← Back to search Server uses network capabilities via: http, httpx, requests, socket, urllib, websocket Server uses filesystem capabilities via: open(), os, pathlib, shutil, tempfile Server uses shell capabilities via: subprocess Server uses database capabilities via: asyncpg Server uses env_vars capabilities via: os.environ, os.getenv()
modelcontextprotocol/python-sdk
PyPI MCP Registry ↗
D
52 / 100
Versions
1.0.0 latest May 20, 2026
Tools 106
get_user unchecked low
Get user profile - returns structured data
get_config unchecked low
This returns unstructured output - no schema generated
list_cities unchecked low
Get a list of cities
get_temperature unchecked low
Get temperature as a simple float
api_status unchecked low
Get API status
send_message unchecked low
Send a chat message
hello unchecked low
A simple hello tool
domain_info unchecked low
Get domain-specific information
add_two unchecked low
Tool to add two to the input
add unchecked low
Add two numbers
generate_poem unchecked low
Generate a poem using LLM sampling.
create_thumbnail unchecked low
Create a thumbnail from an image
book_table unchecked low
Book a table with date availability check. This demonstrates form mode elicitation for collecting non-sensitive user input.
secure_payment unchecked low
Process a secure payment requiring URL confirmation. This demonstrates URL mode elicitation using ctx.elicit_url() for operations that require out-of-band user interaction.
process_data unchecked low
Process data with logging.
long_running_task unchecked low
Execute a task with progress updates.
advanced_tool unchecked low
Return CallToolResult directly for full control including _meta field.
validated_tool unchecked low
Return CallToolResult with structured output validation.
empty_result_tool unchecked low
For empty results, return CallToolResult with empty content.
test_simple_text unchecked low
Tests simple text content response
test_image_content unchecked low
Tests image content response
test_audio_content unchecked low
Tests audio content response
test_embedded_resource unchecked low
Tests embedded resource content response
test_multiple_content_types unchecked low
Tests response with multiple content types (text, image, resource)
test_tool_with_logging unchecked low
Tests tool that emits log messages during execution
test_tool_with_progress unchecked low
Tests tool that reports progress notifications
test_sampling unchecked low
Tests server-initiated sampling (LLM completion request)
test_elicitation unchecked low
Tests server-initiated elicitation (user input request)
test_elicitation_sep1034_defaults unchecked low
Tests elicitation with default values for all primitive types (SEP-1034)
test_elicitation_sep1330_enums unchecked low
Tests elicitation with enum schema variations per SEP-1330
test_error_handling unchecked low
Tests error response handling
test_reconnection unchecked low
Tests SSE polling by closing stream mid-call (SEP-1699)
get_time unchecked low
Get the current server time. This tool demonstrates that system information can be protected by OAuth authentication. User must be authenticated to access it.
get_weather_summary unchecked low
Get a brief weather summary for a city
get_weather_metrics unchecked low
Get weather metrics for multiple cities Returns a dictionary mapping city names to their metrics
get_weather_alerts unchecked low
Get active weather alerts for a region
get_weather_stats unchecked low
Get weather statistics for the past N days
hello_unicode unchecked low
A simple tool that demonstrates Unicode handling in: - Tool description (emojis, accents, CJK characters) - Parameter defaults (CJK characters) - Return values (Spanish punctuation, emojis)
list_emoji_categories unchecked low
Returns a list of emoji categories with emoji examples.
multilingual_hello unchecked low
Returns hello in different scripts and writing systems.
remember unchecked low
read_profile unchecked low
text_me unchecked low
Send a text message to a phone number via https://surgemsg.com/
take_screenshot unchecked low
Take a screenshot of the user's screen and return it as an image. Use this tool anytime the user wants you to look at something they're doing.
greet_user unchecked low
Greet a user with optional title and repetition
echo_tool unchecked low
Echo the input text
demo_tool unchecked low
A demo tool with an icon.
name_shrimp unchecked low
List all shrimp names in the tank
my_tool unchecked low
tool_with_context unchecked low
async_tool unchecked low
check_lifespan unchecked low
Tool that checks lifespan context.
connect_service unchecked low
multi_auth unchecked low
failing_tool unchecked low
greet unchecked low
A greeting tool
basic_tool unchecked low
tool_with_title unchecked low
tool_with_annotations unchecked low
tool_with_both unchecked low
hello_world unchecked low
sum unchecked low
tool_with_resource unchecked low
echo unchecked low
Echo a message back.
upload_file unchecked low
Upload a file.
analyze_text unchecked low
Analyze text content.
tool1 unchecked low
First tool.
tool2 unchecked low
Second tool.
tool3 unchecked low
Third tool without metadata.
combined_tool unchecked low
Tool with both metadata and annotations.
ask_user unchecked low
optional_tool unchecked low
invalid_optional_tool unchecked low
valid_multiselect_tool unchecked low
optional_multiselect_tool unchecked low
defaults_tool unchecked low
select_favorite_color unchecked low
select_favorite_colors unchecked low
select_color_legacy unchecked low
tool unchecked low
request_api_key unchecked low
oauth_flow unchecked low
payment_flow unchecked low
setup_credentials unchecked low
check_url_response unchecked low
ask_name unchecked low
trigger_elicitation unchecked low
test_decline unchecked low
test_cancel unchecked low
use_deprecated_elicit unchecked low
direct_elicit_url unchecked low
delete_file unchecked low
query_db unchecked low
Tool that uses initialized resources
dummy_tool_func unchecked low
sleep_tool unchecked low
trigger unchecked low
test_tool unchecked low
A test tool with an icon.
multi_icon_tool unchecked low
A tool with multiple icons.
test_sampling_tool unchecked low
test_list_roots unchecked low
test_tool_with_log unchecked low
Send a log notification to the client.
test_tool_with_log_dict unchecked low
Send a log notification with a dict payload.
check_context unchecked low
Return the contextvar value visible to the handler.
get_weather unchecked low
Get weather for a city - returns structured data.
get_location unchecked low
Get location coordinates
get_statistics unchecked low
Get various statistics
Permissions 5
network medium filesystem low shell high database medium env_vars low Scan Findings 265
info
pyproject.toml metadata
info
Tool: check_lifespan
info
Tool: connect_service
info
Tool: multi_auth
info
Tool: failing_tool
info
Tool: tool_with_title
info
Tool: tool_with_annotations
info
Tool: tool_with_both
info
Tool: hello_world
info
Tool: sum
info
Tool: tool_with_resource
info
Tool: upload_file
info
Tool: analyze_text
info
Tool: tool1
info
Tool: tool2
info
Tool: tool3
info
Tool: combined_tool
info
Tool: ask_user
info
Tool: optional_tool
info
Tool: invalid_optional_tool
info
Tool: valid_multiselect_tool
info
Tool: optional_multiselect_tool
info
Tool: defaults_tool
info
Tool: select_favorite_color
info
Tool: select_favorite_colors
info
Tool: select_color_legacy
info
Tool: tool
info
Tool: request_api_key
info
Tool: oauth_flow
info
Tool: payment_flow
info
Tool: setup_credentials
info
Tool: check_url_response
info
Tool: ask_name
info
Tool: trigger_elicitation
info
Tool: test_decline
info
Tool: test_cancel
info
Tool: use_deprecated_elicit
info
Tool: direct_elicit_url
info
Tool: delete_file
info
Tool: query_db
info
Tool: dummy_tool_func
