Tracked packageView full profile for RedNote-MCP

MCPSafe.io

Security pre-install checks for MCP servers.

Mostly safe — a couple of notes worth reading.

Compare to another server

github · RedNote-MCPHEAD

Item: RedNote-MCP
Rating: 4
Author: MCPSafe

Scanned 5/3/2026, 6:46:24 PM·Cached result·Fast Scan·45 rules·How we decide ↗

AIVSS Score

2.3/ 10

Low

Severity Breakdown

critical

high

medium

low

MCP Server Information

PackageRedNote-MCP

VersionHEAD

SourceGITHUB

LicenseMIT

PublisheriFurySt

Package age1y 0m

Stars1.0K

Downloads/wk—

Dependencies0

Repositoryhttps://github.com/iFurySt/RedNote-MCP

Findings

4 of 4 findings

medium (4)

4 findings

medium (4)

AIVSS 2.3CVSS 3.5

MCP tool input schema exposes an unconstrained string/any field with a risky name (command/query/sql/code/script/url/path/expr/ eval). Any caller can pass arbitrary values, which typically widens the tool's blast radius well beyond its intent. Narrow the schema with `.enum()`, `.regex()`, `.max()`, `Literal[...]`, Pydantic `Field(max_length=..., pattern=...)`, or a JSON Schema `enum` / `pattern` / `maxLength`.

Evidence

'get_note_content',
  '获取笔记内容',
  {
    url: z.string().describe('笔记 URL')
  },
  async ({ url }: { url: string }) => {
    logger.info(`Getting note content for URL: ${url}`)

Remediation

Shape the schema to the tool's actual intent: - Zod: chain `.enum([...])`, `.regex(/.../)`, or `.max(n)`; prefer `z.enum([...])` or `z.literal(...)` when the value set is small. - Pydantic: use `Literal["a", "b"]` or `Field(max_length=..., pattern=r"...")`. - JSON Schema: add `"enum"`, `"pattern"`, or `"maxLength"` to the property. An overbroad schema is an "overpowered tool" — the model has nothing to prevent it from calling the tool with input far beyond what the tool's prose contract

Report false positive

AIVSS 2.3CVSS 3.5

Evidence

'get_note_comments',
  '获取笔记评论',
  {
    url: z.string().describe('笔记 URL')
  },
  async ({ url }: { url: string }) => {
    logger.info(`Getting comments for URL: ${url}`)

Remediation

Report false positive

AIVSS 2.3CVSS 3.5

GitHub Actions `uses:` reference is not pinned to a 40-character commit SHA. Tags (`@v4`) and branches (`@main`) are mutable — a compromised maintainer or a tag rewrite can substitute malicious code into your CI pipeline silently. Pin to a SHA: `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab`. For readability, include the version as a trailing comment: `# v4.1.1`. Tools like `pinact` / `ratchet` automate this. Allowed unpinned forms (excluded by the rule): - Local actions `.

Evidence

- uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20.18.0'
          registry-url: 'https://registry.npmjs.org'

Remediation

Pin every `uses:` to a 40-character commit SHA. Trailing comment with the version helps reviewers: `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v4.1.1` Automate the migration with `pinact` (https://github.com/suzuki-shunsuke/pinact) or `ratchet` (https://github.com/sethvargo/ratchet). Add a `pinact run --check` pre-commit hook so future PRs stay pinned. Re-pin when the action releases a new version — Dependabot can do this automatically with `version-update-strategy: inc

Report false positive

AIVSS 2.3CVSS 3.5

Evidence

runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4

Remediation

Report false positive

LLM summary— RedNote-MCP:HEAD

This package earned a B grade with a safety score of 88/100 but has a concerning AIVSS score of 2.2/10, indicating potential AI/LLM security weaknesses. Four medium-severity findings related to server configuration were identified, suggesting the MCP server may have improper settings that could expose it to misuse or data leakage. You should review the specific configuration issues before deployment, particularly around how the server handles requests and manages access controls.

Signal scores

Static100

CVE check100

Publisher identity50

Permissions100

Supply chain84

Typosquat100

Package health85

Community82

Secrets & exfil100

Injection risks84

Destructive ops100

LLM judge panel

CVE check

No known CVEs found for this package or its dependencies.

Community trust

No community reports

Security policy: Not found
Advisories: 0

Scan details

Total findings: 4
Affected tools: 0 / 1
Scan type: Fast Scan
Rules run: 45
LLM consensus score: N/A
Scanned: 23d ago
Source: GITHUB

MCP Server Information

Source: GITHUB
Package: RedNote-MCP
Version: HEAD
License: MIT
Publisher: iFurySt
Verified: No
Account age: 10y 4m
Added: 1y 0m ago
Versions: 1045
Repository: https://github.com/iFurySt/RedNote-MCP
Ecosystem: GitHub
Stars: 1.0K
Forks: 171
Open issues: 21
Dependencies: 0

aimcpmcp-serverrednoterednote-mcpxhsxhs-mcp

AIVSS Score

2.3/ 10Low

Internal score: 88/100

Severity breakdown

Scan Details

Total findings4

Affected tools0 / 1

Scanned23d ago

Scan modeFAST

SourceGITHUB

Scan IDpubfast1e66acff6787064e7554

Want deeper analysis?

Fast scan found 4 findings using rule-based analysis. Upgrade for LLM consensus across 5 judges, AI-generated remediation, and cross-file taint analysis.

View plans Scan another package

Building your own MCP server?

Run this exact engine on your private repo — before users see it on /scan.

Same rules, same LLM judges, same grade. Private scans stay isolated to your account and never appear in the public registry. Required for code your team hasn’t shipped yet.

See plans with Private scans How private scans stay private

4 of 4 findings

medium (4)

4 findings

medium (4)

AIVSS 2.3CVSS 3.5

Evidence

'get_note_content',
  '获取笔记内容',
  {
    url: z.string().describe('笔记 URL')
  },
  async ({ url }: { url: string }) => {
    logger.info(`Getting note content for URL: ${url}`)

Remediation

Report false positive

AIVSS 2.3CVSS 3.5

Evidence

'get_note_comments',
  '获取笔记评论',
  {
    url: z.string().describe('笔记 URL')
  },
  async ({ url }: { url: string }) => {
    logger.info(`Getting comments for URL: ${url}`)

Remediation

Report false positive

AIVSS 2.3CVSS 3.5

Evidence

- uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: '20.18.0'
          registry-url: 'https://registry.npmjs.org'

Remediation

Report false positive

AIVSS 2.3CVSS 3.5

Evidence

runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v4

      - name: Setup Node.js
        uses: actions/setup-node@v4

Remediation

Report false positive

90	'get_note_comments',
91	'获取笔记评论',
92	{
93	url: z.string().describe('笔记 URL')
94	},
95	async ({ url }: { url: string }) => {
96	logger.info(`Getting comments for URL: ${url}`)

90	'get_note_comments',
91	'获取笔记评论',
92	{
93	url: z.string().describe('笔记 URL')
94	},
95	async ({ url }: { url: string }) => {
96	logger.info(`Getting comments for URL: ${url}`)

62	'get_note_content',
63	'获取笔记内容',
64	{
65	url: z.string().describe('笔记 URL')
66	},
67	async ({ url }: { url: string }) => {
68	logger.info(`Getting note content for URL: ${url}`)

16	- uses: actions/checkout@v4
17
18	- name: Setup Node.js
19	uses: actions/setup-node@v4
20	with:
21	node-version: '20.18.0'
22	registry-url: 'https://registry.npmjs.org'

13	runs-on: ubuntu-latest
14
15	steps:
16	- uses: actions/checkout@v4
17
18	- name: Setup Node.js
19	uses: actions/setup-node@v4