Security, cost, and health governance proxy for MCP infrastructure — three-layer detection engine (regex + schema + LLM), monorepo, corpus, CI/CD
Source not yet analyzed — this grade rests on attested signals (CVEs, supply-chain) only. It is a floor: reading the code could raise it, not lower it.
- capability exposureinferred+35
- recent driftinferred+12
- inherited (deps)attested+15
- tool safetyinferred+12
- trust mitigatorsmixed−3
attestedinferredmixed
The A–E grade is our heuristic synthesis — a "review this" prompt, not a verdict. Each factor is tagged by what backs it: attested (a verifiable record), reported (a third party's claim), or inferred (our own heuristic, e.g. permissions). See methodology.
graded 13m ago · see ecosystem CVEs →
no known CVEs for this server.
inherited (deps) · grade factor +15
- highdangerous code
env-secret-flows-to-network-js: A process environment value (often a secret/token) flows into a network call — possible credential exfiltration. (/tmp/obs-code-t82vMU/rudraneel93-m
- highdangerous code
committed secret: private key, OpenAI key, Google API key · dynamic exec: eval(), new Function()
analyzed v4.1.8 · analyzer v17 · 2d ago
danger signals19
- dynamic code executioneval()rudraneel93-mcp-guardian-56b1c51/adversarial-harness/scripts/generate-analysis-adv-fixtures.mjs:221
'<img src=x onerror=eval(atob("aWdub3Jl"))>', - dynamic code executioneval()rudraneel93-mcp-guardian-56b1c51/adversarial-harness/scripts/generate-uploaded-bypass-fixtures.mjs:42
{ text: 'eval(base64_decode(payload))' }, - dynamic code executioneval()rudraneel93-mcp-guardian-56b1c51/scripts/generate-corpus-fixtures.mjs:44
{ toolName: 'template_render', arguments: { template: '<?php eval($_GET["x"]); ?>', data: {} }, expected: 'block', category: 'polyglot-injection', ruleHint: 'php-js-polyglot' }, - dynamic code executionnew Function()rudraneel93-mcp-guardian-56b1c51/scripts/generate-corpus-fixtures.mjs:65
{ toolName: 'execute_code', arguments: { code: "new Function('return process.env.SECRET')()", language: "javascript" }, expected: 'block', category: 'dangerous-js', ruleHint: 'function-ctor' }, - suspicious endpoint169.254.169.254 (cloud metadata)rudraneel93-mcp-guardian-56b1c51/adversarial-harness/scripts/generate-analysis-adv-fixtures.mjs:102
Buffer.from('curl http://169.254.169.254/latest/meta-data', 'utf8').toString('base64'), - suspicious endpoint169.254.169.254 (cloud metadata)rudraneel93-mcp-guardian-56b1c51/adversarial-harness/scripts/generate-comprehensive-generated.mjs:42
{ id: 'gen-shell-002', category: 'shell', toolName: 'run', args: { code: 'curl http://169.254.169.254/latest/meta-data/' }, expected: 'block' }, - suspicious endpoint169.254.169.254 (cloud metadata)rudraneel93-mcp-guardian-56b1c51/adversarial-harness/scripts/generate-custom-attacks.mjs:43
{ id: 'adv-024', category: 'ssrf-evasion', toolName: 'search', arguments: { url: 'http://169.254.169.254/latest/meta-data/' }, ruleHint: 'block-dangerous-urls' }, - suspicious endpoint169.254.169.254 (cloud metadata)rudraneel93-mcp-guardian-56b1c51/adversarial-harness/scripts/generate-mcpg-catalog-attacks.mjs:98
{ id: 'adv-ssrf-002', category: 'ssrf', toolName: 'search', arguments: { url: 'http://169.254.169.254/latest/meta-data/' } }, - suspicious endpoint169.254.169.254 (cloud metadata)rudraneel93-mcp-guardian-56b1c51/adversarial-harness/scripts/generate-uploaded-bypass-fixtures.mjs:43
{ q: 'curl http://169.254.169.254/latest/meta-data' }, - suspicious endpoint169.254.169.254 (cloud metadata)rudraneel93-mcp-guardian-56b1c51/scripts/generate-corpus-fixtures.mjs:126
{ toolName: 'execute_command', arguments: { command: "curl -s http://169.254.169.254/latest/meta-data/" }, expected: 'block', category: 'command-injection', ruleHint: 'cloud-meta' }, - suspicious endpoint169.254.169.254 (cloud metadata)rudraneel93-mcp-guardian-56b1c51/scripts/generate-enterprise-corpus.mjs:167
['puppeteer_navigate', { url: 'http://169.254.169.254/latest/meta-data/' }, 'metadata-ip'], - suspicious endpoint169.254.169.254 (cloud metadata)rudraneel93-mcp-guardian-56b1c51/scripts/lib/attack-learning-eval-core.ts:144
'Blocked URL http://169.254.169.254/latest/meta-data/', - committed secretprivate keyrudraneel93-mcp-guardian-56b1c51/adversarial-harness/exported/secret_rules_meta.json:470
-----B…(31 chars, redacted) - committed secretprivate keyrudraneel93-mcp-guardian-56b1c51/adversarial-harness/python/comprehensive_test_harness.py:317
-----B…(31 chars, redacted) - committed secretOpenAI keyrudraneel93-mcp-guardian-56b1c51/adversarial-harness/scripts/generate-uploaded-bypass-fixtures.mjs:109
sk-pro…(50 chars, redacted) - committed secretprivate keyrudraneel93-mcp-guardian-56b1c51/adversarial-harness/scripts/generate-uploaded-bypass-fixtures.mjs:110
-----B…(31 chars, redacted) - committed secretGoogle API keyrudraneel93-mcp-guardian-56b1c51/src/agentic/red-team/attack-generator.ts:97
AIzaSy…(39 chars, redacted) - committed secretprivate keyrudraneel93-mcp-guardian-56b1c51/src/scanners/secret-rules.ts:80
-----B…(31 chars, redacted) - committed secretprivate keyrudraneel93-mcp-guardian-56b1c51/src/utils/mtls-config.ts:114
-----B…(27 chars, redacted)
- recent drift+12 capability drift →
[](https://mcpobservatory.com/servers/npm:@mcp-guardian/server/security) Heuristic, inferred signals — false positives (legitimately powerful tools, forks, language ports) are expected. Treat each as "review this", not a verdict. See the ecosystem-wide picture on the security hub, or the fleet security of rudraneel93.