Mostly safe — a couple of notes worth reading.
Scanned 6/25/2026, 12:10:53 PM·Cached result·Fast Scan·48 rules·How we decide ↗
AIVSS Score
Low
Severity Breakdown
0
critical
0
high
9
medium
0
low
MCP Server Information
Findings
This package earns a B grade with a safety score of 92/100 but carries a moderate AIVSS risk rating of 2.5/10 due to nine medium-severity findings. The issues center on resource exhaustion vulnerabilities (5 findings) and server configuration weaknesses (4 findings) that could allow denial-of-service attacks or misconfigurations if not properly managed. Installation is acceptable for most use cases, but you should review the resource exhaustion and configuration issues before deploying in production environments.
No known CVEs found for this package or its dependencies.
Scan Details
Want deeper analysis?
Fast scan found 9 findings using rule-based analysis. Upgrade for LLM consensus across 5 judges, AI-generated remediation, and cross-file taint analysis.
Building your own MCP server?
Same rules, same LLM judges, same grade. Private scans stay isolated to your account and never appear in the public registry. Required for code your team hasn’t shipped yet.
9 of 9 findings
9 findings
Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).
Evidence
| 152 | def try_run_cmd(cmd: list[str]) -> str: |
| 153 | try: |
| 154 | result = subprocess.run(cmd, capture_output=True, text=True) |
| 155 | return result.stdout.strip() if result.returncode == 0 else "" |
| 156 | except Exception: |
| 157 | return "" |
Remediation
Pass timeout= on every call: - HTTP: `requests.get(url, timeout=5)`, `httpx.get(url, timeout=5.0)` - Node fetch: `AbortSignal.timeout(5000)` - Subprocess: `subprocess.run(["cmd"], timeout=30, check=True)` Pick a value short enough to fail fast and retry.
Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).
Evidence
| 56 | .addBooleanProperty(FAVORITE_PROPERTY, "Required to be true if 'enterpriseId' parameter is omitted. " + |
| 57 | "If true, only returns portfolios favorited by the logged-in user. Cannot be true when 'draft' is true") |
| 58 | .addBooleanProperty(DRAFT_PROPERTY, "If true, only returns drafts created by the logged-in user. Cannot be true when 'favorite' is true") |
| 59 | .addNumberProperty(PAGE_INDEX_PROPERTY, "Index of the page to fetch (default: 1)") |
| 60 | .addNumberProperty(PAGE_SIZE_PROPERT |
Remediation
Pass timeout= on every call: - HTTP: `requests.get(url, timeout=5)`, `httpx.get(url, timeout=5.0)` - Node fetch: `AbortSignal.timeout(5000)` - Subprocess: `subprocess.run(["cmd"], timeout=30, check=True)` Pick a value short enough to fail fast and retry.
Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).
Evidence
| 57 | "If true, only returns portfolios favorited by the logged-in user. Cannot be true when 'draft' is true") |
| 58 | .addBooleanProperty(DRAFT_PROPERTY, "If true, only returns drafts created by the logged-in user. Cannot be true when 'favorite' is true") |
| 59 | .addNumberProperty(PAGE_INDEX_PROPERTY, "Index of the page to fetch (default: 1)") |
| 60 | .addNumberProperty(PAGE_SIZE_PROPERTY, "Size of the page to fetch (default: 50)"); |
| 61 | } else { |
| 62 | builder.setDescription("List portfolios availabl |
Remediation
Pass timeout= on every call: - HTTP: `requests.get(url, timeout=5)`, `httpx.get(url, timeout=5.0)` - Node fetch: `AbortSignal.timeout(5000)` - Subprocess: `subprocess.run(["cmd"], timeout=30, check=True)` Pick a value short enough to fail fast and retry.
Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).
Evidence
| 1047 | - `q` - Optional search query to filter portfolios by name - _String_ |
| 1048 | - `favorite` - Required to be true if 'enterpriseId' parameter is omitted. If true, only returns portfolios favorited by the logged-in user. Cannot be true when 'draft' is true - _Boolean_ |
| 1049 | - `draft` - If true, only returns drafts created by the logged-in user. Cannot be true when 'favorite' is true - _Boolean_ |
| 1050 | - `pageIndex` - Optional index of the page to fetch (default: 1) - _Integer_ |
| 1051 | - `pageSize` - Optional size of t |
Remediation
Pass timeout= on every call: - HTTP: `requests.get(url, timeout=5)`, `httpx.get(url, timeout=5.0)` - Node fetch: `AbortSignal.timeout(5000)` - Subprocess: `subprocess.run(["cmd"], timeout=30, check=True)` Pick a value short enough to fail fast and retry.
Network / IO / subprocess call without an explicit timeout. A malicious or hung upstream (HTTP host, socket peer, child process) can pin threads, exhaust connection/process pools, and make the MCP server unresponsive. Always pass a bounded timeout. v2 extends v1 with subprocess coverage (R03 from the legacy readiness audit).
Evidence
| 1048 | - `favorite` - Required to be true if 'enterpriseId' parameter is omitted. If true, only returns portfolios favorited by the logged-in user. Cannot be true when 'draft' is true - _Boolean_ |
| 1049 | - `draft` - If true, only returns drafts created by the logged-in user. Cannot be true when 'favorite' is true - _Boolean_ |
| 1050 | - `pageIndex` - Optional index of the page to fetch (default: 1) - _Integer_ |
| 1051 | - `pageSize` - Optional size of the page to fetch (default: 50) - _Integer_ |
| 1052 | |
| 1053 | ### Projects |
Remediation
Pass timeout= on every call: - HTTP: `requests.get(url, timeout=5)`, `httpx.get(url, timeout=5.0)` - Node fetch: `AbortSignal.timeout(5000)` - Subprocess: `subprocess.run(["cmd"], timeout=30, check=True)` Pick a value short enough to fail fast and retry.
