Preview release of FusionAuth API MCP server
Drift inferred · capture-to-capture
- HIGH code analysis flagged dynamic code execution ×2 in FusionAuth/fusionauth-mcp-api
transport stdio · streamable-http · http
verified
reported
listed in the official MCP registry counts 0 tools · 0 res
· 0 prompts
permission surface via code analysis
No tools enumerated yet for this server.
prompt-surface
shipped agent-instruction files + hidden-content / dangerous-code findings —
quoted from the analyzed source
analyzed commit bbacc53 · analyzer v20 · 21h ago
danger signals2
- dynamic code executioneval()FusionAuth-fusionauth-mcp-api-bbacc53/packages/mcp-api/src/index.ts:3838
const zodSchema = eval(zodSchemaString); - dynamic code executioneval()FusionAuth-fusionauth-mcp-api-bbacc53/packages/openapi-mcp-generator/src/generator/server-code.ts:238
const zodSchema = eval(zodSchemaString);
evidence-backed
findings quoted directly from the published source artifact — not inferred
filesystem 2
- fs FusionAuth-fusionauth-mcp-api-bbacc53/bin/update-server-json-version.js :1
const fs = require('fs'); - fs FusionAuth-fusionauth-mcp-api-bbacc53/packages/openapi-mcp-generator/src/index.ts :8
import fs from 'fs/promises';
network 4
- net FusionAuth-fusionauth-mcp-api-bbacc53/packages/mcp-api/src/index.ts :23
import axios, { type AxiosRequestConfig, type AxiosError } from 'axios'; - net FusionAuth-fusionauth-mcp-api-bbacc53/packages/openapi-mcp-generator/src/generator/server-code.ts :107
import axios, { type AxiosRequestConfig, type AxiosError } from 'axios'; - net FusionAuth-fusionauth-mcp-api-bbacc53/packages/openapi-mcp-generator/src/generator/streamable-http.ts :470
const response = await fetch('/mcp', { - net FusionAuth-fusionauth-mcp-api-bbacc53/packages/openapi-mcp-generator/src/generator/web-server.ts :617
const response = await fetch(fullEndpoint, {