MCPSafe.io

Security pre-install checks for MCP servers.

Mostly safe — a couple of notes worth reading.

github · line-bot-mcp-servera2779337c3dd

Scanned 5/3/2026, 7:37:07 PM·Cached result·Fast Scan·88 rules·How we decide ↗

AIVSS Score

2.5/ 10

Low

Severity Breakdown

critical

high

medium

low

MCP Server Information

Packageline-bot-mcp-server

Versiona2779337c3dd

SourceGITHUB

LicenseApache-2.0

Publisherline

Package age1y 0m

Stars576

Downloads/wk—

Dependencies0

Repositoryhttps://github.com/line/line-bot-mcp-server

Findings

4 of 4 findings

medium (4)

4 findings

medium (4)

AIVSS 2.5CVSS 4.0

Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).

Evidence

let lastErr = null;
    for (let i = 1; i <= retryCount; i++) {
      try {
        const response = await fetch(url);
        if (!response.ok) {
          throw new Error(`HTTP ${response.status} ${response.statusText}`);
        }

Remediation

Pass timeout= on every call: - HTTP: `requests.get(url, timeout=5)`, `httpx.get(url, timeout=5.0)` - Node fetch: `AbortSignal.timeout(5000)` - Subprocess: `subprocess.run(["cmd"], timeout=30, check=True)` Pick a value short enough to fail fast and retry.

Report false positive →

AIVSS 2.3CVSS 3.5

MCP manifest declares tools but no authentication field is present (none of: auth, authorization, bearer, oauth, mtls, apiKey, api_key, basic, token, authToken). Absence is a weak signal — confirm whether the server relies on network-layer or host-level auth, or declare the real mechanism explicitly so reviewers can audit it.

Evidence

{
  "dxt_version": "0.1",
  "name": "line-bot-mcp-server",
  "display_name": "LINE Official Account",
  "icon": "assets/icon.png",
  "version": "0.3.0",
  "description": "MCP server that bridges AI agents with LINE Messaging API for automated interactions",
  "long_description": "This extension enables Claude Desktop to interact with LINE Messaging API, providing tools for sending messages, managing rich menus, and retrieving user profiles through LINE Official Accounts.",
  "author": {
    "nam

Remediation

Declare a real authentication mechanism in the manifest, matching what the running server actually enforces: - `"auth": "bearer"` with a token scheme documented for callers - `"auth": "oauth"` / `"oauth2": { ... }` for delegated flows - `"apiKey": { "header": "X-API-Key", "prefix": "..." }` - `"mtls": true` when client certificates are required If the server is intentionally unauthenticated (stdio-only, local developer tool, trusted-host network), document the assumption in the manifest via a `"

Report false positive →

AIVSS 2.3CVSS 3.5

Evidence

[日本語版 READMEはこちら](README.ja.md)

# LINE Bot MCP Server

[![npmjs](https://badge.fury.io/js/%40line%2Fline-bot-mcp-server.svg)](https://www.npmjs.com/package/@line/line-bot-mcp-server)

[Model Context Protocol (MCP)](https://github.com/modelcontextprotocol) server implementation that integrates the LINE Messaging API to connect an AI Agent to the LINE Official Account.

![](/assets/demo.png)

> [!NOTE]
> This repository is provided as a preview version. While we offer it for experimental purposes

Remediation

Report false positive →

AIVSS 2.3CVSS 3.5

Evidence

# LINE Bot MCP Server

[![npmjs](https://badge.fury.io/js/%40line%2Fline-bot-mcp-server.svg)](https://www.npmjs.com/package/@line/line-bot-mcp-server)

LINE公式アカウントとAI Agentを接続するために、LINE Messaging APIを統合する[Model Context Protocol (MCP)](https://github.com/modelcontextprotocol) Server

![](/assets/demo.ja.png)

> [!NOTE]
> このリポジトリはプレビュー版として提供されています。実験的な目的で提供されており、完全な機能や包括的なサポートが含まれていないことにご注意ください。

## Tools

1. **push_text_message**
   - LINEでユーザーにシンプルなテキストメッセージを送信する。
   - **入力:**
     - `userId` (s

Remediation

Report false positive →

LLM summary— line-bot-mcp-server:a2779337c3dd

This package earns a B grade with a safety score of 94/100 but carries moderate risk from four medium-severity findings focused on resource exhaustion and server configuration issues. The resource exhaustion vulnerability could allow denial-of-service attacks under certain conditions, while the server configuration gaps may expose the MCP server to unnecessary attack surface. These issues are manageable through proper deployment hardening and resource limits, but should be addressed before production use.

Signal scores

Static92

LLM consensus90

Supply chain100

Server Configuration100

Package health85

Community82

Secrets & exfil100

Destructive ops100

CVE check100

Publisher identity90

Permissions76

Typosquat100

Injection risks100

LLM judge panel

CVE check

No known CVEs found for this package or its dependencies.

Community trust

No community reports

Security policy: Not found
Advisories: 0

Scan details

Total findings: 4
Affected tools: 0 / 1
Scan type: Fast Scan
Rules run: 88
LLM consensus score: 90/100
Scanned: 9d ago
Source: GITHUB

MCP Server Information

Source: GITHUB
Package: line-bot-mcp-server
Version: a2779337c3dd
License: Apache-2.0
Publisher: line
Verified: Yes
Account age: 10y 10m
Added: 1y 0m ago
Versions: 576
Repository: https://github.com/line/line-bot-mcp-server
Ecosystem: GitHub
Stars: 576
Forks: 104
Open issues: 13
Dependencies: 0

linelinebotmcpmcp-server

AIVSS Score

2.5/ 10Low

Internal score: 94/100

Severity breakdown

Scan Details

Total findings4

Affected tools0 / 1

LLM consensus score90/100

Scanned9d ago

Scan modeFAST

SourceGITHUB

Scan IDpubdeep1257795d0c102f5c6221

Want deeper analysis?