info
Tool: trigger
info
Tool: sleep_tool
info
Tool: multi_icon_tool
info
Tool: basic_tool
info
Tool: test_sampling_tool
info
Tool: test_list_roots
info
Tool: test_tool
info
Tool: test_tool_with_log
info
Tool: test_tool_with_log_dict
info
Tool: greet
info
Tool: check_context
info
Tool: get_weather
info
Tool: get_location
info
Tool: get_statistics
info
Tool: get_user
info
Tool: get_config
info
Tool: list_cities
info
Tool: api_status
info
Tool: send_message
info
Tool: hello
info
Tool: domain_info
info
Tool: add_two
info
Tool: add
info
Tool: generate_poem
info
Tool: create_thumbnail
info
Tool: book_table
info
Tool: secure_payment
info
Tool: long_running_task
info
Tool: advanced_tool
info
Tool: validated_tool
info
Tool: empty_result_tool
info
Tool: process_data
info
Tool: test_simple_text
info
Tool: test_image_content
info
Tool: test_audio_content
info
Tool: test_embedded_resource
info
Tool: test_multiple_content_types
info
Tool: test_tool_with_logging
info
Tool: test_tool_with_progress
info
Tool: test_sampling
info
Tool: test_elicitation
info
Tool: test_elicitation_sep1034_defaults
info
Tool: test_elicitation_sep1330_enums
info
Tool: test_error_handling
info
Tool: test_reconnection
info
Tool: get_time
info
Tool: get_weather_summary
info
Tool: get_weather_metrics
info
Tool: get_weather_alerts
info
Tool: get_temperature
info
Tool: get_weather_stats
info
Tool: hello_unicode
info
Tool: list_emoji_categories
info
Tool: multilingual_hello
info
Tool: remember
info
Tool: read_profile
info
Tool: echo
info
Tool: text_me
info
Tool: take_screenshot
info
Tool: greet_user
info
Tool: echo_tool
info
Tool: demo_tool
info
Tool: name_shrimp
info
Tool: my_tool
info
Tool: tool_with_context
info
Tool: async_tool
info
Transport: streamable-http
info
Required env vars (8)
low
Tool 'check_lifespan' has no annotations
low
Tool 'multi_auth' has no annotations
low
Tool 'failing_tool' has no annotations
low
Tool 'tool_with_title' has no annotations
low
Tool 'tool_with_annotations' has no annotations
low
Tool 'tool_with_both' has no annotations
low
Tool 'hello_world' has no annotations
low
Tool 'tool_with_resource' has no annotations
low
Tool 'upload_file' has no annotations
low
Tool 'analyze_text' has no annotations
low
Tool 'tool1' has no annotations
low
Tool 'tool2' has no annotations
low
Tool 'tool3' has no annotations
low
Tool 'combined_tool' has no annotations
low
Tool 'ask_user' has no annotations
low
Tool 'optional_tool' has no annotations
low
Tool 'invalid_optional_tool' has no annotations
low
Tool 'valid_multiselect_tool' has no annotations
low
Tool 'optional_multiselect_tool' has no annotations
low
Tool 'defaults_tool' has no annotations
low
Tool 'select_favorite_color' has no annotations
low
Tool 'select_favorite_colors' has no annotations
low
Tool 'select_color_legacy' has no annotations
low
Tool 'tool' has no annotations
low
Tool 'request_api_key' has no annotations
low
Tool 'oauth_flow' has no annotations
low
Tool 'payment_flow' has no annotations
low
Tool 'setup_credentials' has no annotations
low
Tool 'check_url_response' has no annotations
low
Tool 'ask_name' has no annotations
low
Tool 'trigger_elicitation' has no annotations
low
Tool 'test_decline' has no annotations
low
Tool 'test_cancel' has no annotations
low
Tool 'use_deprecated_elicit' has no annotations
low
Tool 'direct_elicit_url' has no annotations
low
