge", "SpekoAI/mcp-bridge", "spekoai/mcp-bridge", "spekoai-mcp-bridge", "mcp-bridge" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:spekoai/mcp-bridge", "canonical_url": "https://github.com/spekoai/mcp-bridge", "description": "Official Speko MCP server: voice AI routing and failover across STT, TTS, and V2V providers.", "discovery_status": "observed", "display_name": "Speko", "ecosystem": "mcp", "evidence_score": 57, "evidence_status": "awaiting verification", "findings": 28, "generated_at": "2026-06-07T19:20:29.213338+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [ "source_code_visible", "tool_definitions_visible", "tool_names_extracted" ], "name": "ai-speko-mcp", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.speko/mcp", "repo_url": "https://github.com/SpekoAI/mcp-bridge", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-speko-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-speko-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Detected capability: shell_execution \u2014 src/init.ts:1", "Detected capability: filesystem_write_delete \u2014 src/init.ts:2", "Install risk pattern: unpinned_dependency \u2014 package.json:66" ], "transport": { "has_packages": true, "has_remotes": true, "package_registry_types": [ "npm" ], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-speko-mcp.html", "url": "https://github.com/SpekoAI/mcp-bridge", "verdict_label": "Review Before Install", "version": "1.0.9", "visible_controls": [] }, { "aliases": [ "ai-spritecook-generate", "SpriteCook", "spritecook", "mcp-ai-spritecook-generate", "mcp:ai-spritecook-generate", "https://github.com/SpriteCook/skills", "https://github.com/spritecook/skills", "https-github-com-spritecook-skills", "SpriteCook/skills", "spritecook-skills", "spritecook/skills", "skills" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:spritecook/skills", "canonical_url": "https://github.com/spritecook/skills", "description": "Generate game sprites and assets from text prompts for game development.", "discovery_status": "observed", "display_name": "SpriteCook", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.213378+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "source_code_visible", "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "install_or_runtime_config_visible", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-spritecook-generate", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.spritecook/generate", "repo_url": "https://github.com/SpriteCook/skills", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-spritecook-generate", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-spritecook-generate", "tools": [], "tools_count": 0, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-spritecook-generate.html", "url": "https://github.com/SpriteCook/skills", "verdict_label": "Sandbox/Test OK", "version": "0.2.8", "visible_controls": [] }, { "aliases": [ "ai-stompy-stompy", "Stompy \u2013 AI Memory for Claude & MCP Agents", "stompy-ai-memory-for-claude-mcp-agents", "stompy \u2013 ai memory for claude & mcp agents", "mcp:ai-stompy-stompy", "mcp-ai-stompy-stompy", "banton/stompy-mcp-server", "https-github-com-banton-stompy-mcp-server", "https://github.com/banton/stompy-mcp-server", "banton-stompy-mcp-server", "stompy-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:banton/stompy-mcp-server", "canonical_url": "https://github.com/banton/stompy-mcp-server", "description": "Persistent AI memory with semantic search, conflict detection, and ticketing.", "discovery_status": "observed", "display_name": "Stompy \u2013 AI Memory for Claude & MCP Agents", "ecosystem": "mcp", "evidence_score": 43, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.213412+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "package_or_dependency_file_visible", "install_or_runtime_config_visible", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-stompy-stompy", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.stompy/stompy", "repo_url": "https://github.com/banton/stompy-mcp-server", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-stompy-stompy", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-stompy-stompy", "tools": [ "context_search", "db_query", "detect_conflicts", "ingest_document", "lock_context", "project_create", "recall_context", "ticket", "ticket_board" ], "tools_count": 9, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-stompy-stompy.html", "url": "https://github.com/banton/stompy-mcp-server", "verdict_label": "Sandbox/Test OK", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-taskforcehq-taskforce", "taskforce", "Taskforce", "mcp-ai-taskforcehq-taskforce", "mcp:ai-taskforcehq-taskforce", "taskforcehq/taskforce", "https-github-com-taskforcehq-taskforce", "https://github.com/taskforcehq/taskforce", "taskforcehq-taskforce" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:taskforcehq/taskforce", "canonical_url": "https://github.com/taskforcehq/taskforce", "description": "Task and planning workspace for humans collaborating with AI agents", "discovery_status": "observed", "display_name": "Taskforce", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.213419+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-taskforcehq-taskforce", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.taskforcehq/taskforce", "repo_url": "https://github.com/taskforcehq/taskforce", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-taskforcehq-taskforce", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-taskforcehq-taskforce", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-taskforcehq-taskforce.html", "url": "https://github.com/taskforcehq/taskforce", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "0.3.321", "visible_controls": [] }, { "aliases": [ "ai-telbase-deploy", "telbase", "Telbase", "mcp-ai-telbase-deploy", "mcp:ai-telbase-deploy", "https://github.com/Victor-EU/telbase", "Victor-EU/telbase", "https://github.com/victor-eu/telbase", "https-github-com-victor-eu-telbase", "victor-eu-telbase", "victor-eu/telbase" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:victor-eu/telbase", "canonical_url": "https://github.com/victor-eu/telbase", "description": "Deploy any web project with one command. AI-native platform with self-healing feedback.", "discovery_status": "observed", "display_name": "Telbase", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.213424+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-telbase-deploy", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.telbase/deploy", "repo_url": "https://github.com/Victor-EU/telbase", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-telbase-deploy", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-telbase-deploy", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": true, "has_remotes": false, "package_registry_types": [ "npm" ], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-telbase-deploy.html", "url": "https://github.com/Victor-EU/telbase", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "0.14.0-beta.2", "visible_controls": [] }, { "aliases": [ "ai-tensorfeed-mcp-server", "tensorfeed", "TensorFeed", "mcp:ai-tensorfeed-mcp-server", "mcp-ai-tensorfeed-mcp-server", "https://github.com/rippermercs/tensorfeed-mcp", "RipperMercs/tensorfeed-mcp", "https-github-com-rippermercs-tensorfeed-mcp", "https://github.com/RipperMercs/tensorfeed-mcp", "rippermercs-tensorfeed-mcp", "rippermercs/tensorfeed-mcp", "tensorfeed-mcp" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:rippermercs/tensorfeed-mcp", "canonical_url": "https://github.com/rippermercs/tensorfeed-mcp", "description": "AI news, model pricing, service status, and machine-payable premium tools. AFTA-certified.", "discovery_status": "observed", "display_name": "TensorFeed", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 118, "generated_at": "2026-06-07T19:20:29.213571+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-tensorfeed-mcp-server", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.tensorfeed/mcp-server", "repo_url": "https://github.com/RipperMercs/tensorfeed-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-tensorfeed-mcp-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-tensorfeed-mcp-server", "tools": [ "agent_ready_summary", "benchmark_series", "benchmark_series_free", "benchmark_trust_verdict", "benchmark_trust_verdict_preview", "check_afta_certification", "check_agent_ready", "check_crawler_access", "compare_models", "cost_projection", "crawler_access_summary", "create_digest_watch", "create_leaderboard_rank_watch", "create_price_watch", "create_status_watch", "delete_watch", "failover_verdict", "failover_verdict_preview", "get_account_balance", "get_account_usage", "get_agent_activity", "get_agent_opportunities", "get_agent_reputation_card", "get_ai_company_filings", "get_ai_cves_feed", "get_ai_cves_latest", "get_ai_cves_stats", "get_ai_ecosystem_today", "get_ai_news", "get_ai_papers_trending", "get_ai_status", "get_ai_supply_chain_iocs", "get_ai_today", "get_arxiv_recent", "get_hf_daily_papers", "get_hf_trending", "get_honeypot_iocs", "get_hot_issues", "get_model_deprecations", "get_model_pricing", "get_openrouter_models", "get_recent_earthquakes", "get_reddit_trending", "get_weather_alerts", "get_x402_leaderboard", "get_x402_publishers", "get_x402_recent", "get_x402_summary", "is_service_down", "list_watches", "mcp_registry_snapshot", "news_search", "premium_agents_directory", "premium_ai_company", "premium_routing", "premium_x402_publisher_receipts", "premium_x402_series", "pricing_series", "pricing_series_free", "probe_latest", "probe_series", "provider_deepdive", "provider_reliability_verdict", "provider_reliability_verdict_preview", "route_verdict", "route_verdict_preview", "ssvc_verdict", "ssvc_verdict_preview", "stack_safety_verdict", "stack_safety_verdict_preview", "status_leaderboard", "status_leaderboard_free", "status_uptime", "status_uptime_free", "whats_new", "x402_publisher_verdict", "x402_publisher_verdict_preview", "x402_settlement_verdict", "x402_settlement_verdict_preview" ], "tools_count": 79, "top_findings": [ "Detected capability: wallet_payment \u2014 manifest.json:8", "Detected capability: environment_access \u2014 src/index.ts:49", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11" ], "transport": { "has_packages": true, "has_remotes": true, "package_registry_types": [ "npm" ], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-tensorfeed-mcp-server.html", "url": "https://github.com/RipperMercs/tensorfeed-mcp", "verdict_label": "Needs Oversight", "version": "1.38.0", "visible_controls": [] }, { "aliases": [ "ai-tensorfeed-x402-base-mcp", "TensorFeed x402 Base Reader", "tensorfeed x402 base reader", "tensorfeed-x402-base-reader", "mcp:ai-tensorfeed-x402-base-mcp", "mcp-ai-tensorfeed-x402-base-mcp", "https://github.com/rippermercs/tensorfeed-x402-base-mcp", "https://github.com/RipperMercs/tensorfeed-x402-base-mcp", "https-github-com-rippermercs-tensorfeed-x402-base-mcp", "RipperMercs/tensorfeed-x402-base-mcp", "rippermercs-tensorfeed-x402-base-mcp", "rippermercs/tensorfeed-x402-base-mcp", "tensorfeed-x402-base-mcp" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:rippermercs/tensorfeed-x402-base-mcp", "canonical_url": "https://github.com/rippermercs/tensorfeed-x402-base-mcp", "description": "Read-only Base mainnet reader. Verifies x402 payment settlements + AFTA federation status.", "discovery_status": "observed", "display_name": "TensorFeed x402 Base Reader", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 204, "generated_at": "2026-06-07T19:20:29.213826+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-tensorfeed-x402-base-mcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.tensorfeed/x402-base-mcp", "repo_url": "https://github.com/RipperMercs/tensorfeed-x402-base-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-tensorfeed-x402-base-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-tensorfeed-x402-base-mcp", "tools": [ "afta_federation_members", "balance", "block_number", "call", "decode_x402_payment_payload", "get_tx_receipt", "parse_x402_manifest", "probe_x402_endpoint", "recent_transfers", "tf_payment_lookup", "usdc_balance", "usdc_recent_payments_to", "verify_afta_federation", "verify_x402_settlement", "x402_publisher_health" ], "tools_count": 15, "top_findings": [ "Detected capability: wallet_payment \u2014 manifest.json:4", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11", "Detected capability: network_egress \u2014 src/tools/tf.ts:91" ], "transport": { "has_packages": true, "has_remotes": false, "package_registry_types": [ "npm" ], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-tensorfeed-x402-base-mcp.html", "url": "https://github.com/RipperMercs/tensorfeed-x402-base-mcp", "verdict_label": "Needs Oversight", "version": "0.2.1", "visible_controls": [] }, { "aliases": [ "ai-thinkneo-control-plane", "ThinkNEO Control Plane", "thinkneo control plane", "thinkneo-control-plane", "mcp-ai-thinkneo-control-plane", "mcp:ai-thinkneo-control-plane", "https://github.com/thinkneo-ai/mcp-server", "https-github-com-thinkneo-ai-mcp-server", "thinkneo-ai/mcp-server", "thinkneo-ai-mcp-server", "mcp-server" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:thinkneo-ai/mcp-server", "canonical_url": "https://github.com/thinkneo-ai/mcp-server", "description": "Enterprise AI governance: spend, guardrails, policy, budgets, compliance, and provider health.", "discovery_status": "observed", "display_name": "ThinkNEO Control Plane", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 300, "generated_at": "2026-06-07T19:20:29.214191+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [], "name": "ai-thinkneo-control-plane", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.thinkneo/control-plane", "repo_url": "https://github.com/thinkneo-ai/mcp-server", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-thinkneo-control-plane", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-thinkneo-control-plane", "tools": [ "Anthropic", "Cohere", "OpenAI", "a2a_log", "a2a_set_policy", "bridge_list_mappings", "compliance_list", "get_active_mappings", "get_budget_status", "get_compliance_status", "get_observability_dashboard", "get_proof", "get_savings_report", "get_trace", "get_translation_stats", "get_trust_badge", "get_trust_badge_by_token", "get_weather", "list_alerts", "list_tools", "log_decision", "log_event", "log_risk_avoidance", "policy_create", "policy_list", "provider_status", "read_memory", "registry_search", "reset_log_level", "set_auth_token", "set_baseline", "sla_status", "thinkneo_a2a_audit", "thinkneo_a2a_flow", "thinkneo_a2a_flow_map", "thinkneo_a2a_log", "thinkneo_a2a_policy", "thinkneo_a2a_set_policy", "thinkneo_agent_roi", "thinkneo_audit_export", "thinkneo_audit_export_status", "thinkneo_benchmark_compare", "thinkneo_benchmark_report", "thinkneo_billing_status", "thinkneo_bridge_a2a_to_mcp", "thinkneo_bridge_generate_agent_card", "thinkneo_bridge_list_mappings", "thinkneo_bridge_mcp_to_a2a", "thinkneo_business_impact", "thinkneo_cache_lookup", "thinkneo_cache_prompt", "thinkneo_cache_stats", "thinkneo_cache_status", "thinkneo_cache_store", "thinkneo_cancel", "thinkneo_check", "thinkneo_check_pii_international", "thinkneo_check_policy", "thinkneo_check_spend", "thinkneo_compare_models", "thinkneo_compliance_generate", "thinkneo_compliance_list", "thinkneo_count_tokens", "thinkneo_decision_cost", "thinkneo_detect_injection", "thinkneo_detect_pii", "thinkneo_detect_secrets", "thinkneo_detect_waste", "thinkneo_end_trace", "thinkneo_estimate_tokens", "thinkneo_evaluate_guardrail", "thinkneo_evaluate_trust_score", "thinkneo_get_budget_status", "thinkneo_get_compliance_status", "thinkneo_get_observability_dashboard", "thinkneo_get_proof", "thinkneo_get_savings_report", "thinkneo_get_trace", "thinkneo_get_trust_badge", "thinkneo_list_alerts", "thinkneo_log_decision", "thinkneo_log_event", "thinkneo_log_risk_avoidance", "thinkneo_manage_secrets", "thinkneo_optimize_prompt", "thinkneo_policy_create", "thinkneo_policy_evaluate", "thinkneo_policy_list", "thinkneo_policy_violations", "thinkneo_provider_status", "thinkneo_read_memory", "thinkneo_register_claim", "thinkneo_registry_get", "thinkneo_registry_install", "thinkneo_registry_publish", "thinkneo_registry_review", "thinkneo_registry_search", "thinkneo_rotate_key", "thinkneo_route_model", "thinkneo_router_explain", "thinkneo_scan_secrets", "thinkneo_schedule_demo", "thinkneo_set_audit_export", "thinkneo_set_baseline", "thinkneo_signup", "thinkneo_simulate_savings", "thinkneo_sla_breaches", "thinkneo_sla_dashboard", "thinkneo_sla_define", "thinkneo_sla_status", "thinkneo_start_trace", "thinkneo_subscribe", "thinkneo_upgrade", "thinkneo_usage", "thinkneo_verification_dashboard", "thinkneo_verify_claim", "thinkneo_write_memory", "write_memory", "xAI" ], "tools_count": 