MCP Observatory
npm not analyzable

openapi-mcp-generator

v4.0.1
npm

Generates MCP server code from OpenAPI specifications

maintainer
harshasurisetty
license
MIT
first seen
2026-05-22
last seen
2026-06-17
releases · 30d
2
short id

Drift inferred · capture-to-capture

  1. HIGH code analysis flagged dynamic code execution in openapi-mcp-generator
  2. HIGH code analysis flagged dynamic code execution in harsha-iiiv/openapi-mcp-generator
  3. HIGH code analysis flagged dynamic code execution in openapi-mcp-generator
  4. HIGH code analysis flagged dynamic code execution in harsha-iiiv/openapi-mcp-generator
  5. HIGH code analysis flagged dynamic code execution in openapi-mcp-generator
capabilities 0 tools
transport stdio · streamable-http counts 0 tools · 0 res · 0 prompts permission surface via code analysis

no tools enumerated yet for this server.

skills & danger signals npm-tarball
prompt-surface shipped agent-instruction files + hidden-content / dangerous-code findings — quoted from the analyzed source

analyzed v4.0.1 · analyzer v18 · 11h ago

danger signals1

code evidence v4.0.1 · npm-tarball
evidence-backed findings quoted directly from the published source artifact — not inferred

last analysis: fetch-failed · showing evidence from the last successful analysis (2d ago)

filesystem 1

  • fs package/dist/index.js :8 import fs from 'fs/promises';

network 4

  • net package/dist/generator/server-code.js :126 import axios, { type AxiosRequestConfig, type AxiosError } from 'axios';
  • net package/dist/generator/streamable-http.js :488 const response = await fetch('/mcp', {
  • net package/dist/generator/web-server.js :632 const response = await fetch(fullEndpoint, {
  • net package/dist/utils/security.js :210 imports += `import * as https from 'https';\n`;

secrets 2

  • secrets package/dist/generator/server-code.js :299 // ctx.headers['authorization'] = \`Bearer \${process.env.MY_TOKEN ?? ''}\`;
  • secrets package/dist/utils/helpers.js :27 * `description`/`summary` such as `${process.env.SECRET}` is otherwise written

declared dependencies 14

  • @apidevtools/swagger-parser@^10.1.1
  • commander@^13.1.0
  • openapi-types@^12.1.3
  • @types/node@^22.17.2
  • @typescript-eslint/eslint-plugin@^8.39.1
  • @typescript-eslint/parser@^8.39.1
  • eslint@^9.33.0
  • prettier@^3.6.2
  • rimraf@^6.0.1
  • typescript@^5.9.2
  • vitest@^2.1.9
  • @modelcontextprotocol/sdk@^1.10.2
  • json-schema-to-zod@^2.6.1
  • zod@^3.24.3