← Back to search

modelcontextprotocol/python-sdk

modelcontextprotocol MIT 23,072 stars Scanned 48d ago

D
40 / 100

Versions

1.27.1 latest
May 8, 2026
1.27.0
Apr 2, 2026
1.26.0
Jan 24, 2026
1.25.0
Dec 18, 2025
1.24.0
Dec 12, 2025
1.23.3
Dec 9, 2025
1.23.2
Dec 4, 2025
1.23.1
Dec 2, 2025
1.23.0
Dec 2, 2025
1.22.0
Nov 20, 2025
1.21.2
Nov 17, 2025
1.21.1
Nov 13, 2025
1.21.0
Nov 6, 2025
1.20.0
Oct 30, 2025
1.19.0
Oct 24, 2025
1.18.0
Oct 16, 2025
1.17.0
Oct 9, 2025
1.16.0
Oct 2, 2025
1.15.0
Sep 25, 2025
1.14.1
Sep 18, 2025
1.14.0
Sep 11, 2025
1.13.1
Aug 21, 2025
1.13.0
Aug 14, 2025
1.12.4
Aug 7, 2025
1.12.3
Jul 31, 2025
1.12.2
Jul 24, 2025
1.12.1
Jul 22, 2025
1.12.0
Jul 17, 2025
1.11.0
Jul 10, 2025
1.10.1
Jun 27, 2025
1.10.0
Jun 26, 2025
1.9.4
Jun 12, 2025
1.9.3
Jun 5, 2025
1.9.2
May 29, 2025
1.9.1
May 22, 2025
1.9.0
May 15, 2025
1.8.1
May 12, 2025
1.8.0
May 8, 2025
1.7.1
May 2, 2025
1.7.0
May 1, 2025
1.6.0
Mar 27, 2025
1.5.0
Mar 21, 2025
1.4.1
Mar 14, 2025
1.4.0
Mar 13, 2025
1.3.0
Feb 20, 2025
1.3.0rc1
Feb 13, 2025
1.2.1
Jan 27, 2025
1.2.0
Jan 3, 2025
1.1.3
Jan 3, 2025
1.2.0rc1
Dec 23, 2024
1.1.2
Dec 12, 2024
1.1.1
Dec 9, 2024
1.1.0
Dec 3, 2024
1.0.0
Nov 25, 2024
0.9.1
Nov 20, 2024
PermissionsTool SafetyAuthAnnotationsCode QualityStabilitySpecVuln HistoryAuthorTransparencyCommunity

Tools 106

defaults_tool
missing low

ctx Context
select_favorite_color
missing low

ctx Context
select_favorite_colors
missing low

ctx Context
select_color_legacy
missing low

ctx Context
tool
missing low

ctx Context
request_api_key
missing low

ctx Context
oauth_flow
missing low

ctx Context
payment_flow
missing low

ctx Context
setup_credentials
missing low

ctx Context
check_url_response
missing low

ctx Context
ask_name
missing low

ctx Context
trigger_elicitation
missing low

ctx Context
test_decline
missing low

ctx Context
test_cancel
missing low

ctx Context
use_deprecated_elicit
missing low

ctx Context
direct_elicit_url
missing low

ctx Context
delete_file
missing low

path str
query_db
missing low

Tool that uses initialized resources

ctx string
dummy_tool_func
missing low

sleep_tool
missing low

trigger
missing low

test_tool
missing low

A test tool with an icon.

message str
multi_icon_tool
missing low

A tool with multiple icons.

test_sampling_tool
missing low

ctx Context message str
test_list_roots
missing low

context Context message str
test_tool_with_log
missing low

Send a log notification to the client.

ctx Context level string logger str message str
test_tool_with_log_dict
missing low

Send a log notification with a dict payload.

ctx Context level string logger str
check_context
missing low

Return the contextvar value visible to the handler.

get_weather
missing low

Get weather for a city - returns structured data.

city str
get_location
missing low

Get location coordinates

address str
get_statistics
missing low

Get various statistics

data_type str
get_user
missing low

Get user profile - returns structured data

user_id str
get_config
missing low

This returns unstructured output - no schema generated

list_cities
missing low

Get a list of cities

get_temperature
missing low

Get temperature as a simple float

city str
api_status
missing low

Get API status

send_message
missing low

Send a chat message

message str
hello
missing low

A simple hello tool

domain_info
missing low

Get domain-specific information

add_two
missing low

Tool to add two to the input

n int
add
missing low

Add two numbers

a int b int
create_thumbnail
missing low

Create a thumbnail from an image

image_path str
generate_poem
missing low

Generate a poem using LLM sampling.

ctx Context topic str
check_lifespan
missing low

Tool that checks lifespan context.

ctx Context
connect_service
missing low

ctx Context service_name str
multi_auth
missing low

ctx Context
failing_tool
missing low

ctx Context
greet
missing low

A greeting tool

name str title str
basic_tool
missing low

message str
tool_with_title
missing low

message str
tool_with_annotations
missing low

message str
tool_with_both
missing low

message str
hello_world
missing low

name str
sum
missing low

x int y int
tool_with_resource
missing low

ctx Context
echo
missing low

Echo a message back.

message str
upload_file
missing low

Upload a file.

filename str
analyze_text
missing low

Analyze text content.

text str
tool1
missing low

First tool.

x int
tool2
missing low

Second tool.

y str
tool3
missing low

Third tool without metadata.

z bool
combined_tool
missing low

Tool with both metadata and annotations.

data str
ask_user
missing low

ctx Context prompt str
optional_tool
missing low

ctx Context
invalid_optional_tool
missing low

ctx Context
valid_multiselect_tool
missing low

ctx Context
optional_multiselect_tool
missing low

ctx Context
book_table
missing low

Book a table with date availability check. This demonstrates form mode elicitation for collecting non-sensitive user input.

ctx Context date str time str party_size int
secure_payment
missing low

Process a secure payment requiring URL confirmation. This demonstrates URL mode elicitation using ctx.elicit_url() for operations that require out-of-band user interaction.

ctx Context amount float
process_data
missing low

Process data with logging.

ctx Context data str
long_running_task
missing low

Execute a task with progress updates.

ctx Context steps int task_name str
advanced_tool
missing low

Return CallToolResult directly for full control including _meta field.

validated_tool
missing low

Return CallToolResult with structured output validation.

empty_result_tool
missing low

For empty results, return CallToolResult with empty content.

test_simple_text
missing low

Tests simple text content response

test_image_content
missing low

Tests image content response

test_audio_content
missing low

Tests audio content response

test_embedded_resource
missing low

Tests embedded resource content response

test_multiple_content_types
missing low

Tests response with multiple content types (text, image, resource)

test_tool_with_logging
missing low

Tests tool that emits log messages during execution

ctx Context
test_tool_with_progress
missing low

Tests tool that reports progress notifications

ctx Context
test_sampling
missing low

Tests server-initiated sampling (LLM completion request)

ctx Context prompt str
test_elicitation
missing low

Tests server-initiated elicitation (user input request)

ctx Context message str
test_elicitation_sep1034_defaults
missing low

Tests elicitation with default values for all primitive types (SEP-1034)

ctx Context
test_elicitation_sep1330_enums
missing low

Tests elicitation with enum schema variations per SEP-1330

ctx Context
test_error_handling
missing low

Tests error response handling

test_reconnection
missing low

Tests SSE polling by closing stream mid-call (SEP-1699)

ctx Context
get_time
missing low

Get the current server time. This tool demonstrates that system information can be protected by OAuth authentication. User must be authenticated to access it.

get_weather_summary
missing low

Get a brief weather summary for a city

city str
get_weather_metrics
missing low

Get weather metrics for multiple cities Returns a dictionary mapping city names to their metrics

cities string
get_weather_alerts
missing low

Get active weather alerts for a region

region str
get_weather_stats
missing low

Get weather statistics for the past N days

city str days int
hello_unicode
missing low

A simple tool that demonstrates Unicode handling in: - Tool description (emojis, accents, CJK characters) - Parameter defaults (CJK characters) - Return values (Spanish punctuation, emojis)

name str greeting str
list_emoji_categories
missing low

Returns a list of emoji categories with emoji examples.

multilingual_hello
missing low

Returns hello in different scripts and writing systems.

remember
missing low

contents string
read_profile
missing low

text_me
missing low

Send a text message to a phone number via https://surgemsg.com/

text_content str
take_screenshot
missing low

Take a screenshot of the user's screen and return it as an image. Use this tool anytime the user wants you to look at something they're doing.

greet_user
missing low

Greet a user with optional title and repetition

name str times int title str
echo_tool
missing low

Echo the input text

text str
demo_tool
missing low

A demo tool with an icon.

message str
name_shrimp
missing low

List all shrimp names in the tank

tank ShrimpTank extra_names string
my_tool
missing low

tool_with_context
missing low

async_tool
missing low

Permissions 5

network medium
Server uses network capabilities via: http, httpx, requests, socket, urllib, websocket
filesystem low
Server uses filesystem capabilities via: open(), os, pathlib, shutil, tempfile
shell high
Server uses shell capabilities via: subprocess
database medium
Server uses database capabilities via: asyncpg
env_vars low
Server uses env_vars capabilities via: os.environ, os.getenv()

Scan Findings 532

info
Tool: select_favorite_color manifest_parser · 90%
info
Tool: direct_elicit_url manifest_parser · 90%
info
Tool: delete_file manifest_parser · 90%
low
Tool 'get_location' has no annotations annotation_checker · 100%
info
Tool: select_favorite_colors manifest_parser · 90%
info
Tool: select_color_legacy manifest_parser · 90%
info
Tool: tool manifest_parser · 90%
info
Tool: test_sampling_tool manifest_parser · 90%
info
Tool: query_db manifest_parser · 90%
info
Tool: request_api_key manifest_parser · 90%
info
Tool: oauth_flow manifest_parser · 90%
info
Tool: dummy_tool_func manifest_parser · 90%
info
Tool: payment_flow manifest_parser · 90%
info
Tool: test_list_roots manifest_parser · 90%
info
Tool: setup_credentials manifest_parser · 90%
info
Tool: check_url_response manifest_parser · 90%
info
Tool: sleep_tool manifest_parser · 90%
info
Tool: ask_name manifest_parser · 90%
info
Tool: trigger_elicitation manifest_parser · 90%
info
Tool: test_decline manifest_parser · 90%
info
Tool: test_cancel manifest_parser · 90%
info
Tool: use_deprecated_elicit manifest_parser · 90%
info
Tool: test_audio_content manifest_parser · 90%
info
Tool: test_embedded_resource manifest_parser · 90%
low
Tool 'payment_flow' has no annotations annotation_checker · 100%
info
Tool: trigger manifest_parser · 90%
info
Tool: test_multiple_content_types manifest_parser · 90%
info
Tool: test_tool_with_logging manifest_parser · 90%
info
Tool: text_me manifest_parser · 90%
info
Tool: tool1 manifest_parser · 90%
info
Tool: tool2 manifest_parser · 90%
info
Tool: tool3 manifest_parser · 90%
low
Tool 'get_weather' has no annotations annotation_checker · 100%
info
Tool: combined_tool manifest_parser · 90%
info
Tool: test_simple_text manifest_parser · 90%
info
Tool: ask_user manifest_parser · 90%
info
Tool: optional_tool manifest_parser · 90%
info
Tool: test_image_content manifest_parser · 90%
info
Tool: test_tool manifest_parser · 90%
info
Tool: multi_icon_tool manifest_parser · 90%
info
Tool: empty_result_tool manifest_parser · 90%
info
Tool: invalid_optional_tool manifest_parser · 90%
low
Tool 'tool_with_resource' has no annotations annotation_checker · 100%
low
Tool 'echo' has no annotations annotation_checker · 100%
low
Tool 'upload_file' has no annotations annotation_checker · 100%
low
Tool 'analyze_text' has no annotations annotation_checker · 100%
low
Tool 'tool1' has no annotations annotation_checker · 100%
low
Tool 'tool2' has no annotations annotation_checker · 100%
low
Tool 'tool3' has no annotations annotation_checker · 100%
low
Tool 'combined_tool' has no annotations annotation_checker · 100%
low
Tool 'ask_user' has no annotations annotation_checker · 100%
low
Tool 'optional_tool' has no annotations annotation_checker · 100%
low
Tool 'invalid_optional_tool' has no annotations annotation_checker · 100%
low
Tool 'valid_multiselect_tool' has no annotations annotation_checker · 100%
low
Tool 'optional_multiselect_tool' has no annotations annotation_checker · 100%
low
Tool 'defaults_tool' has no annotations annotation_checker · 100%
low
Tool 'select_favorite_color' has no annotations annotation_checker · 100%
low
Tool 'select_favorite_colors' has no annotations annotation_checker · 100%
low
Tool 'select_color_legacy' has no annotations annotation_checker · 100%
low
Tool 'tool' has no annotations annotation_checker · 100%
low
Tool 'request_api_key' has no annotations annotation_checker · 100%
low
Tool 'oauth_flow' has no annotations annotation_checker · 100%
info
Tool: valid_multiselect_tool manifest_parser · 90%
info
Tool: test_tool_with_log manifest_parser · 90%
info
Tool: test_tool_with_log_dict manifest_parser · 90%
info
Tool: check_context manifest_parser · 90%
info
Tool: get_weather manifest_parser · 90%
info
Tool: get_location manifest_parser · 90%
info
Tool: get_statistics manifest_parser · 90%
info
Tool: get_user manifest_parser · 90%
info
Tool: get_config manifest_parser · 90%
info
Tool: list_cities manifest_parser · 90%
info
Tool: get_temperature manifest_parser · 90%
info
Tool: api_status manifest_parser · 90%
info
Tool: send_message manifest_parser · 90%
info
Tool: hello manifest_parser · 90%
info
Tool: domain_info manifest_parser · 90%
info
Tool: add_two manifest_parser · 90%
info
Tool: add manifest_parser · 90%
info
Tool: optional_multiselect_tool manifest_parser · 90%
info
Tool: generate_poem manifest_parser · 90%
info
Tool: create_thumbnail manifest_parser · 90%
info
Tool: book_table manifest_parser · 90%
info
Tool: secure_payment manifest_parser · 90%
info
Tool: process_data manifest_parser · 90%
info
Tool: long_running_task manifest_parser · 90%
info
Tool: advanced_tool manifest_parser · 90%
info
Tool: validated_tool manifest_parser · 90%
info
pyproject.toml metadata manifest_parser · 100%
info
Tool: check_lifespan manifest_parser · 90%
info
Tool: connect_service manifest_parser · 90%
info
Tool: multi_auth manifest_parser · 90%
info
Tool: failing_tool manifest_parser · 90%
info
Tool: greet manifest_parser · 90%
info
Tool: basic_tool manifest_parser · 90%
info
Tool: tool_with_title manifest_parser · 90%
info
Tool: tool_with_annotations manifest_parser · 90%
info
Tool: tool_with_both manifest_parser · 90%
info
Tool: hello_world manifest_parser · 90%
info
Tool: sum manifest_parser · 90%
info
Tool: tool_with_resource manifest_parser · 90%
info
Tool: echo manifest_parser · 90%
info
Tool: upload_file manifest_parser · 90%
info
Tool: test_tool_with_progress manifest_parser · 90%
info
Tool: test_sampling manifest_parser · 90%
info
Tool: test_elicitation manifest_parser · 90%
info
Tool: test_elicitation_sep1034_defaults manifest_parser · 90%
info
Tool: test_elicitation_sep1330_enums manifest_parser · 90%
info
Tool: test_error_handling manifest_parser · 90%
info
Tool: test_reconnection manifest_parser · 90%
info
Tool: get_time manifest_parser · 90%
info
Tool: get_weather_summary manifest_parser · 90%
info
Tool: get_weather_metrics manifest_parser · 90%
info
Tool: get_weather_alerts manifest_parser · 90%
info
Tool: get_weather_stats manifest_parser · 90%
info
Tool: hello_unicode manifest_parser · 90%
info
Tool: list_emoji_categories manifest_parser · 90%
info
Tool: multilingual_hello manifest_parser · 90%
info
Tool: remember manifest_parser · 90%
info
Tool: read_profile manifest_parser · 90%
info
Tool: take_screenshot manifest_parser · 90%
info
Tool: greet_user manifest_parser · 90%
info
Tool: echo_tool manifest_parser · 90%
info
Tool: demo_tool manifest_parser · 90%
info
Tool: name_shrimp manifest_parser · 90%
info
Tool: my_tool manifest_parser · 60%
info
Tool: tool_with_context manifest_parser · 60%
info
Tool: async_tool manifest_parser · 60%
info
Transport: streamable-http manifest_parser · 80%
info
Required env vars (8) manifest_parser · 80%
low
Tool 'check_lifespan' has no annotations annotation_checker · 100%
low
Tool 'connect_service' has no annotations annotation_checker · 100%
low
Tool 'multi_auth' has no annotations annotation_checker · 100%
low
Tool 'failing_tool' has no annotations annotation_checker · 100%
low
Tool 'greet' has no annotations annotation_checker · 100%
low
Tool 'basic_tool' has no annotations annotation_checker · 100%
low
Tool 'tool_with_title' has no annotations annotation_checker · 100%
low
Tool 'tool_with_annotations' has no annotations annotation_checker · 100%
low
Tool 'tool_with_both' has no annotations annotation_checker · 100%
low
Tool 'hello_world' has no annotations annotation_checker · 100%
low
Tool 'sum' has no annotations annotation_checker · 100%
low
Tool 'setup_credentials' has no annotations annotation_checker · 100%
low
Tool 'check_url_response' has no annotations annotation_checker · 100%
low
Tool 'ask_name' has no annotations annotation_checker · 100%
low
Tool 'trigger_elicitation' has no annotations annotation_checker · 100%
low
Tool 'test_decline' has no annotations annotation_checker · 100%
low
Tool 'test_cancel' has no annotations annotation_checker · 100%
low
Tool 'use_deprecated_elicit' has no annotations annotation_checker · 100%
low
Tool 'direct_elicit_url' has no annotations annotation_checker · 100%
low
Tool 'delete_file' has no annotations annotation_checker · 100%
low
Tool 'query_db' has no annotations annotation_checker · 100%
low
Tool 'dummy_tool_func' has no annotations annotation_checker · 100%
low
Tool 'sleep_tool' has no annotations annotation_checker · 100%
low
Tool 'trigger' has no annotations annotation_checker · 100%
low
Tool 'test_tool' has no annotations annotation_checker · 100%
low
Tool 'multi_icon_tool' has no annotations annotation_checker · 100%
low
Tool 'test_sampling_tool' has no annotations annotation_checker · 100%
low
Tool 'test_list_roots' has no annotations annotation_checker · 100%
low
Tool 'test_tool_with_log' has no annotations annotation_checker · 100%
low
Tool 'test_tool_with_log_dict' has no annotations annotation_checker · 100%
low
Tool 'check_context' has no annotations annotation_checker · 100%
low
Tool 'get_statistics' has no annotations annotation_checker · 100%
low
Tool 'get_user' has no annotations annotation_checker · 100%
low
Tool 'get_config' has no annotations annotation_checker · 100%
low
Tool 'list_cities' has no annotations annotation_checker · 100%
low
Tool 'get_temperature' has no annotations annotation_checker · 100%
low
Tool 'api_status' has no annotations annotation_checker · 100%
low
Tool 'send_message' has no annotations annotation_checker · 100%
low
Tool 'hello' has no annotations annotation_checker · 100%
low
Tool 'domain_info' has no annotations annotation_checker · 100%
low
Tool 'add_two' has no annotations annotation_checker · 100%
low
Tool 'add' has no annotations annotation_checker · 100%
low
Tool 'generate_poem' has no annotations annotation_checker · 100%
low
Tool 'create_thumbnail' has no annotations annotation_checker · 100%
low
Tool 'book_table' has no annotations annotation_checker · 100%
low
Tool 'secure_payment' has no annotations annotation_checker · 100%
low
Tool 'process_data' has no annotations annotation_checker · 100%
low
Tool 'long_running_task' has no annotations annotation_checker · 100%
low
Tool 'advanced_tool' has no annotations annotation_checker · 100%
low
Tool 'validated_tool' has no annotations annotation_checker · 100%
low
Tool 'empty_result_tool' has no annotations annotation_checker · 100%
low
Tool 'test_simple_text' has no annotations annotation_checker · 100%
low
Tool 'test_image_content' has no annotations annotation_checker · 100%
low
Tool 'test_audio_content' has no annotations annotation_checker · 100%
low
Tool 'test_embedded_resource' has no annotations annotation_checker · 100%
low
Tool 'test_multiple_content_types' has no annotations annotation_checker · 100%
low
Tool 'test_tool_with_logging' has no annotations annotation_checker · 100%
low
Tool 'test_tool_with_progress' has no annotations annotation_checker · 100%
low
Tool 'test_sampling' has no annotations annotation_checker · 100%
low
Tool 'test_elicitation' has no annotations annotation_checker · 100%
low
Tool 'test_elicitation_sep1034_defaults' has no annotations annotation_checker · 100%
low
Tool 'test_elicitation_sep1330_enums' has no annotations annotation_checker · 100%
low
Tool 'test_error_handling' has no annotations annotation_checker · 100%
low
Tool 'test_reconnection' has no annotations annotation_checker · 100%
low
Tool 'get_time' has no annotations annotation_checker · 100%
low
Tool 'get_weather_summary' has no annotations annotation_checker · 100%
low
Tool 'get_weather_metrics' has no annotations annotation_checker · 100%
low
Tool 'get_weather_alerts' has no annotations annotation_checker · 100%
low
Tool 'get_weather_stats' has no annotations annotation_checker · 100%
low
Tool 'hello_unicode' has no annotations annotation_checker · 100%
low
Tool 'list_emoji_categories' has no annotations annotation_checker · 100%
low
Tool 'multilingual_hello' has no annotations annotation_checker · 100%
low
Tool 'remember' has no annotations annotation_checker · 100%
low
Tool 'read_profile' has no annotations annotation_checker · 100%
low
Tool 'text_me' has no annotations annotation_checker · 100%
low
Tool 'take_screenshot' has no annotations annotation_checker · 100%
low
Tool 'greet_user' has no annotations annotation_checker · 100%
low
Tool 'echo_tool' has no annotations annotation_checker · 100%
low
Tool 'demo_tool' has no annotations annotation_checker · 100%
low
Tool 'name_shrimp' has no annotations annotation_checker · 100%
low
Tool 'my_tool' has no annotations annotation_checker · 100%
low
Tool 'tool_with_context' has no annotations annotation_checker · 100%
low
Tool 'async_tool' has no annotations annotation_checker · 100%
high
Hardcoded OAuth client secret in tests/client/test_auth.py auth_checker · 95%
high
Hardcoded OAuth client secret in tests/client/auth/extensions/test_client_credentials.py auth_checker · 95%
high
Hardcoded OAuth client secret in src/mcp/client/auth/extensions/client_credentials.py auth_checker · 95%
medium
Permission: network access detected permission_analyzer · 90%
medium
Vulnerable dependency: starlette@0.48.0; python_version >= '3.14' (PYSEC-2023-48) dependency_analyzer · 95%
medium
Vulnerable dependency: starlette@0.48.0; python_version >= '3.14' (PYSEC-2026-161) dependency_analyzer · 95%
low
Permission: filesystem access detected permission_analyzer · 90%
high
Permission: shell access detected permission_analyzer · 95%
medium
Permission: database access detected permission_analyzer · 90%
low
Permission: env_vars access detected permission_analyzer · 90%
medium
Excessive dependency count: 90 direct dependencies dependency_analyzer · 90%
medium
Vulnerable dependency: python-dotenv@1.0.0 (GHSA-mf9w-mj56-hr94) dependency_analyzer · 95%
medium
Vulnerable dependency: requests@2.31.0 (GHSA-9hjg-9r4m-mvj7) dependency_analyzer · 95%
medium
Vulnerable dependency: requests@2.31.0 (GHSA-9wx4-h78v-vm56) dependency_analyzer · 95%
medium
Vulnerable dependency: requests@2.31.0 (GHSA-gc5v-m9x4-r6x2) dependency_analyzer · 95%
medium
Vulnerable dependency: mcp@1.0.0 (GHSA-3qhf-m339-9g5v) dependency_analyzer · 95%
medium
Vulnerable dependency: mcp@1.0.0 (GHSA-9h52-p55h-vw2f) dependency_analyzer · 95%
medium
Vulnerable dependency: mcp@1.0.0 (GHSA-j975-95f5-7wqh) dependency_analyzer · 95%
medium
Vulnerable dependency: httpx@0.27.1,<1.0.0 (GHSA-h8pj-cxx2-jfg2) dependency_analyzer · 95%
medium
Vulnerable dependency: httpx@0.27.1,<1.0.0 (PYSEC-2022-183) dependency_analyzer · 95%
medium
Vulnerable dependency: starlette@0.48.0; python_version >= '3.14' (GHSA-2c2j-9gv5-cj73) dependency_analyzer · 95%
medium
Vulnerable dependency: starlette@0.48.0; python_version >= '3.14' (GHSA-74m5-2c7w-9w3x) dependency_analyzer · 95%
medium
Vulnerable dependency: starlette@0.48.0; python_version >= '3.14' (GHSA-f96h-pmfr-66vw) dependency_analyzer · 95%
medium
Vulnerable dependency: starlette@0.27; python_version < '3.14' (GHSA-2c2j-9gv5-cj73) dependency_analyzer · 95%
medium
Vulnerable dependency: starlette@0.27; python_version < '3.14' (GHSA-74m5-2c7w-9w3x) dependency_analyzer · 95%
medium
Vulnerable dependency: starlette@0.27; python_version < '3.14' (GHSA-f96h-pmfr-66vw) dependency_analyzer · 95%
medium
Vulnerable dependency: starlette@0.27; python_version < '3.14' (PYSEC-2023-48) dependency_analyzer · 95%
medium
Vulnerable dependency: starlette@0.27; python_version < '3.14' (PYSEC-2026-161) dependency_analyzer · 95%
medium
Vulnerable dependency: python-multipart@0.0.9 (GHSA-59g5-xgcq-4qw3) dependency_analyzer · 95%
medium
Vulnerable dependency: python-multipart@0.0.9 (GHSA-mj87-hwqh-73pj) dependency_analyzer · 95%
medium
Vulnerable dependency: python-multipart@0.0.9 (GHSA-pp6c-gr5w-3c5g) dependency_analyzer · 95%
medium
Vulnerable dependency: python-multipart@0.0.9 (GHSA-wp53-j4wj-2cfg) dependency_analyzer · 95%
medium
Vulnerable dependency: uvicorn@0.31.1; sys_platform != 'emscripten' (GHSA-33c7-2mpw-hg34) dependency_analyzer · 95%
medium
Vulnerable dependency: uvicorn@0.31.1; sys_platform != 'emscripten' (GHSA-f97h-2pfx-f59f) dependency_analyzer · 95%
medium
Vulnerable dependency: uvicorn@0.31.1; sys_platform != 'emscripten' (PYSEC-2020-150) dependency_analyzer · 95%
medium
Vulnerable dependency: uvicorn@0.31.1; sys_platform != 'emscripten' (PYSEC-2020-151) dependency_analyzer · 95%
medium
Vulnerable dependency: pywin32@311; sys_platform == 'win32' (GHSA-hwfp-hg2m-9vr2) dependency_analyzer · 95%
medium
Vulnerable dependency: pywin32@311; sys_platform == 'win32' (PYSEC-2021-112) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.0 (GHSA-mr82-8j83-vxmv) dependency_analyzer · 95%
medium
Vulnerable dependency: uvicorn@0.23.1; sys_platform != 'emscripten' (GHSA-33c7-2mpw-hg34) dependency_analyzer · 95%
medium
Vulnerable dependency: uvicorn@0.23.1; sys_platform != 'emscripten' (GHSA-f97h-2pfx-f59f) dependency_analyzer · 95%
medium
Vulnerable dependency: uvicorn@0.23.1; sys_platform != 'emscripten' (PYSEC-2020-150) dependency_analyzer · 95%
medium
Vulnerable dependency: uvicorn@0.23.1; sys_platform != 'emscripten' (PYSEC-2020-151) dependency_analyzer · 95%
critical
Database URL with Password found in examples/mcpserver/memory.py secret_scanner · 85%
info
SLSA Build Level 2 detected slsa_assessor · 85%
high
High-risk OAuth scope: admin oauth_scope_analyzer · 80%
info
Could not connect to MCP server for output poisoning scan output_poisoning · 100%
info
Could not connect to MCP server for behavioral verification behavioral_verifier · 100%
info
SBOM generated: 4 components sbom_generator · 100%
info
MITRE ATLAS technique coverage summary atlas_annotator · 100%
info
ATLAS: Adversarial ML Supply Chain (AML.T0043) atlas_annotator · 100%
info
ATLAS: Poison Training Data (AML.T0020) atlas_annotator · 100%
info
Tool: defaults_tool manifest_parser · 90%
info
Tool: analyze_text manifest_parser · 90%
high
Permission: shell access detected permission_analyzer · 95%
info
pyproject.toml metadata manifest_parser · 100%
info
Tool: check_lifespan manifest_parser · 90%
info
Tool: connect_service manifest_parser · 90%
info
Tool: multi_auth manifest_parser · 90%
info
Tool: failing_tool manifest_parser · 90%
info
Tool: tool_with_title manifest_parser · 90%
info
Tool: tool_with_annotations manifest_parser · 90%
info
Tool: tool_with_both manifest_parser · 90%
info
Tool: hello_world manifest_parser · 90%
info
Tool: sum manifest_parser · 90%
info
Tool: tool_with_resource manifest_parser · 90%
info
Tool: upload_file manifest_parser · 90%
info
Tool: analyze_text manifest_parser · 90%
info
Tool: tool1 manifest_parser · 90%
info
Tool: tool2 manifest_parser · 90%
info
Tool: tool3 manifest_parser · 90%
info
Tool: combined_tool manifest_parser · 90%
info
Tool: ask_user manifest_parser · 90%
info
Tool: optional_tool manifest_parser · 90%
info
Tool: invalid_optional_tool manifest_parser · 90%
info
Tool: valid_multiselect_tool manifest_parser · 90%
info
Tool: optional_multiselect_tool manifest_parser · 90%
info
Tool: defaults_tool manifest_parser · 90%
info
Tool: select_favorite_color manifest_parser · 90%
info
Tool: select_favorite_colors manifest_parser · 90%
info
Tool: select_color_legacy manifest_parser · 90%
info
Tool: tool manifest_parser · 90%
info
Tool: request_api_key manifest_parser · 90%
info
Tool: oauth_flow manifest_parser · 90%
info
Tool: payment_flow manifest_parser · 90%
info
Tool: setup_credentials manifest_parser · 90%
info
Tool: check_url_response manifest_parser · 90%
info
Tool: ask_name manifest_parser · 90%
info
Tool: trigger_elicitation manifest_parser · 90%
info
Tool: test_decline manifest_parser · 90%
info
Tool: test_cancel manifest_parser · 90%
info
Tool: use_deprecated_elicit manifest_parser · 90%
info
Tool: direct_elicit_url manifest_parser · 90%
info
Tool: delete_file manifest_parser · 90%
info
Tool: query_db manifest_parser · 90%
info
Tool: dummy_tool_func manifest_parser · 90%
info
Tool: trigger manifest_parser · 90%
info
Tool: sleep_tool manifest_parser · 90%
info
Tool: multi_icon_tool manifest_parser · 90%
info
Tool: basic_tool manifest_parser · 90%
info
Tool: test_sampling_tool manifest_parser · 90%
info
Tool: test_list_roots manifest_parser · 90%
info
Tool: test_tool manifest_parser · 90%
info
Tool: test_tool_with_log manifest_parser · 90%
info
Tool: test_tool_with_log_dict manifest_parser · 90%
info
Tool: greet manifest_parser · 90%
info
Tool: check_context manifest_parser · 90%
info
Tool: get_weather manifest_parser · 90%
info
Tool: get_location manifest_parser · 90%
info
Tool: get_statistics manifest_parser · 90%
info
Tool: get_user manifest_parser · 90%
info
Tool: get_config manifest_parser · 90%
info
Tool: list_cities manifest_parser · 90%
info
Tool: api_status manifest_parser · 90%
info
Tool: send_message manifest_parser · 90%
info
Tool: hello manifest_parser · 90%
info
Tool: domain_info manifest_parser · 90%
info
Tool: add_two manifest_parser · 90%
info
Tool: add manifest_parser · 90%
info
Tool: generate_poem manifest_parser · 90%
info
Tool: create_thumbnail manifest_parser · 90%
info
Tool: book_table manifest_parser · 90%
info
Tool: secure_payment manifest_parser · 90%
info
Tool: long_running_task manifest_parser · 90%
info
Tool: advanced_tool manifest_parser · 90%
info
Tool: validated_tool manifest_parser · 90%
info
Tool: empty_result_tool manifest_parser · 90%
info
Tool: process_data manifest_parser · 90%
info
Tool: test_simple_text manifest_parser · 90%
info
Tool: test_image_content manifest_parser · 90%
info
Tool: test_audio_content manifest_parser · 90%
info
Tool: test_embedded_resource manifest_parser · 90%
info
Tool: test_multiple_content_types manifest_parser · 90%
info
Tool: test_tool_with_logging manifest_parser · 90%
info
Tool: test_tool_with_progress manifest_parser · 90%
info
Tool: test_sampling manifest_parser · 90%
info
Tool: test_elicitation manifest_parser · 90%
info
Tool: test_elicitation_sep1034_defaults manifest_parser · 90%
info
Tool: test_elicitation_sep1330_enums manifest_parser · 90%
info
Tool: test_error_handling manifest_parser · 90%
info
Tool: test_reconnection manifest_parser · 90%
info
Tool: get_time manifest_parser · 90%
info
Tool: get_weather_summary manifest_parser · 90%
info
Tool: get_weather_metrics manifest_parser · 90%
info
Tool: get_weather_alerts manifest_parser · 90%
info
Tool: get_temperature manifest_parser · 90%
info
Tool: get_weather_stats manifest_parser · 90%
info
Tool: hello_unicode manifest_parser · 90%
info
Tool: list_emoji_categories manifest_parser · 90%
info
Tool: multilingual_hello manifest_parser · 90%
info
Tool: remember manifest_parser · 90%
info
Tool: read_profile manifest_parser · 90%
info
Tool: echo manifest_parser · 90%
info
Tool: text_me manifest_parser · 90%
info
Tool: take_screenshot manifest_parser · 90%
info
Tool: greet_user manifest_parser · 90%
info
Tool: echo_tool manifest_parser · 90%
info
Tool: demo_tool manifest_parser · 90%
info
Tool: name_shrimp manifest_parser · 90%
info
Tool: my_tool manifest_parser · 60%
info
Tool: tool_with_context manifest_parser · 60%
info
Tool: async_tool manifest_parser · 60%
info
Transport: streamable-http manifest_parser · 80%
info
Required env vars (8) manifest_parser · 80%
low
Tool 'check_lifespan' has no annotations annotation_checker · 100%
low
Tool 'multi_auth' has no annotations annotation_checker · 100%
low
Tool 'failing_tool' has no annotations annotation_checker · 100%
low
Tool 'tool_with_title' has no annotations annotation_checker · 100%
low
Tool 'tool_with_annotations' has no annotations annotation_checker · 100%
low
Tool 'tool_with_both' has no annotations annotation_checker · 100%
low
Tool 'hello_world' has no annotations annotation_checker · 100%
low
Tool 'tool_with_resource' has no annotations annotation_checker · 100%
low
Tool 'upload_file' has no annotations annotation_checker · 100%
low
Tool 'analyze_text' has no annotations annotation_checker · 100%
low
Tool 'tool1' has no annotations annotation_checker · 100%
low
Tool 'tool2' has no annotations annotation_checker · 100%
low
Tool 'tool3' has no annotations annotation_checker · 100%
low
Tool 'combined_tool' has no annotations annotation_checker · 100%
low
Tool 'ask_user' has no annotations annotation_checker · 100%
low
Tool 'optional_tool' has no annotations annotation_checker · 100%
low
Tool 'invalid_optional_tool' has no annotations annotation_checker · 100%
low
Tool 'valid_multiselect_tool' has no annotations annotation_checker · 100%
low
Tool 'optional_multiselect_tool' has no annotations annotation_checker · 100%
low
Tool 'defaults_tool' has no annotations annotation_checker · 100%
low
Tool 'select_favorite_color' has no annotations annotation_checker · 100%
low
Tool 'select_favorite_colors' has no annotations annotation_checker · 100%
low
Tool 'select_color_legacy' has no annotations annotation_checker · 100%
low
Tool 'tool' has no annotations annotation_checker · 100%
low
Tool 'request_api_key' has no annotations annotation_checker · 100%
low
Tool 'oauth_flow' has no annotations annotation_checker · 100%
low
Tool 'payment_flow' has no annotations annotation_checker · 100%
low
Tool 'setup_credentials' has no annotations annotation_checker · 100%
low
Tool 'check_url_response' has no annotations annotation_checker · 100%
low
Tool 'ask_name' has no annotations annotation_checker · 100%
low
Tool 'trigger_elicitation' has no annotations annotation_checker · 100%
low
Tool 'test_decline' has no annotations annotation_checker · 100%
low
Tool 'test_cancel' has no annotations annotation_checker · 100%
low
Tool 'use_deprecated_elicit' has no annotations annotation_checker · 100%
low
Tool 'direct_elicit_url' has no annotations annotation_checker · 100%
low
Tool 'delete_file' has no annotations annotation_checker · 100%
low
Tool 'greet' has no annotations annotation_checker · 100%
low
Tool 'query_db' has no annotations annotation_checker · 100%
low
Tool 'dummy_tool_func' has no annotations annotation_checker · 100%
low
Tool 'trigger' has no annotations annotation_checker · 100%
low
Tool 'sleep_tool' has no annotations annotation_checker · 100%
low
Tool 'basic_tool' has no annotations annotation_checker · 100%
low
Tool 'test_sampling_tool' has no annotations annotation_checker · 100%
low
Tool 'test_list_roots' has no annotations annotation_checker · 100%
low
Tool 'test_tool' has no annotations annotation_checker · 100%
low
Tool 'test_tool_with_log' has no annotations annotation_checker · 100%
low
Tool 'test_tool_with_log_dict' has no annotations annotation_checker · 100%
low
Tool 'check_context' has no annotations annotation_checker · 100%
low
Tool 'get_location' has no annotations annotation_checker · 100%
low
Tool 'get_statistics' has no annotations annotation_checker · 100%
low
Tool 'get_user' has no annotations annotation_checker · 100%
low
Tool 'get_config' has no annotations annotation_checker · 100%
low
Tool 'list_cities' has no annotations annotation_checker · 100%
low
Tool 'api_status' has no annotations annotation_checker · 100%
low
Tool 'send_message' has no annotations annotation_checker · 100%
low
Tool 'get_weather' has no annotations annotation_checker · 100%
low
Tool 'hello' has no annotations annotation_checker · 100%
low
Tool 'domain_info' has no annotations annotation_checker · 100%
low
Tool 'echo' has no annotations annotation_checker · 100%
low
Tool 'add_two' has no annotations annotation_checker · 100%
low
Tool 'add' has no annotations annotation_checker · 100%
low
Tool 'generate_poem' has no annotations annotation_checker · 100%
low
Tool 'create_thumbnail' has no annotations annotation_checker · 100%
low
Tool 'book_table' has no annotations annotation_checker · 100%
low
Tool 'secure_payment' has no annotations annotation_checker · 100%
low
Tool 'connect_service' has no annotations annotation_checker · 100%
low
Tool 'long_running_task' has no annotations annotation_checker · 100%
low
Tool 'advanced_tool' has no annotations annotation_checker · 100%
low
Tool 'validated_tool' has no annotations annotation_checker · 100%
low
Tool 'empty_result_tool' has no annotations annotation_checker · 100%
low
Tool 'process_data' has no annotations annotation_checker · 100%
low
Tool 'test_simple_text' has no annotations annotation_checker · 100%
low
Tool 'test_image_content' has no annotations annotation_checker · 100%
low
Tool 'test_audio_content' has no annotations annotation_checker · 100%
low
Tool 'test_embedded_resource' has no annotations annotation_checker · 100%
low
Tool 'test_multiple_content_types' has no annotations annotation_checker · 100%
low
Tool 'test_tool_with_logging' has no annotations annotation_checker · 100%
low
Tool 'test_tool_with_progress' has no annotations annotation_checker · 100%
low
Tool 'test_sampling' has no annotations annotation_checker · 100%
low
Tool 'test_elicitation' has no annotations annotation_checker · 100%
low
Tool 'test_elicitation_sep1034_defaults' has no annotations annotation_checker · 100%
low
Tool 'test_elicitation_sep1330_enums' has no annotations annotation_checker · 100%
low
Tool 'test_error_handling' has no annotations annotation_checker · 100%
low
Tool 'test_reconnection' has no annotations annotation_checker · 100%
low
Tool 'get_time' has no annotations annotation_checker · 100%
low
Tool 'get_weather_summary' has no annotations annotation_checker · 100%
low
Tool 'get_weather_metrics' has no annotations annotation_checker · 100%
low
Tool 'get_weather_alerts' has no annotations annotation_checker · 100%
low
Tool 'get_temperature' has no annotations annotation_checker · 100%
low
Tool 'get_weather_stats' has no annotations annotation_checker · 100%
