Touchstone research powers the deeper checks behind public registry scores and publisher reviews.
The type() method in mobile-use performs incomplete shell escaping when sending text to Android devices via ADB. While it escapes whitespace and double quotes, it does...
Read advisoryThe command validation in desktop-commander uses a blocklist approach that can be bypassed using $() command substitution or backtick substitution. For example, $(curl...
Read advisoryThe node:local feature in desktop-commander allows arbitrary code execution by writing user-provided JavaScript to a temporary .mjs file and executing it with Node.js....
Read advisorygoogle-adk's DatabaseSessionService supports both a v0 schema (ADK 1.19.0–1.21.0) and a v1 schema. The service detects the existing schema version on startup and uses...
Read advisoryThe navigate MCP tool (mcp-server.js:41-48), HTTP /navigate endpoint (server.js:44-49), and batch action handler (mcp-server.js:339-342) all pass user-supplied URLs di...
Read advisoryThe Express HTTP server in server.js listens on port 3033 (configurable via PORT env var) bound to all network interfaces (0.0.0.0 — Express default when no host is sp...
Read advisorychrome-local-mcp exposes an eval MCP tool (mcp-server.js:198-205) and an HTTP /eval endpoint (server.js:117-122) that pass user-supplied JavaScript strings directly to...
Read advisory`@osematouati/notion-mcp-server` (versions 1.8.1–1.8.2) is a third-party npm republication of the official Notion MCP server, published by a single maintainer (`osemat...
Read advisoryAll 7 published versions (0.0.1 through 0.0.8) of `@gongrzhe/server-gmail-mcp` on npm lack provenance attestation. The npm registry metadata contains `dist.signatures`...
Read advisory63 checks feed 12 public score categories.
OAuth 2.1 implementation, PKCE enforcement, token storage, HTTPS enforcement, scope analysis, session management, RFC 8707 compliance.
Prompt injection in tool schemas, parameter poisoning, obfuscated payloads, tool shadowing, rug pull detection, dangerous capability combinations.
SSRF via tool parameters, cloud metadata endpoint access, command injection, SQL injection, path traversal, URL scheme validation.
Credential patterns in schemas, PII exposure, secrets in error messages, sensitive data in URL parameters, cross-server data leakage.
npm provenance verification, known CVE matching, typosquat detection, maintainer reputation, source repo verification, abandonment detection.
Network binding audit, TLS enforcement, rate limiting, CORS configuration, error handling, security headers, DNS rebinding protection.
Guardrail bypass patterns, response size limits, timeout enforcement, and concurrency safety signals that feed buyer confidence and deeper review.
Google A2A Agent Card security: prompt injection in descriptions, obfuscated content, identity spoofing, HTTPS enforcement, capability over-privilege.
Demographic signal detection in tool parameters, differential treatment risk assessment, and data governance gap analysis. Maps to EU AI Act Article 10.
CraftedTrust