119, "top_findings": [ "Detected capability: docker_privilege \u2014 scripts/test_backup_restore.sh:53", "References credential or secret pattern: GITHUB_TOKEN \u2014 .gitleaks.toml:25", "References credential or secret pattern: AWS_ACCESS_KEY_ID \u2014 .gitleaks.toml:26" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-thinkneo-control-plane.html", "url": "https://github.com/thinkneo-ai/mcp-server", "verdict_label": "Review Before Install", "version": "1.0.2", "visible_controls": [] }, { "aliases": [ "ai-threadminder-threadminder", "Threadminder", "threadminder", "mcp-ai-threadminder-threadminder", "mcp:ai-threadminder-threadminder", "https-github-com-pluralityworks-threadminder-mcp", "https://github.com/pluralityworks/threadminder-mcp", "pluralityworks/threadminder-mcp", "pluralityworks-threadminder-mcp", "threadminder-mcp" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:pluralityworks/threadminder-mcp", "canonical_url": "https://github.com/pluralityworks/threadminder-mcp", "description": "Persistent context for Claude. Your AI always knows your projects and next actions across sessions.", "discovery_status": "observed", "display_name": "Threadminder", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.214267+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "source_code_visible", "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "install_or_runtime_config_visible", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-threadminder-threadminder", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.threadminder/threadminder", "repo_url": "https://github.com/pluralityworks/threadminder-mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-threadminder-threadminder", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-threadminder-threadminder", "tools": [], "tools_count": 0, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-threadminder-threadminder.html", "url": "https://github.com/pluralityworks/threadminder-mcp", "verdict_label": "Sandbox/Test OK", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-toolprint-hypertool-mcp", "mcp:ai-toolprint-hypertool-mcp", "mcp-ai-toolprint-hypertool-mcp", "https://github.com/toolprint/hypertool-mcp", "toolprint/hypertool-mcp", "https-github-com-toolprint-hypertool-mcp", "toolprint-hypertool-mcp", "hypertool-mcp" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:toolprint/hypertool-mcp", "canonical_url": "https://github.com/toolprint/hypertool-mcp", "description": "Dynamically expose tools from proxied servers based on an Agent Persona", "discovery_status": "observed", "display_name": "ai-toolprint-hypertool-mcp", "ecosystem": "mcp", "evidence_score": 86, "evidence_status": "awaiting verification", "findings": 300, "generated_at": "2026-06-07T19:20:29.214546+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [ "env_or_credential_examples_visible" ], "name": "ai-toolprint-hypertool-mcp", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.toolprint/hypertool-mcp", "repo_url": "https://github.com/toolprint/hypertool-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-toolprint-hypertool-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-toolprint-hypertool-mcp", "tools": [ "claude-dev", "dev-essentials", "dev-tools", "docker_ps", "git_commit", "git_status", "hello", "hello-dxt", "linear_create_issue", "test-client", "test-toolset" ], "tools_count": 11, "top_findings": [ "Detected capability: docker_privilege \u2014 package.json:18", "Detected capability: browser_automation \u2014 mcp.example.json:81", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11" ], "transport": { "has_packages": true, "has_remotes": false, "package_registry_types": [ "npm" ], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-toolprint-hypertool-mcp.html", "url": "https://github.com/toolprint/hypertool-mcp", "verdict_label": "Review Before Install", "version": "0.0.42", "visible_controls": [] }, { "aliases": [ "ai-traderouter-trade-router-mcp", "mcp-ai-traderouter-trade-router-mcp", "mcp:ai-traderouter-trade-router-mcp", "https-github-com-traderouter-trade-router-mcp", "https://github.com/traderouter/trade-router-mcp", "https://github.com/TradeRouter/trade-router-mcp", "TradeRouter/trade-router-mcp", "traderouter-trade-router-mcp", "traderouter/trade-router-mcp", "trade-router-mcp" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:traderouter/trade-router-mcp", "canonical_url": "https://github.com/traderouter/trade-router-mcp", "description": "Non-custodial Solana swap & limit order engine for AI agents.", "discovery_status": "observed", "display_name": "ai-traderouter-trade-router-mcp", "ecosystem": "mcp", "evidence_score": 71, "evidence_status": "awaiting verification", "findings": 154, "generated_at": "2026-06-07T19:20:29.214757+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [ "tool_names_extracted", "env_or_credential_examples_visible" ], "name": "ai-traderouter-trade-router-mcp", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.traderouter/trade-router-mcp", "repo_url": "https://github.com/TradeRouter/trade-router-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-traderouter-trade-router-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-traderouter-trade-router-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Detected capability: shell_execution \u2014 trade-router-mcp.mjs:1079", "Detected capability: wallet_payment \u2014 Dockerfile:17", "Detected capability: environment_access \u2014 trade-router-mcp.mjs:47" ], "transport": { "has_packages": true, "has_remotes": false, "package_registry_types": [ "npm" ], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-traderouter-trade-router-mcp.html", "url": "https://github.com/TradeRouter/trade-router-mcp", "verdict_label": "Review Before Install", "version": "1.0.13", "visible_controls": [] }, { "aliases": [ "ai-trydock-dock", "dock", "Dock", "mcp:ai-trydock-dock", "mcp-ai-trydock-dock", "try-dock-ai/mcp", "https://github.com/try-dock-ai/mcp", "https-github-com-try-dock-ai-mcp", "try-dock-ai-mcp", "mcp" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:try-dock-ai/mcp", "canonical_url": "https://github.com/try-dock-ai/mcp", "description": "AI workspace for you, your team, and every agent. Tables, docs (images, 4K video), formulas.", "discovery_status": "observed", "display_name": "Dock", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 15, "generated_at": "2026-06-07T19:20:29.214834+00:00", "install_label": "Source Not Verified", "install_posture": "Needs Oversight", "internal_verdict": "medium_risk", "missing_evidence": [], "name": "ai-trydock-dock", "normalized_repo_url_from": "url", "posture": "needs_oversight", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.trydock/dock", "repo_url": "https://github.com/try-dock-ai/mcp", "risk_band": "elevated", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-trydock-dock", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-trydock-dock", "tools": [ "create_row", "create_workspace", "delete_row", "get_recent_events", "get_workspace", "list_rows", "list_workspaces", "update_row" ], "tools_count": 8, "top_findings": [ "Detected capability: environment_access \u2014 src/bridge.js:26", "References credential or secret pattern: API_KEY_GENERIC \u2014 configs/claude-desktop.json:7", "Detected capability: network_egress \u2014 src/bridge.js:52" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-trydock-dock.html", "url": "https://github.com/try-dock-ai/mcp", "verdict_label": "Install With Restrictions", "version": "1.1.0", "visible_controls": [] }, { "aliases": [ "ai-tunnelmind-data", "TunnelMind Data API", "tunnelmind-data-api", "tunnelmind data api", "mcp:ai-tunnelmind-data", "mcp-ai-tunnelmind-data", "https://github.com/tunnelmind/tunnelmind-data-api", "TunnelMind/tunnelmind-data-api", "https-github-com-tunnelmind-tunnelmind-data-api", "https://github.com/TunnelMind/tunnelmind-data-api", "tunnelmind-tunnelmind-data-api", "tunnelmind/tunnelmind-data-api" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:tunnelmind/tunnelmind-data-api", "canonical_url": "https://github.com/tunnelmind/tunnelmind-data-api", "description": "Tracker / Sigil / Cross-lens \u2014 every TunnelMind Data API operation as one MCP surface.", "discovery_status": "observed", "display_name": "TunnelMind Data API", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.214845+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-tunnelmind-data", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.tunnelmind/data", "repo_url": "https://github.com/TunnelMind/tunnelmind-data-api", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-tunnelmind-data", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-tunnelmind-data", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-tunnelmind-data.html", "url": "https://github.com/TunnelMind/tunnelmind-data-api", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-tunnelmind-scry", "scry", "Scry", "mcp:ai-tunnelmind-scry", "mcp-ai-tunnelmind-scry", "https-github-com-tunnelmind-scry-mcp", "https://github.com/tunnelmind/scry-mcp", "https://github.com/TunnelMind/scry-mcp", "TunnelMind/scry-mcp", "tunnelmind/scry-mcp", "tunnelmind-scry-mcp", "scry-mcp" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:tunnelmind/scry-mcp", "canonical_url": "https://github.com/tunnelmind/scry-mcp", "description": "Free IPv4 lookups against a distributed attacker-observation corpus.", "discovery_status": "observed", "display_name": "Scry", "ecosystem": "mcp", "evidence_score": 57, "evidence_status": "awaiting verification", "findings": 1, "generated_at": "2026-06-07T19:20:29.214883+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "tool_definitions_visible", "tool_names_extracted", "env_or_credential_examples_visible" ], "name": "ai-tunnelmind-scry", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.tunnelmind/scry", "repo_url": "https://github.com/TunnelMind/scry-mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-tunnelmind-scry", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-tunnelmind-scry", "tools": [], "tools_count": 0, "top_findings": [ "Detected capability: network_egress \u2014 src/worker.js:26" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-tunnelmind-scry.html", "url": "https://github.com/TunnelMind/scry-mcp", "verdict_label": "Sandbox/Test OK", "version": "0.5.0", "visible_controls": [] }, { "aliases": [ "ai-tunnelmind-sigil", "sigil", "Sigil", "mcp-ai-tunnelmind-sigil", "mcp:ai-tunnelmind-sigil", "https://github.com/tunnelmind/sigil-mcp", "TunnelMind/sigil-mcp", "https://github.com/TunnelMind/sigil-mcp", "https-github-com-tunnelmind-sigil-mcp", "tunnelmind/sigil-mcp", "tunnelmind-sigil-mcp", "sigil-mcp" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:tunnelmind/sigil-mcp", "canonical_url": "https://github.com/tunnelmind/sigil-mcp", "description": "Programmatic-advertising supply verification: ads.txt, schain, ATAP receipts, cross_lens_verify.", "discovery_status": "observed", "display_name": "Sigil", "ecosystem": "mcp", "evidence_score": 57, "evidence_status": "awaiting verification", "findings": 5, "generated_at": "2026-06-07T19:20:29.214926+00:00", "install_label": "Source Not Verified", "install_posture": "Needs Oversight", "internal_verdict": "medium_risk", "missing_evidence": [ "tool_definitions_visible", "tool_names_extracted", "env_or_credential_examples_visible" ], "name": "ai-tunnelmind-sigil", "normalized_repo_url_from": "url", "posture": "needs_oversight", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.tunnelmind/sigil", "repo_url": "https://github.com/TunnelMind/sigil-mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-tunnelmind-sigil", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-tunnelmind-sigil", "tools": [], "tools_count": 0, "top_findings": [ "Detected capability: network_egress \u2014 src/prompts.js:43" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-tunnelmind-sigil.html", "url": "https://github.com/TunnelMind/sigil-mcp", "verdict_label": "Install With Restrictions", "version": "0.2.0", "visible_controls": [] }, { "aliases": [ "ai-tuteliq-mcp", "mcp:ai-tuteliq-mcp", "mcp-ai-tuteliq-mcp", "https://github.com/Tuteliq/mcp", "https-github-com-tuteliq-mcp", "Tuteliq/mcp", "https://github.com/tuteliq/mcp", "tuteliq/mcp", "tuteliq-mcp", "mcp" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:tuteliq/mcp", "canonical_url": "https://github.com/tuteliq/mcp", "description": "Detect grooming, bullying, fraud, and 16+ online threats across text, voice, image, and video.", "discovery_status": "observed", "display_name": "ai-tuteliq-mcp", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 164, "generated_at": "2026-06-07T19:20:29.215130+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-tuteliq-mcp", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.tuteliq/mcp", "repo_url": "https://github.com/Tuteliq/mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-tuteliq-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-tuteliq-mcp", "tools": [ "batch_review_incidents", "cancel_verification_session", "create_verification_session", "create_webhook", "delete_account_data", "delete_webhook", "export_account_data", "get_audit_logs", "get_audit_receipt", "get_breach", "get_consent_status", "get_encryption_key", "get_incident", "get_incident_trends", "get_incidents_overview", "get_pricing", "get_pricing_details", "get_usage_by_tool", "get_usage_history", "get_usage_monthly", "get_verification_session", "list_breaches", "list_incidents", "list_webhooks", "log_breach", "record_consent", "rectify_data", "regenerate_webhook_secret", "register_encryption_key", "review_incident", "revoke_encryption_key", "test_webhook", "update_breach_status", "update_webhook", "withdraw_consent" ], "tools_count": 35, "top_findings": [ "Detected capability: environment_access \u2014 src/index.ts:24", "Detected capability: wallet_payment \u2014 src/tools/governance.ts:89", "References credential or secret pattern: PRIVATE_KEY \u2014 ui/src/components/BYOKDecryptPanel.tsx:86" ], "transport": { "has_packages": true, "has_remotes": true, "package_registry_types": [ "npm" ], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-tuteliq-mcp.html", "url": "https://github.com/Tuteliq/mcp", "verdict_label": "Needs Oversight", "version": "3.13.0", "visible_controls": [] }, { "aliases": [ "ai-unulu-unulu", "unulu", "mcp-ai-unulu-unulu", "mcp:ai-unulu-unulu", "unulu-ai/unulu", "https://github.com/unulu-ai/unulu", "https-github-com-unulu-ai-unulu", "unulu-ai-unulu" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:unulu-ai/unulu", "canonical_url": "https://github.com/unulu-ai/unulu", "description": "AI agent website builder. Create and publish link-in-bio sites via MCP or REST API.", "discovery_status": "observed", "display_name": "unulu", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.215191+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "source_code_visible", "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "install_or_runtime_config_visible", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-unulu-unulu", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.unulu/unulu", "repo_url": "https://github.com/unulu-ai/unulu", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-unulu-unulu", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-unulu-unulu", "tools": [], "tools_count": 0, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-unulu-unulu.html", "url": "https://github.com/unulu-ai/unulu", "verdict_label": "Sandbox/Test OK", "version": "0.1.0", "visible_controls": [] }, { "aliases": [ "ai-usealloy-alloy", "mcp:ai-usealloy-alloy", "mcp-ai-usealloy-alloy", "https-github-com-alloyrobotics-alloy-web", "alloyrobotics/alloy-web", "https://github.com/alloyrobotics/alloy-web", "alloyrobotics-alloy-web", "alloy-web" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:alloyrobotics/alloy-web", "canonical_url": "https://github.com/alloyrobotics/alloy-web", "description": "Connect Claude, Cursor, Codex, and other AI tools to your robotics mission data.", "discovery_status": "observed", "display_name": "ai-usealloy-alloy", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.215200+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-usealloy-alloy", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.usealloy/alloy", "repo_url": "https://github.com/alloyrobotics/alloy-web", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-usealloy-alloy", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-usealloy-alloy", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-usealloy-alloy.html", "url": "https://github.com/alloyrobotics/alloy-web", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-verlon-mcp", "mcp-ai-verlon-mcp", "mcp:ai-verlon-mcp", "https-github-com-micah-nettey-verlon-ai-internal", "micah-nettey/verlon-ai-internal", "https://github.com/micah-nettey/verlon-ai-internal", "micah-nettey-verlon-ai-internal", "verlon-ai-internal" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:micah-nettey/verlon-ai-internal", "canonical_url": "https://github.com/micah-nettey/verlon-ai-internal", "description": "Inspect and manage Verlon AI gates, logs, recommendations, and experiments from any MCP client.", "discovery_status": "observed", "display_name": "ai-verlon-mcp", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.215206+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-verlon-mcp", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.verlon/mcp", "repo_url": "https://github.com/micah-nettey/verlon-ai-internal", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-verlon-mcp", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-verlon-mcp", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": true, "has_remotes": false, "package_registry_types": [ "npm" ], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-verlon-mcp.html", "url": "https://github.com/micah-nettey/verlon-ai-internal", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "0.3.0", "visible_controls": [] }, { "aliases": [ "ai-vibe-bi-mcp-server", "Vibe BI MCP", "vibe-bi-mcp", "vibe bi mcp", "mcp:ai-vibe-bi-mcp-server", "mcp-ai-vibe-bi-mcp-server", "jonwlee-dev/vibe-bi", "https://github.com/jonwlee-dev/vibe-bi", "https-github-com-jonwlee-dev-vibe-bi", "jonwlee-dev-vibe-bi", "vibe-bi" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:jonwlee-dev/vibe-bi", "canonical_url": "https://github.com/jonwlee-dev/vibe-bi", "description": "Ask business questions in plain English. Get instant answers from your database, no SQL needed.", "discovery_status": "observed", "display_name": "Vibe BI MCP", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.215211+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-vibe-bi-mcp-server", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.vibe-bi/mcp-server", "repo_url": "https://github.com/jonwlee-dev/vibe-bi", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-vibe-bi-mcp-server", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-vibe-bi-mcp-server", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-vibe-bi-mcp-server.html", "url": "https://github.com/jonwlee-dev/vibe-bi", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-voxell-forge", "mcp:ai-voxell-forge", "mcp-ai-voxell-forge", "https://github.com/VoxellInc/forge-mcp", "VoxellInc/forge-mcp", "https-github-com-voxellinc-forge-mcp", "https://github.com/voxellinc/forge-mcp", "voxellinc-forge-mcp", "voxellinc/forge-mcp", "forge-mcp" ], "answer": "Source Not Verified", "bottom_line": "High-impact capability. Restrict to sandbox/test resources and avoid production credentials.", "canonical_id": "github:voxellinc/forge-mcp", "canonical_url": "https://github.com/voxellinc/forge-mcp", "description": "MCP server for Forge, Voxell's hosted text-embedding API. Tools: embed and list_models.", "discovery_status": "observed", "display_name": "ai-voxell-forge", "ecosystem": "mcp", "evidence_score": 100, "evidence_status": "awaiting verification", "findings": 51, "generated_at": "2026-06-07T19:20:29.215292+00:00", "install_label": "Source Not Verified", "install_posture": "Restricted Install", "internal_verdict": "high_risk", "missing_evidence": [], "name": "ai-voxell-forge", "normalized_repo_url_from": "url", "posture": "restricted", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.voxell/forge", "repo_url": "https://github.com/VoxellInc/forge-mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "sensitive_context", "score": null, "score_adjusted": false, "slug": "ai-voxell-forge", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-voxell-forge", "tools": [ "embed", "list_models" ], "tools_count": 2, "top_findings": [ "Detected capability: environment_access \u2014 src/index.ts:104", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11", "References credential or secret pattern: API_KEY_GENERIC \u2014 server.json:24" ], "transport": { "has_packages": true, "has_remotes": false, "package_registry_types": [ "npm" ], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-voxell-forge.html", "url": "https://github.com/VoxellInc/forge-mcp", "verdict_label": "Needs Oversight", "version": "0.1.5", "visible_controls": [] }, { "aliases": [ "ai-walterwrites-mcp-server", "walter writes", "Walter Writes", "walter-writes", "mcp:ai-walterwrites-mcp-server", "mcp-ai-walterwrites-mcp-server", "https-github-com-walter-writes-walter-mcp-server", "WALTER-WRITES/walter-mcp-server", "https://github.com/walter-writes/walter-mcp-server", "https://github.com/WALTER-WRITES/walter-mcp-server", "walter-writes/walter-mcp-server", "walter-writes-walter-mcp-server", "walter-mcp-server" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:walter-writes/walter-mcp-server", "canonical_url": "https://github.com/walter-writes/walter-mcp-server", "description": "Walter Remote MCP Server \u2014 AI humanization and detection tools", "discovery_status": "observed", "display_name": "Walter Writes", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.215306+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-walterwrites-mcp-server", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.walterwrites/mcp-server", "repo_url": "https://github.com/WALTER-WRITES/walter-mcp-server", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-walterwrites-mcp-server", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-walterwrites-mcp-server", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-walterwrites-mcp-server.html", "url": "https://github.com/WALTER-WRITES/walter-mcp-server", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.1", "visible_controls": [] }, { "aliases": [ "ai-waystation-airtable", "mcp-ai-waystation-airtable", "mcp:ai-waystation-airtable", "https-github-com-waystation-ai-mcp", "waystation-ai/mcp", "https://github.com/waystation-ai/mcp", "waystation-ai-mcp", "mcp" ], "answer": "Source Not Verified", "bottom_line": "Do not install from this profile alone. High-impact signals or incomplete controls/evidence require manual review.", "canonical_id": "github:waystation-ai/mcp", "canonical_url": "https://github.com/waystation-ai/mcp", "description": "Manage projects, tasks, and workflows with Wrike project management.", "discovery_status": "observed", "display_name": "ai-waystation-airtable", "ecosystem": "mcp", "evidence_score": 71, "evidence_status": "awaiting verification", "findings": 49, "generated_at": "2026-06-07T19:20:29.215383+00:00", "install_label": "Source Not Verified", "install_posture": "Manual Review First", "internal_verdict": "critical_risk", "missing_evidence": [ "tool_names_extracted", "env_or_credential_examples_visible" ], "name": "ai-waystation-airtable", "normalized_repo_url_from": "url", "posture": "manual_review", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Do not use production credentials during first install.", "Restrict filesystem, repository, cloud, and database scope.", "Require human approval for destructive actions." ], "registry_name": "ai.waystation/wrike", "repo_url": "https://github.com/waystation-ai/mcp", "risk_band": "critical_or_unmitigated_high", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "ai-waystation-airtable", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-waystation-airtable", "tools": [], "tools_count": 0, "top_findings": [ "Detected capability: shell_execution \u2014 src/index.ts:8", "Detected capability: filesystem_write_delete \u2014 src/index.ts:143", "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "sse", "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-waystation-airtable.html", "url": "https://github.com/waystation-ai/mcp", "verdict_label": "Review Before Install", "version": "0.3.1", "visible_controls": [] }, { "aliases": [ "ai-websitepublisher-mcp", "mcp:ai-websitepublisher-mcp", "mcp-ai-websitepublisher-mcp", "https://github.com/megberts/mcp-websitepublisher-ai", "https-github-com-megberts-mcp-websitepublisher-ai", "megberts/mcp-websitepublisher-ai", "megberts-mcp-websitepublisher-ai", "mcp-websitepublisher-ai" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:megberts/mcp-websitepublisher-ai", "canonical_url": "https://github.com/megberts/mcp-websitepublisher-ai", "description": "Build and publish websites through AI conversation.", "discovery_status": "observed", "display_name": "ai-websitepublisher-mcp", "ecosystem": "mcp", "evidence_score": 14, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.215424+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "install_or_runtime_config_visible", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-websitepublisher-mcp", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.websitepublisher/mcp", "repo_url": "https://github.com/megberts/mcp-websitepublisher-ai", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-websitepublisher-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-websitepublisher-mcp", "tools": [], "tools_count": 0, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-websitepublisher-mcp.html", "url": "https://github.com/megberts/mcp-websitepublisher-ai", "verdict_label": "Sandbox/Test OK", "version": "1.4.0", "visible_controls": [] }, { "aliases": [ "ai-weftly-weftly", "weftly", "Weftly", "mcp:ai-weftly-weftly", "mcp-ai-weftly-weftly", "https-github-com-woven-record-media-weftly-monorepo", "https://github.com/woven-record-media/weftly-monorepo", "woven-record-media/weftly-monorepo", "woven-record-media-weftly-monorepo", "weftly-monorepo" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:woven-record-media/weftly-monorepo", "canonical_url": "https://github.com/woven-record-media/weftly-monorepo", "description": "Find & cut horizontal and vertical video clips (Shorts/Reels), transcribe & summarize. Pay per job.", "discovery_status": "observed", "display_name": "Weftly", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.215432+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-weftly-weftly", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.weftly/weftly", "repo_url": "https://github.com/woven-record-media/weftly-monorepo", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-weftly-weftly", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-weftly-weftly", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-weftly-weftly.html", "url": "https://github.com/woven-record-media/weftly-monorepo", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "0.22.3", "visible_controls": [] }, { "aliases": [ "ai-wild-card-deepcontext", "mcp-ai-wild-card-deepcontext", "mcp:ai-wild-card-deepcontext", "Wildcard-Official/deepcontext", "https://github.com/wildcard-official/deepcontext", "https-github-com-wildcard-official-deepcontext", "https://github.com/Wildcard-Official/deepcontext", "wildcard-official/deepcontext", "wildcard-official-deepcontext", "deepcontext" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:wildcard-official/deepcontext", "canonical_url": "https://github.com/wildcard-official/deepcontext", "description": "Advanced codebase indexing and semantic search MCP server", "discovery_status": "observed", "display_name": "ai-wild-card-deepcontext", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.215437+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-wild-card-deepcontext", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.wild-card/deepcontext", "repo_url": "https://github.com/Wildcard-Official/deepcontext", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-wild-card-deepcontext", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-wild-card-deepcontext", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": true, "has_remotes": false, "package_registry_types": [ "npm" ], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-wild-card-deepcontext.html", "url": "https://github.com/Wildcard-Official/deepcontext", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "0.1.15", "visible_controls": [] }, { "aliases": [ "ai-willform-willform-agent", "Willform Agent", "willform agent", "willform-agent", "mcp:ai-willform-willform-agent", "mcp-ai-willform-willform-agent", "https://github.com/willform-ai/willform-agent", "willform-ai/willform-agent", "https-github-com-willform-ai-willform-agent", "willform-ai-willform-agent" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:willform-ai/willform-agent", "canonical_url": "https://github.com/willform-ai/willform-agent", "description": "Deploy containers on Kubernetes with x402 billing. 9 workload types and source builds.", "discovery_status": "observed", "display_name": "Willform Agent", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.215442+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "ai-willform-willform-agent", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "ai.willform/willform-agent", "repo_url": "https://github.com/willform-ai/willform-agent", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "ai-willform-willform-agent", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-willform-willform-agent", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": true }, "trust_profile_url": "./servers/ai-willform-willform-agent.html", "url": "https://github.com/willform-ai/willform-agent", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "ai-windsor-windsor-mcp", "windsor.ai mcp", "Windsor.ai MCP", "windsor-ai-mcp", "mcp:ai-windsor-windsor-mcp", "mcp-ai-windsor-windsor-mcp", "https-github-com-windsor-ai-windsor-mcp", "https://github.com/windsor-ai/windsor_mcp", "windsor-ai/windsor_mcp", "windsor-ai-windsor-mcp", "windsor-mcp", "windsor_mcp" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:windsor-ai/windsor_mcp", "canonical_url": "https://github.com/windsor-ai/windsor_mcp", "description": "Query and analyze marketing, sales, and business data from 325+ platforms via Windsor.ai.", "discovery_status": "observed", "display_name": "Windsor.ai MCP", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.215474+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "source_code_visible", "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "install_or_runtime_config_visible", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-windsor-windsor-mcp", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.windsor/windsor-mcp", "repo_url": "https://github.com/windsor-ai/windsor_mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-windsor-windsor-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-windsor-windsor-mcp", "tools": [], "tools_count": 0, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "sse" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-windsor-windsor-mcp.html", "url": "https://github.com/windsor-ai/windsor_mcp", "verdict_label": "Sandbox/Test OK", "version": "0.1.0", "visible_controls": [] }, { "aliases": [ "ai-xpoz-social-insights", "Social Media Search API \u2014 Twitter, Instagram, Reddit, TikTok (XPOZ)", "social media search api \u2014 twitter, instagram, reddit, tiktok (xpoz)", "social-media-search-api-twitter-instagram-reddit-tiktok-xpoz", "mcp-ai-xpoz-social-insights", "mcp:ai-xpoz-social-insights", "https://github.com/xpozpublic/xpoz-mcp", "https-github-com-xpozpublic-xpoz-mcp", "xpozpublic/xpoz-mcp", "xpozpublic-xpoz-mcp", "xpoz-mcp" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:xpozpublic/xpoz-mcp", "canonical_url": "https://github.com/xpozpublic/xpoz-mcp", "description": "Twitter/X, Instagram, Reddit & TikTok data for AI agents. 1.5B+ posts. No API keys.", "discovery_status": "observed", "display_name": "Social Media Search API \u2014 Twitter, Instagram, Reddit, TikTok (XPOZ)", "ecosystem": "mcp", "evidence_score": 14, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.215505+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "install_or_runtime_config_visible", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-xpoz-social-insights", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "ai.xpoz/social-insights", "repo_url": "https://github.com/xpozpublic/xpoz-mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "ai-xpoz-social-insights", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-xpoz-social-insights", "tools": [], "tools_count": 0, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-xpoz-social-insights.html", "url": "https://github.com/xpozpublic/xpoz-mcp", "verdict_label": "Sandbox/Test OK", "version": "1.4.0", "visible_controls": [] }, { "aliases": [ "ai-xurprise-mcp", "xurprise", "mcp:ai-xurprise-mcp", "mcp-ai-xurprise-mcp", "Nimo1987/xurprise-mcp-docs", "https://github.com/Nimo1987/xurprise-mcp-docs", "https-github-com-nimo1987-xurprise-mcp-docs", "https://github.com/nimo1987/xurprise-mcp-docs", "nimo1987-xurprise-mcp-docs", "nimo1987/xurprise-mcp-docs", "xurprise-mcp-docs" ], "answer": "Source Not Verified", "bottom_line": "Remote context/data exposure profile. Review what prompts, queries, or returned context may leave the local environment.", "canonical_id": "github:nimo1987/xurprise-mcp-docs", "canonical_url": "https://github.com/nimo1987/xurprise-mcp-docs", "description": "Agent-native commerce for SEA/China/global. 