GitHub Actions `uses:` reference is not pinned to a 40-character commit SHA. Tags (`@v4`) and branches (`@main`) are mutable — a compromised maintainer or a tag rewrite can substitute malicious code into your CI pipeline silently. Pin to a SHA: `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab`. For readability, include the version as a trailing comment: `# v4.1.1`. Tools like `pinact` / `ratchet` automate this. Allowed unpinned forms (excluded by the rule): - Local actions `.
Evidence
| 21 | secrets: | |
| 22 | development/kv/data/jira user | JIRA_USER; |
| 23 | development/kv/data/jira token | JIRA_TOKEN; |
| 24 | - uses: sonarsource/gh-action-lt-backlog/PullRequestClosed@v2 |
| 25 | with: |
| 26 | github-token: ${{secrets.GITHUB_TOKEN}} |
| 27 | jira-user: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_USER }} |
Remediation
Pin every `uses:` to a 40-character commit SHA. Trailing comment with the version helps reviewers: `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v4.1.1` Automate the migration with `pinact` (https://github.com/suzuki-shunsuke/pinact) or `ratchet` (https://github.com/sethvargo/ratchet). Add a `pinact run --check` pre-commit hook so future PRs stay pinned. Re-pin when the action releases a new version — Dependabot can do this automatically with `version-update-strategy: inc
GitHub Actions `uses:` reference is not pinned to a 40-character commit SHA. Tags (`@v4`) and branches (`@main`) are mutable — a compromised maintainer or a tag rewrite can substitute malicious code into your CI pipeline silently. Pin to a SHA: `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab`. For readability, include the version as a trailing comment: `# v4.1.1`. Tools like `pinact` / `ratchet` automate this. Allowed unpinned forms (excluded by the rule): - Local actions `.
Evidence
| 21 | development/github/token/{REPO_OWNER_NAME_DASH}-jira token | GITHUB_TOKEN; |
| 22 | development/kv/data/jira user | JIRA_USER; |
| 23 | development/kv/data/jira token | JIRA_TOKEN; |
| 24 | - uses: sonarsource/gh-action-lt-backlog/PullRequestCreated@v2 |
| 25 | with: |
| 26 | github-token: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }} |
| 27 | jira-user: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_USER }} |
Remediation
Pin every `uses:` to a 40-character commit SHA. Trailing comment with the version helps reviewers: `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v4.1.1` Automate the migration with `pinact` (https://github.com/suzuki-shunsuke/pinact) or `ratchet` (https://github.com/sethvargo/ratchet). Add a `pinact run --check` pre-commit hook so future PRs stay pinned. Re-pin when the action releases a new version — Dependabot can do this automatically with `version-update-strategy: inc
GitHub Actions `uses:` reference is not pinned to a 40-character commit SHA. Tags (`@v4`) and branches (`@main`) are mutable — a compromised maintainer or a tag rewrite can substitute malicious code into your CI pipeline silently. Pin to a SHA: `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab`. For readability, include the version as a trailing comment: `# v4.1.1`. Tools like `pinact` / `ratchet` automate this. Allowed unpinned forms (excluded by the rule): - Local actions `.
Evidence
| 23 | development/github/token/{REPO_OWNER_NAME_DASH}-jira token | GITHUB_TOKEN; |
| 24 | development/kv/data/jira user | JIRA_USER; |
| 25 | development/kv/data/jira token | JIRA_TOKEN; |
| 26 | - uses: sonarsource/gh-action-lt-backlog/SubmitReview@v2 |
| 27 | with: |
| 28 | github-token: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }} |
| 29 | jira-user: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_USER }} |
Remediation
Pin every `uses:` to a 40-character commit SHA. Trailing comment with the version helps reviewers: `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v4.1.1` Automate the migration with `pinact` (https://github.com/suzuki-shunsuke/pinact) or `ratchet` (https://github.com/sethvargo/ratchet). Add a `pinact run --check` pre-commit hook so future PRs stay pinned. Re-pin when the action releases a new version — Dependabot can do this automatically with `version-update-strategy: inc
GitHub Actions `uses:` reference is not pinned to a 40-character commit SHA. Tags (`@v4`) and branches (`@main`) are mutable — a compromised maintainer or a tag rewrite can substitute malicious code into your CI pipeline silently. Pin to a SHA: `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab`. For readability, include the version as a trailing comment: `# v4.1.1`. Tools like `pinact` / `ratchet` automate this. Allowed unpinned forms (excluded by the rule): - Local actions `.
Evidence
| 21 | development/github/token/{REPO_OWNER_NAME_DASH}-jira token | GITHUB_TOKEN; |
| 22 | development/kv/data/jira user | JIRA_USER; |
| 23 | development/kv/data/jira token | JIRA_TOKEN; |
| 24 | - uses: sonarsource/gh-action-lt-backlog/RequestReview@v2 |
| 25 | with: |
| 26 | github-token: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }} |
| 27 | jira-user: ${{ fromJSON(steps.secrets.outputs.vault).JIRA_USER }} |
Remediation
Pin every `uses:` to a 40-character commit SHA. Trailing comment with the version helps reviewers: `uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v4.1.1` Automate the migration with `pinact` (https://github.com/suzuki-shunsuke/pinact) or `ratchet` (https://github.com/sethvargo/ratchet). Add a `pinact run --check` pre-commit hook so future PRs stay pinned. Re-pin when the action releases a new version — Dependabot can do this automatically with `version-update-strategy: inc