← Back to search Server uses network capabilities via: fetch() Server uses filesystem capabilities via: fs sync ops Server uses shell capabilities via: child_process, execSync(), spawn() Server uses env_vars capabilities via: process.env
@modelcontextprotocol/sdk
Model Context Protocol implementation for TypeScript
C
60.7 / 100
Versions
1.0.0 latest May 20, 2026
Tools 35
process unchecked low
union-test unchecked low
preprocess-test unchecked low
transform-test unchecked low
pipe-test unchecked low
complex-transform unchecked low
initial-tool unchecked low
Initial tool
tool-1 unchecked low
Tool 1
tool-2 unchecked low
Tool 2
get-alerts unchecked low
Get weather alerts for a state
get-forecast unchecked low
Get weather forecast for a location
multi-greet unchecked low
A tool that sends different greetings with delays between them
get-protocol-info unchecked low
Returns protocol version configuration
collect-user-info unchecked low
A tool that collects user information through form elicitation
start-notification-stream unchecked low
Starts sending periodic notifications for testing resumability
list-files unchecked low
Returns a list of files as ResourceLinks without embedding their content
long-task unchecked low
A long-running task that sends progress updates. Server will disconnect mid-task to demonstrate polling.
get_weather unchecked low
Get weather information for a city
calculate-bmi unchecked low
Calculate Body Mass Index
fetch-data unchecked low
Fetch data from a URL
idempotentHint true destructiveHint true
delete-file unchecked low
Delete a file from the project
idempotentHint true destructiveHint true
process-files unchecked low
Process files with progress updates
summarize unchecked low
Summarize text using the client LLM
collect-feedback unchecked low
Collect user feedback via a form
list-workspace-files unchecked low
List files across all workspace roots
whoami unchecked low
Returns the authenticated subject.
a unchecked low
b unchecked low
out unchecked low
c unchecked low
echo unchecked low
test-tool unchecked low
A test tool
greet unchecked low
Greet someone
contact unchecked low
user unchecked low
Permissions 4
network medium filesystem low shell high env_vars low Scan Findings 100
info
package.json metadata
info
Tool: test-tool
info
Tool: greet
info
Tool: contact
info
Tool: user
info
Tool: process
info
Tool: union-test
info
Tool: preprocess-test
info
Tool: transform-test
info
Tool: pipe-test
info
Tool: complex-transform
info
Tool: initial-tool
info
Tool: tool-1
info
Tool: tool-2
info
Tool: get-alerts
info
Tool: get-forecast
info
Tool: multi-greet
info
Tool: get-protocol-info
info
Tool: collect-user-info
info
Tool: start-notification-stream
info
Tool: list-files
info
Tool: long-task
info
Tool: get_weather
info
Tool: calculate-bmi
info
Tool: fetch-data
info
Tool: delete-file
info
Tool: process-files
info
Tool: summarize
info
Tool: collect-feedback
info
Tool: list-workspace-files
info
Tool: whoami
info
Tool: a
info
Tool: b
info
Tool: out
info
Tool: c
info
Tool: echo
info
Transport: streamable-http
info
Required env vars (17)
low
Tool 'test-tool' has no annotations
low
Tool 'greet' has no annotations
low
Tool 'contact' has no annotations
low
Tool 'user' has no annotations
low
Tool 'process' has no annotations
low
Tool 'union-test' has no annotations
low
Tool 'preprocess-test' has no annotations
low
Tool 'transform-test' has no annotations
low
Tool 'pipe-test' has no annotations
low
Tool 'complex-transform' has no annotations
low
Tool 'initial-tool' has no annotations
low
Tool 'tool-1' has no annotations
low
Tool 'tool-2' has no annotations
low
Tool 'get-alerts' has no annotations
low
Tool 'get-forecast' has no annotations
low
Tool 'multi-greet' has no annotations
low
Tool 'get-protocol-info' has no annotations
info
Tool 'greet' annotations are consistent
info
Tool 'multi-greet' annotations are consistent
low
Tool 'collect-user-info' has no annotations
low
Tool 'start-notification-stream' has no annotations
low
Tool 'list-files' has no annotations
low
Tool 'long-task' has no annotations
low
Tool 'get_weather' has no annotations
low
Tool 'calculate-bmi' has no annotations
info
Tool 'list-files' annotations are consistent
info
Tool 'fetch-data' annotations are consistent
info
Tool 'delete-file' annotations are consistent
low
Tool 'process-files' has no annotations
low
Tool 'summarize' has no annotations
low
Tool 'collect-feedback' has no annotations
low
Tool 'list-workspace-files' has no annotations
low
Tool 'whoami' has no annotations
low
Tool 'a' has no annotations
low
Tool 'b' has no annotations
low
Tool 'out' has no annotations
low
Tool 'c' has no annotations
low
Tool 'echo' has no annotations
low
Tool 'fetch-data' has no annotations
high
Hardcoded OAuth client secret in test/integration/test/issues/test_1342OauthErrorHttp200.test.ts
high
Hardcoded OAuth client secret in examples/client/src/clientGuide.examples.ts
high
Hardcoded OAuth client secret in packages/client/test/client/auth.test.ts
high
Hardcoded OAuth client secret in packages/client/test/client/streamableHttp.test.ts
high
Hardcoded OAuth client secret in packages/client/test/client/crossAppAccess.test.ts
high
Hardcoded OAuth client secret in packages/client/test/client/sse.test.ts
high
Hardcoded OAuth client secret in packages/client/test/client/authExtensions.test.ts
high
Hardcoded OAuth client secret in packages/client/src/client/crossAppAccess.ts
high
Hardcoded OAuth client secret in packages/client/src/client/authExtensions.ts
medium
Permission: network access detected
low
Permission: filesystem access detected
high
Permission: shell access detected
low
Permission: env_vars access detected
medium
Vulnerable dependency: better-auth@1.4.17 (GHSA-wxw3-q3m9-c3jr)
medium
Buffer.from base64 in packages/client/test/client/sse.test.ts:23
info
SLSA Build Level 3 detected
high
High-risk OAuth scope: admin
info
Could not connect to MCP server for output poisoning scan
info
Could not connect to MCP server for behavioral verification
info
SBOM generated: 66 components
info
MITRE ATLAS technique coverage summary
info
ATLAS: Adversarial ML Supply Chain (AML.T0043)
info
ATLAS: Poison Training Data (AML.T0020)