43 brands. 6 tools. 9-language search.", "discovery_status": "observed", "display_name": "xurprise", "ecosystem": "mcp", "evidence_score": 14, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.215537+00:00", "install_label": "Source Not Verified", "install_posture": "Needs Oversight", "internal_verdict": "medium_risk", "missing_evidence": [ "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "install_or_runtime_config_visible", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "ai-xurprise-mcp", "normalized_repo_url_from": "url", "posture": "needs_oversight", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins.", "Review what prompts, queries, or documents are sent to remote endpoints.", "Avoid sensitive context until data handling is understood." ], "registry_name": "ai.xurprise/mcp", "repo_url": "https://github.com/Nimo1987/xurprise-mcp-docs", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "remote_context_data_exposure", "score": null, "score_adjusted": false, "slug": "ai-xurprise-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:ai-xurprise-mcp", "tools": [], "tools_count": 0, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/ai-xurprise-mcp.html", "url": "https://github.com/Nimo1987/xurprise-mcp-docs", "verdict_label": "Install With Restrictions", "version": "0.3.0", "visible_controls": [] }, { "aliases": [ "app-3dstreet-3dstreet", "mcp:app-3dstreet-3dstreet", "mcp-app-3dstreet-3dstreet", "https-github-com-3dstreet-3dstreet-mcp", "https://github.com/3dstreet/3dstreet-mcp", "https://github.com/3DStreet/3dstreet-mcp", "3DStreet/3dstreet-mcp", "3dstreet/3dstreet-mcp", "3dstreet-3dstreet-mcp", "3dstreet-mcp" ], "answer": "Source Not Verified", "bottom_line": "Meaningful risk signals. Review before team or production use.", "canonical_id": "github:3dstreet/3dstreet-mcp", "canonical_url": "https://github.com/3dstreet/3dstreet-mcp", "description": "Drive an open 3DStreet scene tab from Claude Desktop or Claude Code via MCP tool calls.", "discovery_status": "observed", "display_name": "app-3dstreet-3dstreet", "ecosystem": "mcp", "evidence_score": 57, "evidence_status": "awaiting verification", "findings": 4, "generated_at": "2026-06-07T19:20:29.215576+00:00", "install_label": "Source Not Verified", "install_posture": "Needs Oversight", "internal_verdict": "medium_risk", "missing_evidence": [ "tool_definitions_visible", "tool_names_extracted", "env_or_credential_examples_visible" ], "name": "app-3dstreet-3dstreet", "normalized_repo_url_from": "url", "posture": "needs_oversight", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "app.3dstreet/3dstreet", "repo_url": "https://github.com/3DStreet/3dstreet-mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "destructive_capability", "score": null, "score_adjusted": false, "slug": "app-3dstreet-3dstreet", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:app-3dstreet-3dstreet", "tools": [], "tools_count": 0, "top_findings": [ "Install risk pattern: unpinned_dependency \u2014 package-lock.json:11", "Detected capability: filesystem_read \u2014 src/cli.js:15" ], "transport": { "has_packages": true, "has_remotes": false, "package_registry_types": [ "npm" ], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/app-3dstreet-3dstreet.html", "url": "https://github.com/3DStreet/3dstreet-mcp", "verdict_label": "Install With Restrictions", "version": "0.2.2", "visible_controls": [] }, { "aliases": [ "app-businys-mcp-server", "mcp:app-businys-mcp-server", "mcp-app-businys-mcp-server", "https://github.com/hiatys/businys-mcp", "https-github-com-hiatys-businys-mcp", "hiatys/businys-mcp", "hiatys-businys-mcp", "businys-mcp" ], "answer": "Source Not Verified", "bottom_line": "Meaningful risk signals. Review before team or production use.", "canonical_id": "github:hiatys/businys-mcp", "canonical_url": "https://github.com/hiatys/businys-mcp", "description": "221 MCP tools across 26 practices for independent professionals. Clients, invoices, contracts.", "discovery_status": "observed", "display_name": "app-businys-mcp-server", "ecosystem": "mcp", "evidence_score": 57, "evidence_status": "awaiting verification", "findings": 10, "generated_at": "2026-06-07T19:20:29.215623+00:00", "install_label": "Source Not Verified", "install_posture": "Needs Oversight", "internal_verdict": "medium_risk", "missing_evidence": [ "source_code_visible", "tool_definitions_visible", "tool_names_extracted" ], "name": "app-businys-mcp-server", "normalized_repo_url_from": "url", "posture": "needs_oversight", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "app.businys/mcp-server", "repo_url": "https://github.com/hiatys/businys-mcp", "risk_band": "elevated", "risk_model": "capability_minus_visible_controls", "risk_type": "sensitive_context", "score": null, "score_adjusted": false, "slug": "app-businys-mcp-server", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:app-businys-mcp-server", "tools": [], "tools_count": 0, "top_findings": [ "Detected capability: environment_access \u2014 src/index.ts:14", "Install risk pattern: unpinned_dependency \u2014 package.json:14", "References credential or secret pattern: API_KEY_GENERIC \u2014 smithery.yaml:16" ], "transport": { "has_packages": true, "has_remotes": false, "package_registry_types": [ "npm" ], "remote_types": [], "requires_secret_header": false }, "trust_profile_url": "./servers/app-businys-mcp-server.html", "url": "https://github.com/hiatys/businys-mcp", "verdict_label": "Install With Restrictions", "version": "1.0.1", "visible_controls": [] }, { "aliases": [ "app-cardog-mcp", "cardog", "Cardog", "mcp:app-cardog-mcp", "mcp-app-cardog-mcp", "https://github.com/cardog-ai/mcp-server", "cardog-ai/mcp-server", "https-github-com-cardog-ai-mcp-server", "cardog-ai-mcp-server", "mcp-server" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:cardog-ai/mcp-server", "canonical_url": "https://github.com/cardog-ai/mcp-server", "description": "Vehicle listings, market analysis, VIN decoding, recalls, and EV charging data", "discovery_status": "observed", "display_name": "Cardog", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.215657+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "source_code_visible", "tool_definitions_visible", "tool_names_extracted", "package_or_dependency_file_visible", "install_or_runtime_config_visible", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "app-cardog-mcp", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "app.cardog/mcp", "repo_url": "https://github.com/cardog-ai/mcp-server", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "app-cardog-mcp", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:app-cardog-mcp", "tools": [], "tools_count": 0, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "sse", "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/app-cardog-mcp.html", "url": "https://github.com/cardog-ai/mcp-server", "verdict_label": "Sandbox/Test OK", "version": "1.0.1", "visible_controls": [] }, { "aliases": [ "app-clicon-lotus", "lotus \u2014 ai citation intelligence", "Lotus \u2014 AI Citation Intelligence", "lotus-ai-citation-intelligence", "mcp:app-clicon-lotus", "mcp-app-clicon-lotus", "https-github-com-martinendara-agentic-seo-lotus", "https://github.com/martinendara/agentic-seo-lotus", "martinendara/agentic-seo-lotus", "martinendara-agentic-seo-lotus", "agentic-seo-lotus" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:martinendara/agentic-seo-lotus", "canonical_url": "https://github.com/martinendara/agentic-seo-lotus", "description": "GEO Intelligence Engine for B2B. Analyze domains and fetch actionable defense code.", "discovery_status": "observed", "display_name": "Lotus \u2014 AI Citation