MCPSafe.io

Security pre-install checks for MCP servers.

Use with caution. Address findings before production.

github · openopsHEAD

Scanned 5/3/2026, 6:44:47 PM·Cached result·Fast Scan·45 rules·How we decide ↗

AIVSS Score

6.2/ 10

Medium

Severity Breakdown

critical

high

medium

low

MCP Server Information

Packageopenops

VersionHEAD

SourceGITHUB

LicenseNOASSERTION

Publisheropenops-cloud

Package age1y 1m

Stars1.0K

Downloads/wk—

Dependencies0

Homepagehttps://www.openops.com

Repositoryhttps://github.com/openops-cloud/openops

Findings

Showing 1–30 of 68 findings

high (2)

medium (28)

«‹

68 findings

high (2)

AIVSS 6.2CVSS 8.3

Unsafe deserialization primitive detected. pickle.load(s), yaml.load (without SafeLoader), marshal.load(s), and shelve.open execute arbitrary code when the input is attacker-controlled.

Evidence

{ accept: 'application/vnd.github.v3.raw' },
        );

        const parsedWorkflow: WorkflowConfig = yaml.load(
          workflowYaml,
        ) as unknown as WorkflowConfig;
        const inputs = parsedWorkflow.on?.workflow_dispatch?.inputs;

Remediation

Replace pickle with json/msgpack or a schema-validated format (protobuf, cap'n proto). Use yaml.safe_load instead of yaml.load. Never deserialize data from an untrusted source with these APIs.

75	{ accept: 'application/vnd.github.v3.raw' },
76	);
77
78	const parsedWorkflow: WorkflowConfig = yaml.load(
79	workflowYaml,
80	) as unknown as WorkflowConfig;
81	const inputs = parsedWorkflow.on?.workflow_dispatch?.inputs;

8	port: auth.port,
9	secure: auth.tls,
10	auth: { user: auth.username, pass: auth.password },
11	tls: { rejectUnauthorized: false },
12	logger: false,
13	connectionTimeout: 10000,
14	greetingTimeout: 7000,

30	const start = async (app: FastifyInstance): Promise<void> => {
31	try {
32	await app.listen({
33	host: '0.0.0.0',
34	port: 3000,
35	});
36	if (system.isWorker()) {

88	await app.register(engineController);
89
90	await app.listen({
91	host: '0.0.0.0',
92	port: 3005,
93	});

80	* This will override the default behavior of updating the order of the data items.
81	* @type (event: { activeIndex: number; overIndex: number }) => void
82	* @example
83	* onMove={(event) => console.log(`Item moved from index ${event.activeIndex} to index ${event.overIndex}`)}
84	*/
85	onMove?: (event: { activeIndex: number; overIndex: number }) => void;

293	if (!clipboardText) {
294	// eslint-disable-next-line no-console
295	console.log('No data found in the clipboard event');
296	copyPasteToast({
297	success: false,
298	isCopy: false,

114	{"type": "section", "text": {"type": "mrkdwn", "text": body_text}}
115	]
116	}
117	print(json.dumps(payload))
118	PY
119
120	if curl --fail --silent --show-error -X POST -H 'Content-type: application/json' \

7	'Mandatory text to the user. If code is generated, output text with a short code description; otherwise, if clarification is needed, ask the user; otherwise, output text explaining why no code was generated.';
8
9	export const codeLLMSchema = z.object({
10	code: z.string().describe(codeDescription),
11	packageJson: z.string().describe(packageJsonDescription),
12	textAnswer: z.string().describe(textAnswerDescription),
13	type: z.literal('code'),

63	- IMPORTANT: NEVER create or guess documentation URLs - only provide links that are explicitly returned by this tool
64	Use this tool to find accurate, verified information before answering OpenOps-specific questions.`,
65	inputSchema: z.object({
66	query: z.string().describe('The search query'),
67	}),
68	execute: async ({ query }) => {
69	if (!searchTool?.execute) {

21	.describe(
22	'The type of the response. Always return "code" if you are generating code, and "reply" if you are answering the user question or asking for clarifications.',
23	),
24	code: z.string().optional().describe(codeDescription),
25	packageJson: z.string().optional().describe(packageJsonDescription),
26	textAnswer: z.string().describe(textAnswerDescription),
27	});

5	"scripts": {
6	"setup:husky": "husky \|\| true",
7	"setup:env": "[ ! -e .env ] && cp -v .env.template .env \|\| :",
8	"prepare": "npm run setup:env && npm run setup:husky",
9	"serve:frontend": "nx serve react-ui",
10	"build:frontend": "nx build react-ui",
11	"serve:backend": "nx run server-api:serve:development",

1	FROM node:20.19-alpine3.20
2
3	# Set the locale
4	ENV LANG=en_US.UTF-8
5	ENV LANGUAGE=en_US:en
6	ENV LC_ALL=en_US.UTF-8
7	ENV NODE_ENV=production
8
9	# Use a cache mount for apt to speed up the process
10	RUN <<-```
11	set -ex
12	apk add --no-cache openssh-client python3 g++ git musl libcap-dev nginx gettext wget py3-setuptools make bash findutils
13	yarn config set python /usr/bin/python3
14	```
15
16	WORKDIR /root/.mcp/openops-mcp
17	RUN <<-```
18	set -ex
19	git clone https://github.com/openops-cloud/openops-mcp .
20

1	ARG VARIANT=1.1.12-20-bullseye
2	FROM mcr.microsoft.com/vscode/devcontainers/javascript-node:${VARIANT}
3
4	RUN <<-```
5	npm install -g nx cross-env@7.0.3
6	apt-get update && apt-get install -y --no-install-recommends \
7	git \
8	locales \
9	locales-all \
10	libcap-dev \
11	wget \
12	unzip
13	rm -rf /var/lib/apt/lists/*
14	```
15
16	# Set the locale
17	ENV LANG en_US.UTF-8
18	ENV LANGUAGE en_US:en
19	ENV LC_ALL en_US.UTF-8
20	ENV AZURE_CONFIG_DIR="/tmp/azure"
21	ENV AZURE_EXTENSION_DIR="/opt/azure

1	FROM public.ecr.aws/lambda/nodejs:20
2
3	# Architecture will be set automatically by Docker buildx
4	ARG TARGETARCH
5
6	ENV NODE_VERSION=20.18.0
7	ENV NODE_ENV=production
8
9	RUN <<-```
10	set -ex
11	dnf install tar gzip shadow-utils util-linux findutils python3 make gcc gcc-c++ zlib-devel brotli-devel openssl-devel -y
12	dnf -y clean all && rm -rf /var/cache
13
14	# Install YQ with architecture-specific binary
15	if [ "$TARGETARCH" = "arm64" ]; then
16	curl -L https://github.com/mikefarah/yq/release

24	OPS_ENCRYPTION_KEY=abcdef123456789abcdef123456789ab
25	OPS_JWT_SECRET=please-change-this-secret
26	OPS_OPENOPS_ADMIN_EMAIL=admin@openops.com
27	OPS_OPENOPS_ADMIN_PASSWORD=please-change-this-password-1
28
29
30	# ---------------------------------------------------------

14	OPS_CACHE_PATH=./dev/cache
15	OPS_EDITION=cloud
16	OPS_BLOCKS_SOURCE=DB
17	OPS_JWT_SECRET=secret
18	OPS_BILLING_SETTINGS={\"nickname\":\"test-flow-plan\",\"tasks\":1000,\"activeFlows\":20,\"minimumPollingInterval\":5,\"connections\":50,\"teamMembers\":1,\"type\":\"FLOWS\"}
19	OPS_STRIPE_SECRET_KEY=invalid-key
20	OPS_FIREBASE_HASH_PARAMETERS={\"memCost\":14,\"rounds\":8,\"signerKey\":\"YE0dO4bwD4JnJafh6lZZfkp1MtKzuKAXQcDCJNJNyeCHairWHKENOkbh3dzwaCdizzOspwr/FITUVlnOAwPKyw==\",\"saltSeparator\":\"Bw==\"}

75	OPS_OPENOPS_TABLES_DATABASE_NAME=tables
76	OPS_OPENOPS_TABLES_API_URL=http://openops-tables
77	OPS_OPENOPS_TABLES_PUBLIC_URL=${OPS_PUBLIC_URL}
78	OPS_TABLES_TOKEN_LIFETIME_MINUTES=60
79	OPS_JWT_TOKEN_LIFETIME_HOURS=168
80	OPS_MAX_CONCURRENT_TABLES_REQUESTS=100

23	OPS_CONTAINER_TYPE=WORKER_AND_APP
24	OPS_ENGINE_URL=http://localhost:3005/execute
25	OPS_OPENOPS_ADMIN_EMAIL=local-admin@openops.com
26	OPS_OPENOPS_ADMIN_PASSWORD=12345678
27	OPS_OPENOPS_TABLES_PUBLIC_URL=http://localhost:3001
28	OPS_ANALYTICS_ENABLED=true

86	OPS_ANALYTICS_ENABLED=true
87	OPS_ANALYTICS_PUBLIC_URL=${OPS_PUBLIC_URL}
88	OPS_ANALYTICS_PRIVATE_URL=http://openops-analytics:8088
89	OPS_ANALYTICS_ADMIN_PASSWORD=please-change-this-password-1
90	ANALYTICS_POWERUSER_PASSWORD=please-change-this-password-1
91	ANALYTICS_ALLOW_ADHOC_SUBQUERY=true

96	# ---------------------------------------------------------
97
98	# Slack
99	OPS_SLACK_APP_SIGNING_SECRET=
100
101	# Cloud Provider CLIs
102	OPS_ENABLE_HOST_SESSION=
103
104	# AWS

30	# ---------------------------------------------------------
31	# Telemetry
32	# ---------------------------------------------------------
33
34	OPS_LOGZIO_TOKEN=
35	OPS_LOGZIO_METRICS_TOKEN=
36	OPS_LOG_LEVEL=info
37	OPS_LOG_PRETTY=false
38	OPS_TELEMETRY_MODE=COLLECTOR

63	OPS_DB_TYPE=POSTGRES
64	OPS_POSTGRES_DATABASE=openops
65	OPS_POSTGRES_HOST=postgres
66	OPS_POSTGRES_PASSWORD=please-change-this-password-1
67	OPS_POSTGRES_PORT=5432
68	OPS_POSTGRES_USERNAME=postgres
69	OPS_OPENOPS_TABLES_DB_HOST=postgres

77	steps:
78	- name: Checkout for Dependabot PR
79	if: ${{ startsWith(github.head_ref \|\| '', 'dependabot/') }}
80	uses: actions/checkout@v6.0.2
81	with:
82	ref: ${{ github.head_ref }}
83	- name: Checkout for others

138	key: node-modules-cache-${{ hashFiles('package-lock.json', '.npmrc') }}
139	fail-on-cache-miss: true
140	- name: Restore NX cache
141	uses: actions/cache@v5.0.4
142	with:
143	path: .nx/cache
144	key: nx-test-${{ matrix.test-suits.key \|\| matrix.test-suits.name }}-${{ github.sha }}

github · openopsHEAD

high (2)

medium (28)

high (2)

medium (66)

LLM summary— openops:HEAD

Signal scores

LLM judge panel

Community trust

Scan details

MCP Server Information

Run this exact engine on your private repo — before users see it on /scan.

high (2)

medium (28)

high (2)

medium (66)

Severity breakdown

31	needs: install
32	runs-on: ubuntu-latest
33	steps:
34	- uses: actions/checkout@v6.0.2
35	- name: Restore node_modules cache
36	id: node-modules-cache
37	uses: actions/cache/restore@v5.0.4

133	steps:
134	- name: Get GitHub App token
135	id: app_token
136	uses: actions/create-github-app-token@v3.0.0
137	with:
138	app-id: ${{ vars.DEVOPS_GITHUB_APP_ID }}
139	private-key: ${{ secrets.DEVOPS_GITHUB_APP_PEM }}

203	needs: build
204	runs-on: ${{ matrix.platform == 'amd64' && 'ubuntu-latest' \|\| 'ubuntu-arm64' }}
205	steps:
206	- uses: actions/checkout@v6.0.2
207	- name: Restore build cache
208	uses: actions/cache/restore@v5.0.4
209	with:

18	NODE_OPTIONS: --max-old-space-size=4096
19	steps:
20	- name: Checkout code
21	uses: actions/checkout@v6.0.2
22	with:
23	fetch-depth: 0

278	aws-region: ${{ vars.ECR_REGION }}
279	- name: Login to Amazon ECR
280	id: login-ecr
281	uses: aws-actions/amazon-ecr-login@v2.1.0
282	- name: Format image tag components
283	env:
284	BRANCH: ${{ github.head_ref \|\| github.ref_name }}

271	needs: build-images
272	steps:
273	- name: Configure AWS credentials
274	uses: aws-actions/configure-aws-credentials@v6.0.0
275	with:
276	aws-access-key-id: ${{ secrets.ECR_ACCESS_KEY_ID }}
277	aws-secret-access-key: ${{ secrets.ECR_SECRET_ACCESS_KEY }}

109	echo "The release was created as a draft." >> $GITHUB_STEP_SUMMARY
110	echo "Please [review and publish it](${RELEASE_URL/\/tags\//\/edit\/})." >> $GITHUB_STEP_SUMMARY
111	- name: Configure AWS credentials
112	uses: aws-actions/configure-aws-credentials@v6.0.0
113	with:
114	aws-access-key-id: ${{ secrets.RELEASE_S3_ACCESS_KEY_ID }}
115	aws-secret-access-key: ${{ secrets.RELEASE_S3_SECRET_ACCESS_KEY }}

17	- uses: actions/checkout@v6.0.2
18	- name: Lookup node_modules cache
19	id: node-modules-cache
20	uses: actions/cache@v5.0.4
21	with:
22	path: node_modules
23	key: node-modules-cache-${{ hashFiles('package-lock.json', '.npmrc') }}

154	steps:
155	- name: Get token from Github App
156	id: app_token
157	uses: actions/create-github-app-token@v3.0.0
158	with:
159	app-id: ${{ vars.DEVOPS_GITHUB_APP_ID }}
160	private-key: ${{ secrets.DEVOPS_GITHUB_APP_PEM }}

55	id: login-private-ecr
56	uses: aws-actions/amazon-ecr-login@v2.1.0
57	- name: Login to public ECR
58	uses: aws-actions/amazon-ecr-login@v2.1.0
59	env:
60	AWS_REGION: ${{ vars.ECR_PUBLIC_REGION }}
61	with: