MCPSafe.io

Security pre-install checks for MCP servers.

Mostly safe — a couple of notes worth reading.

github · awesome-mcp-serversHEAD

Scanned 5/12/2026, 7:16:28 PM·Cached result·Deep Scan·91 rules·How we decide ↗

Judge panel5/5reviewed

Per-tool scores in Signals tab

AIVSS Score

2.3/ 10

Low

Severity Breakdown

critical

high

medium

low

MCP Server Information

Packageawesome-mcp-servers

VersionHEAD

SourceGITHUB

LicenseMIT

Publisherpunkpeye

Package age1y 5m

Stars86.8K

Downloads/wk—

Dependencies0

Homepagehttps://glama.ai/mcp/servers

Repositoryhttps://github.com/punkpeye/awesome-mcp-servers

Findings

3 of 3 findings

medium (3)

3 findings

medium (3)

AIVSS 2.3CVSS 3.5

GitHub Actions `uses:` reference is not pinned to a 40-character commit SHA. Tags (`@v4`) and branches (`@main`) are mutable — a compromised maintainer or a tag rewrite can substitute malicious code into your CI pipeline silently. Pin to a SHA: `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab`. For readability, include the version as a trailing comment: `# v4.1.1`. Tools like `pinact` / `ratchet` automate this. Allowed unpinned forms (excluded by the rule): - Local actions `.

Evidence

ref: ${{ github.event.pull_request.base.ref }}

      - name: Validate PR submission
        uses: actions/github-script@v7
        with:
          script: |
            const fs = require('fs');

RemediationAI

The problem is that `actions/github-script@v7` uses a mutable tag reference instead of a pinned commit SHA, allowing a compromised maintainer to inject malicious code into your CI pipeline. Replace `uses: actions/github-script@v7` with `uses: actions/github-script@e69ef5462fd455e02edcdb487b6fab5b33fac9ba # v7.0.1` (substitute the actual SHA for v7 from the GitHub Actions repository). This fix ensures that your workflow always executes the exact version you tested and approved, preventing silent code substitution attacks. Verify the fix by running `git log --oneline actions/github-script` in the actions/github-script repository to confirm the SHA corresponds to the intended version tag.

Report false positive →

AIVSS 2.3CVSS 3.5

Evidence

runs-on: ubuntu-latest
    steps:
      - name: Post welcome comment
        uses: actions/github-script@v7
        with:
          script: |
            const { owner, repo } = context.repo;

RemediationAI

Report false positive →

AIVSS 2.3CVSS 3.5

Evidence

runs-on: ubuntu-latest
    steps:
      - name: Checkout base branch
        uses: actions/checkout@v4
        with:
          ref: ${{ github.event.pull_request.base.ref }}

RemediationAI

The problem is that `actions/checkout@v4` uses a mutable tag reference instead of a pinned commit SHA, allowing a compromised maintainer to inject malicious code into your CI pipeline. Replace `uses: actions/checkout@v4` with `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v4.1.1` (substitute the actual current SHA for v4 from the actions/checkout repository). This fix ensures that your workflow always executes the exact version you tested and approved, preventing silent code substitution attacks. Verify the fix by running `git rev-parse v4` in the actions/checkout repository to confirm the SHA corresponds to the v4 tag.

Report false positive →

LLM summary— awesome-mcp-servers:HEAD

This package receives a B grade with a safety score of 90/100 but has a concerning AIVSS score of 2.2/10, indicating potential AI/LLM-specific vulnerabilities. The three medium-severity findings all relate to server configuration issues, which could expose the MCP server to misuse or information disclosure if not properly hardened in your deployment environment. While no critical or high-severity issues were detected, you should review and strengthen the server configuration settings before production use.

AIPer-finding remediation generated by bedrock-claude-haiku-4-5 — 3 of 3 findings. Click any finding to read.

Signal scores

CVE check100

Static100

Publisher identity50

Permissions100

Supply chain76

Server Configuration100

Typosquat100

Package health70

Community82

Secrets & exfil100

Injection risks100

Destructive ops100

LLM judge panel

CVE check

No known CVEs found for this package or its dependencies.

Community trust

No community reports

Security policy: Not found
Advisories: 0

Scan details

Total findings: 3
Affected tools: 0 / 1
Scan type: Deep Scan
Rules run: 91
LLM consensus score: N/A
Scanned: 8h ago
Source: GITHUB

MCP Server Information

Source: GITHUB
Package: awesome-mcp-servers
Version: HEAD
License: MIT
Publisher: punkpeye
Verified: No
Account age: 3y 10m
Added: 1y 5m ago
Homepage: https://glama.ai/mcp/servers
Repository: https://github.com/punkpeye/awesome-mcp-servers
Ecosystem: GitHub
Stars: 86.8K
Forks: 10.1K
Open issues: 1.3K
Dependencies: 0

aimcp

AIVSS Score

2.3/ 10Low

Internal score: 90/100

Severity breakdown

Scan Details

Total findings3

Affected tools0 / 1

Scanned8h ago

Scan modeDEEP

SourceGITHUB

Scan IDpubdeepcc26eebdcdce76fcba0d

Done

Re-scan Scan another package

Building your own MCP server?

Run this exact engine on your private repo — before users see it on /scan.

Same rules, same LLM judges, same grade. Private scans stay isolated to your account and never appear in the public registry. Required for code your team hasn’t shipped yet.

See plans with Private scans How private scans stay private

3 of 3 findings

medium (3)

3 findings

medium (3)

AIVSS 2.3CVSS 3.5

Evidence

ref: ${{ github.event.pull_request.base.ref }}

      - name: Validate PR submission
        uses: actions/github-script@v7
        with:
          script: |
            const fs = require('fs');

RemediationAI

Report false positive →

AIVSS 2.3CVSS 3.5

Evidence

runs-on: ubuntu-latest
    steps:
      - name: Post welcome comment
        uses: actions/github-script@v7
        with:
          script: |
            const { owner, repo } = context.repo;

RemediationAI

Report false positive →

AIVSS 2.3CVSS 3.5

Evidence

runs-on: ubuntu-latest
    steps:
      - name: Checkout base branch
        uses: actions/checkout@v4
        with:
          ref: ${{ github.event.pull_request.base.ref }}

RemediationAI

Report false positive →

54	ref: ${{ github.event.pull_request.base.ref }}
55
56	- name: Validate PR submission
57	uses: actions/github-script@v7
58	with:
59	script: \|
60	const fs = require('fs');

16	runs-on: ubuntu-latest
17	steps:
18	- name: Post welcome comment
19	uses: actions/github-script@v7
20	with:
21	script: \|
22	const { owner, repo } = context.repo;

49	runs-on: ubuntu-latest
50	steps:
51	- name: Checkout base branch
52	uses: actions/checkout@v4
53	with:
54	ref: ${{ github.event.pull_request.base.ref }}