MCPSafe.io

Security pre-install checks for MCP servers.

Mostly safe — a couple of notes worth reading.

github · mcp-serverHEAD

Scanned 5/3/2026, 6:40:51 PM·Cached result·Fast Scan·45 rules·How we decide ↗

AIVSS Score

3.4/ 10

Low

Severity Breakdown

critical

high

medium

low

MCP Server Information

Packagemcp-server

VersionHEAD

SourceGITHUB

LicenseMIT

Publisherharness

Package age11mo

Stars51

Downloads/wk—

Dependencies0

Repositoryhttps://github.com/harness/mcp-server

Findings

29 of 29 findings

high (1)

medium (28)

29 findings

high (1)

AIVSS 3.4CVSS 5.8

File mounts an HTTP route that handles MCP `tools/list` (Express / Fastify / FastAPI / Flask) but the route — and the router it sits behind — has no auth middleware applied. An anonymous client can enumerate every tool the server exposes, scope the attack surface, and (if `tools/call` shares the route) invoke them. Apply auth at the route or router level: Express `passport.authenticate(...)` / a `requireAuth`-style middleware, FastAPI `Depends(get_current_user)` or `Depends(verify_jwt)`, Flask

Evidence

#!/usr/bin/env node

import { randomUUID } from "node:crypto";
import { appendFileSync } from "node:fs";
import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
import { createMcpExpressApp } from "@modelcontextprotocol/sdk/server/express.js";
import { loadConfig, type Config } from "./config.js";
import

Remediation

Apply auth middleware at the route or router level: - Express / Fastify / Koa: `passport.authenticate(...)`, `requireAuth`, `verifyToken`, or an equivalent JWT middleware applied via `router.use(authMw)` or as a per-route handler. - FastAPI: `Depends(get_current_user)`, `OAuth2PasswordBearer`, `HTTPBearer`, or `verify_jwt` dependency. - Flask: `@login_required`, `@auth_required`, `@jwt_required`, or call `verify_jwt_in_request()` in the handler. Mounting MCP behind a s

1	#!/usr/bin/env node
2
3	import { randomUUID } from "node:crypto";
4	import { appendFileSync } from "node:fs";
5	import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
6	import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
7	import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
8	import { createMcpExpressApp } from "@modelcontextprotocol/sdk/server/express.js";
9	import { loadConfig, type Config } from "./config.js";
10	import

391	log.debug(`STREAM ${method} ${url}`);
392
393	const response = await fetch(url, { method, headers, body: bodyString, signal });
394
395	clearTimeout(timer);

72	async function fetchSchema(version, name) {
73	const url = `${BASE_URL}/${version}/${name}.json`;
74	console.log(`Downloading ${version}/${name} schema...`);
75	const res = await fetch(url);
76	if (!res.ok) {
77	console.error(`Failed to fetch ${version}/${name}: ${res.statusText}`);
78	process.exit(1);

25	description: "Execute an action on a Harness resource: run/retry/interrupt pipelines, kill/restore FME feature flags, test connectors, sync GitOps apps, run chaos experiments. You can pass a Harness URL to auto-extract identifiers.",
26	inputSchema: {
27	resource_type: resourceTypeSchema(executableTypes).optional().describe("Resource type with executable actions. Auto-detected from url."),
28	url: z.string().describe("Harness UI URL — auto-extracts org, project, type, and ID").optio

1409	{
1410	"type": "object",
1411	"properties": {
1412	"path": {
1413	"type": "string"
1414	},
1415	"bucket": {
1416	"type": "string"
1417	},

2252	{
2253	"type": "object",
2254	"properties": {
2255	"expression": {
2256	"type": "string"
2257	},
2258	"type": {
2259	"type": "string"
2260	},

43	{
44	description: "Search across multiple Harness resource types. Returns results ranked by relevance. Accepts a Harness URL for scope.",
45	inputSchema: {
46	query: z.string().describe("Search term"),
47	resource_types: z.array(z.enum(listableTypes)).describe("Types to search (defaults to all listable)").optional(),
48	url: z.string().describe("Harness UI URL — auto-extracts org and project").optional(),
49	org_id: z.string().describe("Organization identifier (override

21	inputSchema: {
22	resource_type: resourceTypeSchema(updatableTypes).describe("The type of resource to update"),
23	resource_id: z.string().describe("The identifier of the resource to update"),
24	url: z.string().describe("A Harness UI URL — org, project, resource type, and ID are extracted automatically").optional(),
25	body: z.union([
26	z.record(z.string(), z.unknown()),
27	z.string(),

76	inputSchema: {
77	org_id: z.string().describe("Organization identifier (overrides default)").optional(),
78	project_id: z.string().describe("Project identifier (overrides default)").optional(),
79	url: z.string().describe("A Harness UI URL — org and project are extracted automatically").optional(),
80	limit: z.number().describe("Max items per section (default 5, max 20)").default(5).optional(),
81	include_visual: z.boolean().describe("Include visual health dashboard imag

1094	"filter": {
1095	"type": "string"
1096	},
1097	"path": {
1098	"type": "string"
1099	},
1100	"connector": {
1101	"type": "string"
1102	},

1120	"format": {
1121	"type": "string"
1122	},
1123	"url": {
1124	"type": "string"
1125	}
1126	}
1127	},
1128	"azure_artifact": {

1214	{
1215	"type": "object",
1216	"properties": {
1217	"path": {
1218	"type": "string"
1219	},
1220	"conditions": {
1221	"$ref": "#/definitions/trigger_v1/artifact_trigger/conditions"
1222	},

1438	{
1439	"type": "object",
1440	"properties": {
1441	"path": {
1442	"type": "string"
1443	},
1444	"build": {
1445	"type": "string"
1446	},

2040	"expression"
2041	],
2042	"properties": {
2043	"expression": {
2044	"type": "string"
2045	},
2046	"type": {
2047	"type": "string"
2048	}

40	inputSchema: {
41	resource_type: z.enum(DIAGNOSE_TYPES).describe("Resource type to diagnose. Auto-detected from url if provided. Defaults to pipeline.").optional(),
42	resource_id: z.string().describe("Primary identifier of the resource (connector ID, delegate name). Auto-detected from url if provided.").optional(),
43	url: z.string().describe("A Harness URL — resource type, org, project, and ID are extracted automatically").optional(),
44	org_id: z.string().describe("Organiz

24	z.record(z.string(), z.unknown()),
25	z.string(),
26	]).describe("The resource definition body. For pipelines: pass a YAML string directly, or an object with yamlPipeline (YAML string) or pipeline (JSON object). For other resources: pass a JSON object"),
27	url: z.string().describe("A Harness UI URL — org and project are extracted automatically").optional(),
28	org_id: z.string().describe("Organization identifier (overrides default)").optional(),
29	project_id: z.strin

1242	"type": "string"
1243	}
1244	},
1245	"script": {
1246	"type": "string"
1247	},
1248	"version": {
1249	"type": "string"
1250	},

20	inputSchema: {
21	resource_type: resourceTypeSchema(gettableTypes).optional().describe("Resource type to retrieve. Auto-detected from url."),
22	resource_id: z.string().describe("Primary resource identifier. Auto-detected from url.").optional(),
23	url: z.string().describe("Harness UI URL — auto-extracts org, project, type, and ID").optional(),
24	org_id: z.string().describe("Organization identifier (overrides default)").optional(),
25	project_id: z.string().describe("Pr

20	inputSchema: {
21	resource_type: resourceTypeSchema(deletableTypes).describe("The type of resource to delete"),
22	resource_id: z.string().describe("The identifier of the resource to delete"),
23	url: z.string().describe("A Harness UI URL — org, project, resource type, and ID are extracted automatically").optional(),
24	org_id: z.string().describe("Organization identifier (overrides default)").optional(),
25	project_id: z.string().describe("Project identifier (overrides

1256	"type": "string"
1257	}
1258	},
1259	"script": {
1260	"type": "string"
1261	},
1262	"version": {
1263	"type": "string"
1264	},

1068	"conditions": {
1069	"$ref": "#/definitions/trigger_v1/artifact_trigger/conditions"
1070	},
1071	"path_regex": {
1072	"type": "string"
1073	},
1074	"region": {
1075	"type": "string"
1076	}

29	description: "List Harness resources with filtering and pagination. Accepts a Harness URL to auto-extract scope.",
30	inputSchema: {
31	resource_type: resourceTypeSchema(listableTypes).optional().describe("Resource type to list. Auto-detected from url."),
32	url: z.string().describe("Harness UI URL — auto-extracts org, project, and type").optional(),
33	org_id: z.string().describe("Organization identifier (overrides default)").optional(),
34	project_id: z.string().describe

14	uses: actions/checkout@v4
15
16	- name: Setup Node.js
17	uses: actions/setup-node@v4
18	with:
19	node-version: 20

27	run: node scripts/sync-schemas.js
28
29	- name: Create Pull Request
30	uses: peter-evans/create-pull-request@v6
31	with:
32	commit-message: "chore: auto-sync harness schemas"
33	title: "chore: auto-sync harness schemas"

github · mcp-serverHEAD

high (1)

medium (28)

high (1)

medium (28)

LLM summary— mcp-server:HEAD

Signal scores

LLM judge panel

CVE check

Community trust

Scan details

Tool heatmap

MCP Server Information

Run this exact engine on your private repo — before users see it on /scan.

high (1)

medium (28)

high (1)

medium (28)

Tool heatmap

Severity breakdown

11	runs-on: ubuntu-latest
12	steps:
13	- name: Checkout repository
14	uses: actions/checkout@v4
15
16	- name: Setup Node.js
17	uses: actions/setup-node@v4

14	node-version: [20, 22]
15	steps:
16	- uses: actions/checkout@v4
17	- uses: pnpm/action-setup@v4
18	- uses: actions/setup-node@v4
19	with:
20	node-version: ${{ matrix.node-version }}

13	matrix:
14	node-version: [20, 22]
15	steps:
16	- uses: actions/checkout@v4
17	- uses: pnpm/action-setup@v4
18	- uses: actions/setup-node@v4
19	with: