MCP servers expose tools with no information about what they actually do at runtime. mcpsafetywarden sits between your agent and any MCP server, profiling tool behavior, blocking destructive calls, and running active security audits before you trust them in a workflow.
Source not yet analyzed — this grade rests on attested signals (CVEs, supply-chain) only. It is a floor: reading the code could raise it, not lower it.
- capability exposureinferred+35
- recent driftinferred+20
- tool safetyinferred+14
- trust mitigatorsmixed−3
inferredmixed
The A–E grade is our heuristic synthesis — a "review this" prompt, not a verdict. Each factor is tagged by what backs it: attested (a verifiable record), reported (a third party's claim), or inferred (our own heuristic, e.g. permissions). See methodology.
graded 13m ago · see ecosystem CVEs →
- C · 58 → D · 66
No known CVEs for this server.
- highdangerous code
dynamic exec: eval()/exec(), __import__()
- lowexfiltration combo
sensitive read and network capabilities split across this server's tools
analyzed analyzer v18 · 10h ago
danger signals3
- dynamic code executioneval()/exec()gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/scan/args.py:566
eval(), exec(), __import__) embedded in args passed to a tool that does NOT accept shell - dynamic code execution__import__()gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/scan/scanner.py:274
__import__(name) - suspicious endpoint169.254.169.254 (cloud metadata)gautamvarmadatla-mcpsafetywarden-d9e754c/mcpsafetywarden/scan/mcpsafety.py:87
ssrf http://169.254.169.254/latest/meta-data/, http://metadata.google.internal/
- recent drift+20 capability drift →
[](https://mcpobservatory.com/servers/github:gautamvarmadatla/mcpsafetywarden/security) Heuristic, inferred signals — false positives (legitimately powerful tools, forks, language ports) are expected. Treat each as "review this", not a verdict. See the ecosystem-wide picture on the security hub, or the fleet security of gautamvarmadatla.