Tool 'delete_file' has no annotations
low
Tool 'greet' has no annotations
low
Tool 'query_db' has no annotations
low
Tool 'dummy_tool_func' has no annotations
low
Tool 'trigger' has no annotations
low
Tool 'sleep_tool' has no annotations
low
Tool 'basic_tool' has no annotations
low
Tool 'test_sampling_tool' has no annotations
low
Tool 'test_list_roots' has no annotations
low
Tool 'test_tool' has no annotations
low
Tool 'test_tool_with_log' has no annotations
low
Tool 'test_tool_with_log_dict' has no annotations
low
Tool 'check_context' has no annotations
low
Tool 'get_location' has no annotations
low
Tool 'get_statistics' has no annotations
low
Tool 'get_user' has no annotations
low
Tool 'get_config' has no annotations
low
Tool 'list_cities' has no annotations
low
Tool 'api_status' has no annotations
low
Tool 'send_message' has no annotations
low
Tool 'get_weather' has no annotations
low
Tool 'hello' has no annotations
low
Tool 'domain_info' has no annotations
low
Tool 'echo' has no annotations
low
Tool 'add_two' has no annotations
low
Tool 'add' has no annotations
low
Tool 'generate_poem' has no annotations
low
Tool 'create_thumbnail' has no annotations
low
Tool 'book_table' has no annotations
low
Tool 'secure_payment' has no annotations
low
Tool 'connect_service' has no annotations
low
Tool 'long_running_task' has no annotations
low
Tool 'advanced_tool' has no annotations
low
Tool 'validated_tool' has no annotations
low
Tool 'empty_result_tool' has no annotations
low
Tool 'process_data' has no annotations
low
Tool 'test_simple_text' has no annotations
low
Tool 'test_image_content' has no annotations
low
Tool 'test_audio_content' has no annotations
low
Tool 'test_embedded_resource' has no annotations
low
Tool 'test_multiple_content_types' has no annotations
low
Tool 'test_tool_with_logging' has no annotations
low
Tool 'test_tool_with_progress' has no annotations
low
Tool 'test_sampling' has no annotations
low
Tool 'test_elicitation' has no annotations
low
Tool 'test_elicitation_sep1034_defaults' has no annotations
low
Tool 'test_elicitation_sep1330_enums' has no annotations
low
Tool 'test_error_handling' has no annotations
low
Tool 'test_reconnection' has no annotations
low
Tool 'get_time' has no annotations
low
Tool 'get_weather_summary' has no annotations
low
Tool 'get_weather_metrics' has no annotations
low
Tool 'get_weather_alerts' has no annotations
low
Tool 'get_temperature' has no annotations
low
Tool 'get_weather_stats' has no annotations
low
Tool 'hello_unicode' has no annotations
low
Tool 'list_emoji_categories' has no annotations
low
Tool 'multilingual_hello' has no annotations
low
Tool 'remember' has no annotations
low
Tool 'read_profile' has no annotations
low
Tool 'text_me' has no annotations
low
Tool 'take_screenshot' has no annotations
low
Tool 'greet_user' has no annotations
low
Tool 'echo_tool' has no annotations
low
Tool 'demo_tool' has no annotations
low
Tool 'multi_icon_tool' has no annotations
low
Tool 'sum' has no annotations
low
Tool 'name_shrimp' has no annotations
low
Tool 'my_tool' has no annotations
low
Tool 'tool_with_context' has no annotations
low
Tool 'async_tool' has no annotations
high
Hardcoded OAuth client secret in tests/client/test_auth.py
high
Hardcoded OAuth client secret in tests/client/auth/extensions/test_client_credentials.py
high
Hardcoded OAuth client secret in src/mcp/client/auth/extensions/client_credentials.py
