MCPSafe.io

Security pre-install checks for MCP servers.

Mostly safe — a couple of notes worth reading.

github · apify-mcp-serverHEAD

Scanned 5/3/2026, 6:19:55 PM·Cached result·Fast Scan·45 rules·How we decide ↗

AIVSS Score

3.2/ 10

Low

Severity Breakdown

critical

high

medium

low

MCP Server Information

Packageapify-mcp-server

VersionHEAD

SourceGITHUB

LicenseMIT

Publisherapify

Package age1y 4m

Stars1.2K

Downloads/wk—

Dependencies0

Homepagehttps://mcp.apify.com

Repositoryhttps://github.com/apify/apify-mcp-server

Findings

Showing 1–30 of 62 findings

medium (30)

«‹

62 findings

medium (62)

AIVSS 2.8CVSS 3.5

User-controlled value printed to terminal without ANSI escape sanitization. Malicious input can inject cursor-control sequences, rewrite earlier output, or hide shell commands from the operator.

Evidence

"def tool_calling_evaluator(input: Dict[str, Any], output: Dict[str, Any], expected: Dict[str, Any]) -> dict:\n",
        "    \"\"\"Evaluator using Phoenix classifier - more robust than direct LLM calls.\"\"\"\n",
        "    \n",
        "    print(f\"Evaluating tool calling. Input: {input}, Output: {output}, Expected: {expected}\")\n",
        "    \n",
        "    eval_input = {\n",
        "        \"query\": input.get(\"query\", \"\"),\n",

Remediation

Strip C0/C1 control codes before printing user-controlled values. Python: re.sub(r"[\x00-\x08\x0b-\x1f\x7f]", "", s). Prefer a structured logger (json/logfmt) over raw print to stdout.

1272	"def tool_calling_evaluator(input: Dict[str, Any], output: Dict[str, Any], expected: Dict[str, Any]) -> dict:\n",
1273	" \"\"\"Evaluator using Phoenix classifier - more robust than direct LLM calls.\"\"\"\n",
1274	" \n",
1275	" print(f\"Evaluating tool calling. Input: {input}, Output: {output}, Expected: {expected}\")\n",
1276	" \n",
1277	" eval_input = {\n",
1278	" \"query\": input.get(\"query\", \"\"),\n",

98	};
99
100	bridge.onmessage = async (params) => {
101	console.log("[mock-host] message", params);
102	return {};
103	};

932	" tools=transfrom_tools_to_openai_format(TOOLS),\n",
933	" )\n",
934	" tool_calls = []\n",
935	" print(example.input.get('question'), response.choices[0].message)\n",
936	" if response.choices[0].message.tool_calls:\n",
937	" tool_calls.append(response.choices[0].message.tool_calls[0].function.name)\n",
938	" return tool_calls\n",

948	" )\n",
949	"\n",
950	" tool_calls = []\n",
951	" print(example.input.get('question'), response.content)\n",
952	" for content in response.content:\n",
953	" if content.type == 'tool_use':\n",
954	" tool_calls.append(content.name)\n",

93	};
94
95	bridge.onupdatemodelcontext = async (params) => {
96	console.log("[mock-host] updateModelContext", params);
97	return {};
98	};

36	const example = EXAMPLES[i];
37
38	console.log(`\n=== Example ${i + 1}/${EXAMPLES.length}: ${example.id} ===`);
39	console.log('Query:', example.query);
40	console.log('Expected tools:', example.expectedTools);
41
42	// 2. Call LLM with tools

101	async fetch(input: Request \| URL \| string, init?: RequestInit) {
102	const headers = new Headers(init?.headers \|\| {});
103	headers.set('authorization', `Bearer ${token}`);
104	return fetch(input, { ...init, headers });
105	},
106	// We have to cast to "any" to use it, since it's non-standard
107	} as any, // eslint-disable-line @typescript-eslint/no-explicit-any

107	if (!markdown) {
108	const mdUrl = buildMarkdownUrl(urlWithoutFragment);
109	try {
110	const response = await fetch(mdUrl);
111	if (!response.ok) {
112	const error = Object.assign(new Error(`HTTP ${response.status} ${response.statusText}`), {
113	statusCode: response.status,

522	if (args.url.startsWith('https://blocked.com')) {
523	throw new UserError('This URL is not allowed');
524	}
525	return await fetch(args.url);
526	}
527
528	// Framework catches and formats appropriately

98	// The EventSource package augments EventSourceInit with a "fetch" parameter.
99	// You can use this to set additional headers on the outgoing request.
100	// Based on this example: https://github.com/modelcontextprotocol/typescript-sdk/issues/118
101	async fetch(input: Request \| URL \| string, init?: RequestInit) {
102	const headers = new Headers(init?.headers \|\| {});
103	headers.set('authorization', `Bearer ${token}`);
104

239	}),
240	execute: async (args) => {
241	// args is already validated and typed!
242	return fetch(args.url);
243	},
244	});

68	"type": "string",
69	"description": "The glob pattern to match files against"
70	},
71	"path": {
72	"type": "string",
73	"description": "The directory to search in. If not specified, the current working directory will be used. IMPORTANT: Omit this field to use the default directory. DO NOT enter \"undefined\" or \"null\" - simply omit it for the default behavior. Must be a valid directory path if pro

90	"type": "string",
91	"description": "The regular expression pattern to search for in file contents"
92	},
93	"path": {
94	"type": "string",
95	"description": "File or directory to search in (rg PATH). Defaults to current working directory."
96	},
97	"glob": {
98	"type": "string",
99	"description": "Glob pattern to filter file

258	// SDK pattern
259	server.registerTool('fetch', {
260	inputSchema: z.object({
261	url: z.string(),
262	}),
263	}, async (args) => {
264	// args typed from Zod schema

153	"input_schema": {
154	"type": "object",
155	"properties": {
156	"path": {
157	"type": "string",
158	"description": "The absolute path to the directory to list (must be absolute, not relative)"
159	},
160	"ignore": {
161	"type": "array",
162	"items": {

49	.optional()
50	.default('apify')
51	.describe(buildDocSourceDescription()),
52	query: z.string()
53	.min(1)
54	.describe(
55	`Algolia full-text search query to find relevant documentation pages.