Fast scan found 4 findings using rule-based analysis. Upgrade for LLM consensus across 5 judges, AI-generated remediation, and cross-file taint analysis.

View plans Scan another package

Building your own MCP server?

Run this exact engine on your private repo — before users see it on /scan.

Same rules, same LLM judges, same grade. Private scans stay isolated to your account and never appear in the public registry. Required for code your team hasn’t shipped yet.

See plans with Private scans How private scans stay private

4 of 4 findings

medium (4)

4 findings

medium (4)

AIVSS 2.5CVSS 4.0

Evidence

let lastErr = null;
    for (let i = 1; i <= retryCount; i++) {
      try {
        const response = await fetch(url);
        if (!response.ok) {
          throw new Error(`HTTP ${response.status} ${response.statusText}`);
        }

Remediation

Report false positive →

AIVSS 2.3CVSS 3.5

Evidence

{
  "dxt_version": "0.1",
  "name": "line-bot-mcp-server",
  "display_name": "LINE Official Account",
  "icon": "assets/icon.png",
  "version": "0.3.0",
  "description": "MCP server that bridges AI agents with LINE Messaging API for automated interactions",
  "long_description": "This extension enables Claude Desktop to interact with LINE Messaging API, providing tools for sending messages, managing rich menus, and retrieving user profiles through LINE Official Accounts.",
  "author": {
    "nam

Remediation

Report false positive →

AIVSS 2.3CVSS 3.5

Evidence

[日本語版 READMEはこちら](README.ja.md)

# LINE Bot MCP Server

[![npmjs](https://badge.fury.io/js/%40line%2Fline-bot-mcp-server.svg)](https://www.npmjs.com/package/@line/line-bot-mcp-server)

[Model Context Protocol (MCP)](https://github.com/modelcontextprotocol) server implementation that integrates the LINE Messaging API to connect an AI Agent to the LINE Official Account.

![](/assets/demo.png)

> [!NOTE]
> This repository is provided as a preview version. While we offer it for experimental purposes

Remediation

Report false positive →

AIVSS 2.3CVSS 3.5

Evidence

# LINE Bot MCP Server

[![npmjs](https://badge.fury.io/js/%40line%2Fline-bot-mcp-server.svg)](https://www.npmjs.com/package/@line/line-bot-mcp-server)

LINE公式アカウントとAI Agentを接続するために、LINE Messaging APIを統合する[Model Context Protocol (MCP)](https://github.com/modelcontextprotocol) Server

![](/assets/demo.ja.png)

> [!NOTE]
> このリポジトリはプレビュー版として提供されています。実験的な目的で提供されており、完全な機能や包括的なサポートが含まれていないことにご注意ください。

## Tools

1. **push_text_message**
   - LINEでユーザーにシンプルなテキストメッセージを送信する。
   - **入力:**
     - `userId` (s

Remediation

Report false positive →

123	let lastErr = null;
124	for (let i = 1; i <= retryCount; i++) {
125	try {
126	const response = await fetch(url);
127	if (!response.ok) {
128	throw new Error(`HTTP ${response.status} ${response.statusText}`);
129	}

1	{
2	"dxt_version": "0.1",
3	"name": "line-bot-mcp-server",
4	"display_name": "LINE Official Account",
5	"icon": "assets/icon.png",
6	"version": "0.3.0",
7	"description": "MCP server that bridges AI agents with LINE Messaging API for automated interactions",
8	"long_description": "This extension enables Claude Desktop to interact with LINE Messaging API, providing tools for sending messages, managing rich menus, and retrieving user profiles through LINE Official Accounts.",
9	"author": {
10	"nam

1	[日本語版 READMEはこちら](README.ja.md)
2
3	# LINE Bot MCP Server
4
5	[![npmjs](https://badge.fury.io/js/%40line%2Fline-bot-mcp-server.svg)](https://www.npmjs.com/package/@line/line-bot-mcp-server)
6
7	[Model Context Protocol (MCP)](https://github.com/modelcontextprotocol) server implementation that integrates the LINE Messaging API to connect an AI Agent to the LINE Official Account.
8
9	![](/assets/demo.png)
10
11	> [!NOTE]
12	> This repository is provided as a preview version. While we offer it for experimental purposes

1	# LINE Bot MCP Server
2
3	[![npmjs](https://badge.fury.io/js/%40line%2Fline-bot-mcp-server.svg)](https://www.npmjs.com/package/@line/line-bot-mcp-server)
4
5	LINE公式アカウントとAI Agentを接続するために、LINE Messaging APIを統合する[Model Context Protocol (MCP)](https://github.com/modelcontextprotocol) Server
6
7	![](/assets/demo.ja.png)
8
9	> [!NOTE]
10	> このリポジトリはプレビュー版として提供されています。実験的な目的で提供されており、完全な機能や包括的なサポートが含まれていないことにご注意ください。
11
12	## Tools
13
14	1. push_text_message
15	- LINEでユーザーにシンプルなテキストメッセージを送信する。
16	- 入力:
17	- `userId` (s