medium
Permission: network access detected
low
Permission: filesystem access detected
high
Permission: shell access detected
medium
Permission: database access detected
low
Permission: env_vars access detected
medium
Excessive dependency count: 90 direct dependencies
medium
Vulnerable dependency: requests@2.31.0 (GHSA-9hjg-9r4m-mvj7)
medium
Vulnerable dependency: requests@2.31.0 (GHSA-9wx4-h78v-vm56)
medium
Vulnerable dependency: requests@2.31.0 (GHSA-gc5v-m9x4-r6x2)
medium
Vulnerable dependency: mcp@1.0.0 (GHSA-3qhf-m339-9g5v)
medium
Vulnerable dependency: mcp@1.0.0 (GHSA-9h52-p55h-vw2f)
medium
Vulnerable dependency: mcp@1.0.0 (GHSA-j975-95f5-7wqh)
medium
Vulnerable dependency: httpx@0.27.1,<1.0.0 (GHSA-h8pj-cxx2-jfg2)
medium
Vulnerable dependency: httpx@0.27.1,<1.0.0 (PYSEC-2022-183)
medium
Vulnerable dependency: starlette@0.48.0; python_version >= '3.14' (GHSA-2c2j-9gv5-cj73)
medium
Vulnerable dependency: starlette@0.48.0; python_version >= '3.14' (GHSA-74m5-2c7w-9w3x)
medium
Vulnerable dependency: starlette@0.48.0; python_version >= '3.14' (GHSA-f96h-pmfr-66vw)
medium
Vulnerable dependency: starlette@0.48.0; python_version >= '3.14' (PYSEC-2023-48)
medium
Vulnerable dependency: starlette@0.27; python_version < '3.14' (GHSA-2c2j-9gv5-cj73)
medium
Vulnerable dependency: starlette@0.27; python_version < '3.14' (GHSA-74m5-2c7w-9w3x)
medium
Vulnerable dependency: starlette@0.27; python_version < '3.14' (GHSA-f96h-pmfr-66vw)
medium
Vulnerable dependency: starlette@0.27; python_version < '3.14' (PYSEC-2023-48)
medium
Vulnerable dependency: python-multipart@0.0.9 (GHSA-59g5-xgcq-4qw3)
medium
Vulnerable dependency: python-multipart@0.0.9 (GHSA-mj87-hwqh-73pj)
medium
Vulnerable dependency: python-multipart@0.0.9 (GHSA-pp6c-gr5w-3c5g)
medium
Vulnerable dependency: python-multipart@0.0.9 (GHSA-wp53-j4wj-2cfg)
medium
Vulnerable dependency: uvicorn@0.31.1; sys_platform != 'emscripten' (GHSA-33c7-2mpw-hg34)
medium
Vulnerable dependency: uvicorn@0.31.1; sys_platform != 'emscripten' (GHSA-f97h-2pfx-f59f)
medium
Vulnerable dependency: uvicorn@0.31.1; sys_platform != 'emscripten' (PYSEC-2020-150)
medium
Vulnerable dependency: uvicorn@0.31.1; sys_platform != 'emscripten' (PYSEC-2020-151)
medium
Vulnerable dependency: pywin32@311; sys_platform == 'win32' (GHSA-hwfp-hg2m-9vr2)
medium
Vulnerable dependency: pywin32@311; sys_platform == 'win32' (PYSEC-2021-112)
medium
Vulnerable dependency: python-dotenv@1.0.0 (GHSA-mf9w-mj56-hr94)
medium
Vulnerable dependency: pydantic@2.0 (GHSA-mr82-8j83-vxmv)
medium
Vulnerable dependency: uvicorn@0.23.1; sys_platform != 'emscripten' (GHSA-33c7-2mpw-hg34)
medium
Vulnerable dependency: uvicorn@0.23.1; sys_platform != 'emscripten' (GHSA-f97h-2pfx-f59f)
medium
Vulnerable dependency: uvicorn@0.23.1; sys_platform != 'emscripten' (PYSEC-2020-150)
medium
Vulnerable dependency: uvicorn@0.23.1; sys_platform != 'emscripten' (PYSEC-2020-151)
critical
Database URL with Password found in examples/mcpserver/memory.py
info
SLSA Build Level 2 detected
high
High-risk OAuth scope: admin
info
Could not connect to MCP server for output poisoning scan
info
Could not connect to MCP server for behavioral verification
info
SBOM generated: 4 components
info
MITRE ATLAS technique coverage summary
info
ATLAS: Adversarial ML Supply Chain (AML.T0043)
info
ATLAS: Poison Training Data (AML.T0020)