Intelligence", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.215664+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "app-clicon-lotus", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "app.clicon/lotus", "repo_url": "https://github.com/martinendara/agentic-seo-lotus", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "app-clicon-lotus", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:app-clicon-lotus", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/app-clicon-lotus.html", "url": "https://github.com/martinendara/agentic-seo-lotus", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "1.0.0", "visible_controls": [] }, { "aliases": [ "app-cnvs-whiteboard", "cnvs-app", "cnvs.app", "mcp-app-cnvs-whiteboard", "mcp:app-cnvs-whiteboard", "lksrz/cnvs-whiteboard-skills", "https://github.com/lksrz/cnvs-whiteboard-skills", "https-github-com-lksrz-cnvs-whiteboard-skills", "lksrz-cnvs-whiteboard-skills", "cnvs-whiteboard-skills" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:lksrz/cnvs-whiteboard-skills", "canonical_url": "https://github.com/lksrz/cnvs-whiteboard-skills", "description": "Zero-auth real-time collaborative whiteboard with MCP \u2014 AI agents + humans edit the same board live.", "discovery_status": "observed", "display_name": "cnvs.app", "ecosystem": "mcp", "evidence_score": 29, "evidence_status": "awaiting verification", "findings": 1, "generated_at": "2026-06-07T19:20:29.215698+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "source_code_visible", "tool_definitions_visible", "tool_names_extracted", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "app-cnvs-whiteboard", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "app.cnvs/whiteboard", "repo_url": "https://github.com/lksrz/cnvs-whiteboard-skills", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "app-cnvs-whiteboard", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:app-cnvs-whiteboard", "tools": [], "tools_count": 0, "top_findings": [ "Install risk pattern: unpinned_dependency \u2014 mcp-listen/package.json:7" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/app-cnvs-whiteboard.html", "url": "https://github.com/lksrz/cnvs-whiteboard-skills", "verdict_label": "Sandbox/Test OK", "version": "1.0.1", "visible_controls": [] }, { "aliases": [ "app-contendeo-contendeo", "Contendeo", "contendeo", "mcp:app-contendeo-contendeo", "mcp-app-contendeo-contendeo", "0xKaroshi/contendeo-mcp", "https-github-com-0xkaroshi-contendeo-mcp", "https://github.com/0xkaroshi/contendeo-mcp", "https://github.com/0xKaroshi/contendeo-mcp", "0xkaroshi/contendeo-mcp", "0xkaroshi-contendeo-mcp", "contendeo-mcp" ], "answer": "Source Not Verified", "bottom_line": "Low observed static risk. Sandbox OK, not production approval.", "canonical_id": "github:0xkaroshi/contendeo-mcp", "canonical_url": "https://github.com/0xkaroshi/contendeo-mcp", "description": "Multimodal video analysis MCP \u2014 transcription, vision, and OCR for any video URL.", "discovery_status": "observed", "display_name": "Contendeo", "ecosystem": "mcp", "evidence_score": 43, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.215733+00:00", "install_label": "Source Not Verified", "install_posture": "Sandbox OK", "internal_verdict": "low_observed_risk", "missing_evidence": [ "package_or_dependency_file_visible", "install_or_runtime_config_visible", "env_or_credential_examples_visible", "dangerous_capabilities_observable" ], "name": "app-contendeo-contendeo", "normalized_repo_url_from": "url", "posture": "sandbox_ok", "profile_version": "0.4", "recommended_controls": [ "Install in a sandbox before team or production use.", "Pin the exact package/repository version.", "Review install scripts, Dockerfile behavior, and dependency pins." ], "registry_name": "app.contendeo/contendeo", "repo_url": "https://github.com/0xKaroshi/contendeo-mcp", "risk_band": "low", "risk_model": "capability_minus_visible_controls", "risk_type": "install_chain", "score": null, "score_adjusted": false, "slug": "app-contendeo-contendeo", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:app-contendeo-contendeo", "tools": [ "Karoshi", "batch_analyze", "clip_context", "contendeo", "deep_analyze", "quick_transcribe" ], "tools_count": 6, "top_findings": [], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/app-contendeo-contendeo.html", "url": "https://github.com/0xKaroshi/contendeo-mcp", "verdict_label": "Sandbox/Test OK", "version": "0.1.0", "visible_controls": [] }, { "aliases": [ "app-cooperpetcare-www-cooper", "mcp:app-cooperpetcare-www-cooper", "mcp-app-cooperpetcare-www-cooper", "https-github-com-somoscooper-cooper-webapp", "https://github.com/somoscooper/cooper-webapp", "somoscooper/cooper-webapp", "somoscooper-cooper-webapp", "cooper-webapp" ], "answer": "Source Not Verified", "bottom_line": "Source could not be fetched or resolved from registry metadata. Treat as insufficient evidence until the source path is fixed or reviewed.", "canonical_id": "github:somoscooper/cooper-webapp", "canonical_url": "https://github.com/somoscooper/cooper-webapp", "description": "Cooper: cat\u00e1logo, cobertura, razas y turnos del marketplace argentino de cuidado canino.", "discovery_status": "observed", "display_name": "app-cooperpetcare-www-cooper", "ecosystem": "mcp", "evidence_score": 0, "evidence_status": "awaiting verification", "findings": 0, "generated_at": "2026-06-07T19:20:29.215740+00:00", "install_label": "Source Not Verified", "install_posture": "Insufficient Evidence", "missing_evidence": [ "source repository or archive could not be fetched", "runtime tool surface not scanned", "visible controls not verified" ], "name": "app-cooperpetcare-www-cooper", "normalized_repo_url_from": "url", "posture": "insufficient_evidence", "profile_version": "0.4", "recommended_controls": [ "Do not install from this profile alone.", "Verify the repository URL and default branch manually.", "Ask the maintainer to fix registry source metadata.", "Rerun ToolProof after source metadata is corrected." ], "registry_name": "app.cooperpetcare.www/cooper", "repo_url": "https://github.com/somoscooper/cooper-webapp", "risk_band": "unknown", "risk_model": "source_unavailable", "risk_type": "source_unavailable", "score": null, "score_adjusted": false, "slug": "app-cooperpetcare-www-cooper", "source_error_kind": "source_unavailable_404", "source_registry": "official_mcp_registry", "toolproof_id": "mcp:app-cooperpetcare-www-cooper", "tools": [], "tools_count": 0, "top_findings": [ "Source fetch unresolved \u2014 source_unavailable_404" ], "transport": { "has_packages": false, "has_remotes": true, "package_registry_types": [], "remote_types": [ "streamable-http" ], "requires_secret_header": false }, "trust_profile_url": "./servers/app-cooperpetcare-www-cooper.html", "url": "https://github.com/somoscooper/cooper-webapp", "verdict": "insufficient_evidence", "verdict_label": "Source Not Verified", "version": "0.6.0", "visible_controls": [] }, { "aliases": [ "ndasentry-mcp", "mcp-ndasentry-mcp", "mcp:ndasentry-mcp", "https://github.com/valtirman/ndasentry-mcp", "valtirman/ndasentry-mcp", "https-github-com-valtirman-ndasentry-mcp", "valtirman-ndasentry-mcp" ], "answer": "Needs Oversight", "attempted_scan": true, "canonical_id": "github:valtirman/ndasentry-mcp", "canonical_url": "https://github.com/valtirman/ndasentry-mcp", "capabilities": [ "2 MCP tool declaration(s) inferred", "Environment/API key configuration indicators", "MCP/server implementation evidence found", "Network access indicators" ], "concerns": [], "controls": [ "Containerization evidence observed", "Explicit secret/env configuration language observed", "License file or license language observed", "Restriction/least-privilege language observed", "Test framework or tests mentioned" ], "display_name": "ndasentry-mcp", "install_label": "Needs Oversight", "name": "ndasentry-mcp", "normalized_repo_url_from": "url", "observed_at": "2026-06-08T19:44:52Z", "posture": "Moderate Evidence", "profile_path": "servers/ndasentry-mcp.json", "profile_status": "Needs Oversight", "repo_url": "https://github.com/valtirman/ndasentry-mcp", "score": 73, "slug": "ndasentry-mcp", "source_url": "https://github.com/valtirman/ndasentry-mcp", "tool_count": 2, "toolproof_id": "mcp:ndasentry-mcp", "tools": [ "preview_nda_risk", "get_nda_report" ], "trust_profile_url": "./servers/ndasentry-mcp.html", "url": "https://github.com/valtirman/ndasentry-mcp", "verdict": "Needs Oversight", "verdict_label": "Needs Oversight", "why": "Fetched 10 source file(s). Inferred 2 MCP tool(s), 3 capability signal(s), 5 control signal(s), and no unresolved scanner concerns." } ]