A Model Context Protocol server that taps access to real-time bus and train information across 12 Malaysian cities. Get live arrivals, vehicle tracking, and route details from Rapid KL, Rapid Penang, and various BAS.MY services across Malaysia. Currently covering the following areas: - Kangar - Alor Setar - Penang - Klang Valley (Kuala Lumpur, Selangor, Putrajaya) - Melaka - Johor Bahru - Kota Bharu - Kuala Terengganu - Kuching - Ipoh - Seremban More areas to be covered soon! Note: this is NOT an official MCP server by the Government of Malaysia or anyone from Prasarana Malaysia, Ministry of Transport (MOT), Agensi Pengangkutan Awam Darat (APAD), KTM Berhad, or operators involved in BAS.MY operations.
- capability exposureinferred+26
- tool safetyinferred+19
inferred
The A–E grade is our heuristic synthesis — a "review this" prompt, not a verdict. Each factor is tagged by what backs it: attested (a verifiable record), reported (a third party's claim), or inferred (our own heuristic, e.g. permissions). See methodology.
graded 15m ago · see ecosystem CVEs →
- C · 48 → C · 45
no known CVEs for this server.
- hightool poisoningcalculate_fare
model-imperative: "You MUST"
- mediumpurpose mismatchget_penang_ferry_fare
benign-looking name carries shell
- lowexfiltration combosearch_stops
single tool reads + sends: net, db
[](https://mcpobservatory.com/servers/smithery:hithereiamaliff/mcp-malaysiatransit/security) Heuristic, inferred signals — false positives (legitimately powerful tools, forks, language ports) are expected. Treat each as "review this", not a verdict. See the ecosystem-wide picture on the security hub, or the fleet security of hithereiamaliff.