← Back to search

smithery-ai/cli

smithery-ai AGPL-3.0 724 stars Scanned 48d ago

C
65.5 / 100

Versions

1.1.1 latest
May 22, 2026
1.1.0
May 22, 2026
1.0.1
May 3, 2026
1.0.0
May 1, 2026
PermissionsTool SafetyAuthAnnotationsCode QualityStabilitySpecVuln HistoryAuthorTransparencyCommunity

Tools 5

increment
missing low

Test stateful behavior - should increment across calls

get_session_data
missing low

Get accumulated session data

ping
missing low

Simple ping tool

get_server_info
missing low

Get server type info

get_config
missing low

Returns the config passed to the server

Permissions 4

network medium
Server uses network capabilities via: fetch()
filesystem low
Server uses filesystem capabilities via: fs, fs sync ops
shell high
Server uses shell capabilities via: child_process, execSync(), spawn()
env_vars low
Server uses env_vars capabilities via: process.env

Scan Findings 62

info
package.json metadata manifest_parser · 100%
info
Tool: increment manifest_parser · 70%
info
Tool: get_session_data manifest_parser · 70%
info
Tool: ping manifest_parser · 70%
info
Tool: get_server_info manifest_parser · 70%
info
Tool: get_config manifest_parser · 70%
info
Transport: streamable-http manifest_parser · 80%
info
Required env vars (12) manifest_parser · 80%
low
Tool 'increment' has no annotations annotation_checker · 100%
low
Tool 'get_session_data' has no annotations annotation_checker · 100%
low
Tool 'ping' has no annotations annotation_checker · 100%
low
Tool 'get_server_info' has no annotations annotation_checker · 100%
low
Tool 'get_config' has no annotations annotation_checker · 100%
medium
OAuth implementation without PKCE auth_checker · 75%
medium
Permission: network access detected permission_analyzer · 70%
low
Permission: filesystem access detected permission_analyzer · 90%
high
Permission: shell access detected permission_analyzer · 95%
low
Permission: env_vars access detected permission_analyzer · 90%
medium
Vulnerable dependency: @modelcontextprotocol/sdk@1.25.3 (GHSA-345p-7cg4-v4c7) dependency_analyzer · 95%
medium
Vulnerable dependency: uuid@11.1.0 (GHSA-w5hq-g745-h8pq) dependency_analyzer · 95%
medium
Vulnerable dependency: ws@8.20.0 (GHSA-58qx-3vcg-4xpx) dependency_analyzer · 95%
medium
Vulnerable dependency: yaml@2.3.4 (GHSA-48c2-rrv3-qjmp) dependency_analyzer · 95%
medium
Vulnerable dependency: @modelcontextprotocol/sdk@1.25.1 (GHSA-345p-7cg4-v4c7) dependency_analyzer · 95%
medium
Vulnerable dependency: @modelcontextprotocol/sdk@1.25.1 (GHSA-8r9q-7v3j-jr4g) dependency_analyzer · 95%
info
SLSA Build Level 3 detected slsa_assessor · 85%
info
Could not connect to MCP server for output poisoning scan output_poisoning · 100%
info
Could not connect to MCP server for behavioral verification behavioral_verifier · 100%
info
SBOM generated: 35 components sbom_generator · 100%
info
MITRE ATLAS technique coverage summary atlas_annotator · 100%
info
ATLAS: Adversarial ML Supply Chain (AML.T0043) atlas_annotator · 100%
info
ATLAS: Poison Training Data (AML.T0020) atlas_annotator · 100%
info
package.json metadata manifest_parser · 100%
info
Tool: increment manifest_parser · 70%
info
Tool: get_session_data manifest_parser · 70%
info
Tool: ping manifest_parser · 70%
info
Tool: get_server_info manifest_parser · 70%
info
Tool: get_config manifest_parser · 70%
info
Transport: streamable-http manifest_parser · 80%
info
Required env vars (12) manifest_parser · 80%
low
Tool 'increment' has no annotations annotation_checker · 100%
low
Tool 'get_session_data' has no annotations annotation_checker · 100%
low
Tool 'ping' has no annotations annotation_checker · 100%
low
Tool 'get_server_info' has no annotations annotation_checker · 100%
low
Tool 'get_config' has no annotations annotation_checker · 100%
medium
OAuth implementation without PKCE auth_checker · 75%
medium
Permission: network access detected permission_analyzer · 70%
low
Permission: filesystem access detected permission_analyzer · 90%
high
Permission: shell access detected permission_analyzer · 95%
low
Permission: env_vars access detected permission_analyzer · 90%
medium
Vulnerable dependency: @modelcontextprotocol/sdk@1.25.3 (GHSA-345p-7cg4-v4c7) dependency_analyzer · 95%
medium
Vulnerable dependency: uuid@11.1.0 (GHSA-w5hq-g745-h8pq) dependency_analyzer · 95%
medium
Vulnerable dependency: ws@8.20.0 (GHSA-58qx-3vcg-4xpx) dependency_analyzer · 95%
medium
Vulnerable dependency: yaml@2.3.4 (GHSA-48c2-rrv3-qjmp) dependency_analyzer · 95%
medium
Vulnerable dependency: @modelcontextprotocol/sdk@1.25.1 (GHSA-345p-7cg4-v4c7) dependency_analyzer · 95%
medium
Vulnerable dependency: @modelcontextprotocol/sdk@1.25.1 (GHSA-8r9q-7v3j-jr4g) dependency_analyzer · 95%
info
SLSA Build Level 3 detected slsa_assessor · 85%
info
Could not connect to MCP server for output poisoning scan output_poisoning · 100%
info
Could not connect to MCP server for behavioral verification behavioral_verifier · 100%
info
SBOM generated: 35 components sbom_generator · 100%
info
MITRE ATLAS technique coverage summary atlas_annotator · 100%
info
ATLAS: Adversarial ML Supply Chain (AML.T0043) atlas_annotator · 100%
info
ATLAS: Poison Training Data (AML.T0020) atlas_annotator · 100%