low
Tool 'hello_unicode' has no annotations annotation_checker · 100%
low
Tool 'list_emoji_categories' has no annotations annotation_checker · 100%
low
Tool 'multilingual_hello' has no annotations annotation_checker · 100%
low
Tool 'remember' has no annotations annotation_checker · 100%
low
Tool 'read_profile' has no annotations annotation_checker · 100%
low
Tool 'text_me' has no annotations annotation_checker · 100%
low
Tool 'take_screenshot' has no annotations annotation_checker · 100%
low
Tool 'greet_user' has no annotations annotation_checker · 100%
low
Tool 'echo_tool' has no annotations annotation_checker · 100%
low
Tool 'demo_tool' has no annotations annotation_checker · 100%
low
Tool 'multi_icon_tool' has no annotations annotation_checker · 100%
low
Tool 'sum' has no annotations annotation_checker · 100%
low
Tool 'name_shrimp' has no annotations annotation_checker · 100%
low
Tool 'my_tool' has no annotations annotation_checker · 100%
low
Tool 'tool_with_context' has no annotations annotation_checker · 100%
low
Tool 'async_tool' has no annotations annotation_checker · 100%
high
Hardcoded OAuth client secret in tests/client/test_auth.py auth_checker · 95%
high
Hardcoded OAuth client secret in tests/client/auth/extensions/test_client_credentials.py auth_checker · 95%
high
Hardcoded OAuth client secret in src/mcp/client/auth/extensions/client_credentials.py auth_checker · 95%
medium
Permission: network access detected permission_analyzer · 90%
low
Permission: filesystem access detected permission_analyzer · 90%
medium
Permission: database access detected permission_analyzer · 90%
low
Permission: env_vars access detected permission_analyzer · 90%
medium
Excessive dependency count: 90 direct dependencies dependency_analyzer · 90%
medium
Vulnerable dependency: requests@2.31.0 (GHSA-9hjg-9r4m-mvj7) dependency_analyzer · 95%
medium
Vulnerable dependency: requests@2.31.0 (GHSA-9wx4-h78v-vm56) dependency_analyzer · 95%
medium
Vulnerable dependency: requests@2.31.0 (GHSA-gc5v-m9x4-r6x2) dependency_analyzer · 95%
medium
Vulnerable dependency: mcp@1.0.0 (GHSA-3qhf-m339-9g5v) dependency_analyzer · 95%
medium
Vulnerable dependency: mcp@1.0.0 (GHSA-9h52-p55h-vw2f) dependency_analyzer · 95%
medium
Vulnerable dependency: mcp@1.0.0 (GHSA-j975-95f5-7wqh) dependency_analyzer · 95%
medium
Vulnerable dependency: httpx@0.27.1,<1.0.0 (GHSA-h8pj-cxx2-jfg2) dependency_analyzer · 95%
medium
Vulnerable dependency: httpx@0.27.1,<1.0.0 (PYSEC-2022-183) dependency_analyzer · 95%
medium
Vulnerable dependency: starlette@0.48.0; python_version >= '3.14' (GHSA-2c2j-9gv5-cj73) dependency_analyzer · 95%
medium
Vulnerable dependency: starlette@0.48.0; python_version >= '3.14' (GHSA-74m5-2c7w-9w3x) dependency_analyzer · 95%
medium
Vulnerable dependency: starlette@0.48.0; python_version >= '3.14' (GHSA-f96h-pmfr-66vw) dependency_analyzer · 95%
medium
Vulnerable dependency: starlette@0.48.0; python_version >= '3.14' (PYSEC-2023-48) dependency_analyzer · 95%
medium
Vulnerable dependency: starlette@0.27; python_version < '3.14' (GHSA-2c2j-9gv5-cj73) dependency_analyzer · 95%
medium
Vulnerable dependency: starlette@0.27; python_version < '3.14' (GHSA-74m5-2c7w-9w3x) dependency_analyzer · 95%
medium
Vulnerable dependency: starlette@0.27; python_version < '3.14' (GHSA-f96h-pmfr-66vw) dependency_analyzer · 95%
medium
Vulnerable dependency: starlette@0.27; python_version < '3.14' (PYSEC-2023-48) dependency_analyzer · 95%
medium
Vulnerable dependency: python-multipart@0.0.9 (GHSA-59g5-xgcq-4qw3) dependency_analyzer · 95%
medium
Vulnerable dependency: python-multipart@0.0.9 (GHSA-mj87-hwqh-73pj) dependency_analyzer · 95%
medium
Vulnerable dependency: python-multipart@0.0.9 (GHSA-pp6c-gr5w-3c5g) dependency_analyzer · 95%
medium
Vulnerable dependency: python-multipart@0.0.9 (GHSA-wp53-j4wj-2cfg) dependency_analyzer · 95%
medium
Vulnerable dependency: uvicorn@0.31.1; sys_platform != 'emscripten' (GHSA-33c7-2mpw-hg34) dependency_analyzer · 95%
medium
Vulnerable dependency: uvicorn@0.31.1; sys_platform != 'emscripten' (GHSA-f97h-2pfx-f59f) dependency_analyzer · 95%
medium
Vulnerable dependency: uvicorn@0.31.1; sys_platform != 'emscripten' (PYSEC-2020-150) dependency_analyzer · 95%
medium
Vulnerable dependency: uvicorn@0.31.1; sys_platform != 'emscripten' (PYSEC-2020-151) dependency_analyzer · 95%
medium
Vulnerable dependency: pywin32@311; sys_platform == 'win32' (GHSA-hwfp-hg2m-9vr2) dependency_analyzer · 95%
medium
Vulnerable dependency: pywin32@311; sys_platform == 'win32' (PYSEC-2021-112) dependency_analyzer · 95%
medium
Vulnerable dependency: python-dotenv@1.0.0 (GHSA-mf9w-mj56-hr94) dependency_analyzer · 95%
medium
Vulnerable dependency: pydantic@2.0 (GHSA-mr82-8j83-vxmv) dependency_analyzer · 95%
medium
Vulnerable dependency: uvicorn@0.23.1; sys_platform != 'emscripten' (GHSA-33c7-2mpw-hg34) dependency_analyzer · 95%
medium
Vulnerable dependency: uvicorn@0.23.1; sys_platform != 'emscripten' (GHSA-f97h-2pfx-f59f) dependency_analyzer · 95%
medium
Vulnerable dependency: uvicorn@0.23.1; sys_platform != 'emscripten' (PYSEC-2020-150) dependency_analyzer · 95%
medium
Vulnerable dependency: uvicorn@0.23.1; sys_platform != 'emscripten' (PYSEC-2020-151) dependency_analyzer · 95%
critical
Database URL with Password found in examples/mcpserver/memory.py secret_scanner · 85%
info
SLSA Build Level 2 detected slsa_assessor · 85%
high
High-risk OAuth scope: admin oauth_scope_analyzer · 80%
info
Could not connect to MCP server for output poisoning scan output_poisoning · 100%
info
Could not connect to MCP server for behavioral verification behavioral_verifier · 100%
info
SBOM generated: 4 components sbom_generator · 100%
info
MITRE ATLAS technique coverage summary atlas_annotator · 100%
info
ATLAS: Adversarial ML Supply Chain (AML.T0043) atlas_annotator · 100%
info
ATLAS: Poison Training Data (AML.T0020) atlas_annotator · 100%