← Back to search

mcp-handler

vercel 604 stars Scanned 48d ago

Vercel MCP Adapter for Next.js and other frameworks

B
85.4 / 100

Versions

1.1.0 latest
Mar 24, 2026
1.0.7
Jan 9, 2026
1.0.6
Jan 5, 2026
1.0.5
Jan 3, 2026
1.0.4
Nov 20, 2025
1.0.3
Oct 10, 2025
1.0.2
Aug 25, 2025
1.0.1
Jul 19, 2025
1.0.0
Jul 11, 2025
0.11.2
Jul 7, 2025
0.11.1
Jun 12, 2025
0.11.0
Jun 12, 2025
0.10.0
Jun 9, 2025
0.9.1
Jun 6, 2025
0.9.0
Jun 6, 2025
0.8.2
Jun 4, 2025
0.8.1
Jun 4, 2025
0.8.0
Jun 4, 2025
0.7.3
May 29, 2025
0.7.2
May 29, 2025
0.7.1
May 29, 2025
0.7.0
May 28, 2025
0.6.2
May 23, 2025
0.6.1
May 23, 2025
0.6.0
May 21, 2025
0.5.1
May 20, 2025
0.5.0
May 19, 2025
0.4.1
May 15, 2025
0.4.0
May 15, 2025
PermissionsTool SafetyAuthAnnotationsCode QualityStabilitySpecVuln HistoryAuthorTransparencyCommunity

Tools 2

echo
missing low

Echo a message

message string
roll_dice
missing low

Rolls an N-sided die

sides number

Permissions 2

shell high
Server uses shell capabilities via: child_process, execSync()
env_vars low
Server uses env_vars capabilities via: process.env

Scan Findings 34

info
package.json metadata manifest_parser · 100%
info
Tool: echo manifest_parser · 85%
info
Tool: roll_dice manifest_parser · 70%
info
Transport: streamable-http manifest_parser · 80%
info
Required env vars (2) manifest_parser · 80%
low
Tool 'echo' has no annotations annotation_checker · 100%
low
Tool 'roll_dice' has no annotations annotation_checker · 100%
high
Permission: shell access detected permission_analyzer · 95%
low
Permission: env_vars access detected permission_analyzer · 90%
medium
Vulnerable dependency: tsup@8.0.0 (GHSA-3mv9-4h5g-vhg3) dependency_analyzer · 95%
info
SLSA Build Level 3 detected slsa_assessor · 85%
info
Could not connect to MCP server for output poisoning scan output_poisoning · 100%
info
Could not connect to MCP server for behavioral verification behavioral_verifier · 100%
info
SBOM generated: 9 components sbom_generator · 100%
info
MITRE ATLAS technique coverage summary atlas_annotator · 100%
info
ATLAS: Adversarial ML Supply Chain (AML.T0043) atlas_annotator · 100%
info
ATLAS: Poison Training Data (AML.T0020) atlas_annotator · 100%
info
package.json metadata manifest_parser · 100%
info
Tool: echo manifest_parser · 70%
info
Tool: roll_dice manifest_parser · 70%
info
Transport: streamable-http manifest_parser · 80%
info
Required env vars (2) manifest_parser · 80%
low
Tool 'echo' has no annotations annotation_checker · 100%
low
Tool 'roll_dice' has no annotations annotation_checker · 100%
high
Permission: shell access detected permission_analyzer · 95%
low
Permission: env_vars access detected permission_analyzer · 90%
medium
Vulnerable dependency: tsup@8.0.0 (GHSA-3mv9-4h5g-vhg3) dependency_analyzer · 95%
info
SLSA Build Level 3 detected slsa_assessor · 85%
info
Could not connect to MCP server for output poisoning scan output_poisoning · 100%
info
Could not connect to MCP server for behavioral verification behavioral_verifier · 100%
info
SBOM generated: 9 components sbom_generator · 100%
info
MITRE ATLAS technique coverage summary atlas_annotator · 100%
info
ATLAS: Adversarial ML Supply Chain (AML.T0043) atlas_annotator · 100%
info
ATLAS: Poison Training Data (AML.T0020) atlas_annotator · 100%