234	// FastMCP pattern - Zod directly
235	server.addTool({
236	parameters: z.object({
237	url: z.string().url(),
238	maxResults: z.number().min(1).max(100),
239	}),
240	execute: async (args) => {

12	import { fetchApifyDocsToolOutputSchema } from '../structured_output_schemas.js';
13
14	const fetchApifyDocsToolArgsSchema = z.object({
15	url: z.string()
16	.min(1)
17	.describe(`URL of the Apify documentation page to fetch. This should be the full URL, including the protocol (e.g., https://docs.apify.com/).`),
18	});

21	```json
22	{
23	"properties": {
24	"query": { "type": "string", "prefill": "web browser for RAG pipelines" },
25	"maxResults": { "type": "integer", "default": 3 },
26	"outputFormats": { "type": "array", "default": ["markdown"] }
27	},

644	const searchTool = defineTool({
645	name: 'search-actors',
646	schema: z.object({
647	query: z.string(),
648	limit: z.number().default(10),
649	}),
650	execute: async (args, context) => {

75	```json
76	{
77	"properties": {
78	"query": { "type": "string", "default": undefined, "prefill": "…" },
79	"maxResults": { "type": "integer", "default": 3 }
80	},
81	"required": ["query"]

1	# Stage 1: Build the project
2	FROM node:24-alpine AS builder
3
4	# Set working directory
5	WORKDIR /app
6
7	# Copy package files and install dependencies
8	COPY package.json package-lock.json ./
9	RUN npm install
10
11	# Copy source files
12	COPY src ./src
13	COPY tsconfig.json ./
14
15	# Build the project
16	RUN npm run build
17
18	# Stage 2: Set up the runtime environment
19	FROM node:24-alpine
20
21	# Set working directory
22	WORKDIR /app
23
24	# Copy only the necessary files from the build stage
25	COPY --from=builder /app/dist ./dist
26	COPY packag

79	run: jq '.version = "${{ needs.release_metadata.outputs.version_number }}"' server.json > server.json.tmp && mv server.json.tmp server.json
80
81	- name: Update CHANGELOG.md
82	uses: DamianReeves/write-file-action@master
83	with:
84	path: CHANGELOG.md
85	write-mode: overwrite

19	runs-on: ubuntu-latest
20
21	steps:
22	- uses: actions/checkout@v6
23	- name: Use Node.js
24	uses: actions/setup-node@v6
25	with:

github · apify-mcp-serverHEAD

medium (30)

medium (62)

LLM summary— apify-mcp-server:HEAD

Signal scores

LLM judge panel

CVE check

Community trust

Scan details

MCP Server Information

Run this exact engine on your private repo — before users see it on /scan.

medium (30)

medium (62)

Severity breakdown

60	steps:
61	- name: Checkout repository
62	uses: actions/checkout@v6
63	with:
64	token: ${{ secrets.APIFY_SERVICE_ACCOUNT_GITHUB_TOKEN }}

174	needs: [ release_metadata ]
175	runs-on: ubuntu-latest
176	steps:
177	- uses: actions/checkout@v6
178	with:
179	ref: ${{ needs.release_metadata.outputs.changelog_commitish }}
180	- name: Install mcp-publisher

16	steps:
17	- name: Checkout code
18	uses: actions/checkout@v6
19
20	- name: Use Node.js
21	uses: actions/setup-node@v6

29	with:
30	ref: ${{ inputs.ref }}
31	- name: Use Node.js
32	uses: actions/setup-node@v6
33	with:
34	node-version-file: .nvmrc
35	registry-url: 'https://registry.npmjs.org'

25	node-version: 22
26
27	- name: Install published package
28	uses: nick-fields/retry@v4
29	env:
30	PKG_VERSION: ${{ inputs.version \|\| inputs.npm_tag }}
31	with:

25	name: Publish to NPM
26	runs-on: ubuntu-latest
27	steps:
28	- uses: actions/checkout@v6
29	with:
30	ref: ${{ inputs.ref }}
31	- name: Use Node.js

79	- name: Clean MCPB package
80	run: npx -y @anthropic-ai/mcpb@2.1.2 clean apify-mcp-server.mcpb
81	- name: Upload MCPB artifacts
82	uses: actions/upload-artifact@v4
83	with:
84	name: mcpb-packages
85	path: apify-mcp-server.mcpb

134	GH_TOKEN: ${{ secrets.APIFY_SERVICE_ACCOUNT_GITHUB_TOKEN }}
135	steps:
136	- name: Checkout internal repo
137	uses: actions/checkout@v6
138	with:
139	repository: apify/apify-mcp-server-internal
140	token: ${{ secrets.APIFY_SERVICE_ACCOUNT_GITHUB_TOKEN }}

96	with:
97	name: mcpb-packages
98	- name: Create release
99	uses: softprops/action-gh-release@v2
100	with:
101	tag_name: ${{ needs.release_metadata.outputs.tag_name }}
102	name: ${{ needs.release_metadata.outputs.version_number }}

42	changelog: ${{ steps.release_metadata.outputs.changelog }}
43	release_notes: ${{ steps.release_metadata.outputs.release_notes }}
44	steps:
45	- uses: apify/workflows/git-cliff-release@main
46	name: Prepare release metadata
47	id: release_metadata
48	with: