MCP Observatory
github not analyzable

Starknet MCP Server

github

A comprehensive Model Context Protocol (MCP) server for the Starknet blockchain. This server provides AI agents with the ability to interact with Starknet networks, query blockchain data, manage wallets, and interact with smart contracts.

maintainer
mcpdotdirect
license
first seen
2026-05-22
last seen
2026-06-17
releases · 30d
0
short id
risk 60/100 · heuristic grade
D high

Source not yet analyzed — this grade rests on attested signals (CVEs, supply-chain) only. It is a floor: reading the code could raise it, not lower it.

  • capability exposureinferred+35
  • tool safetyinferred+25

inferred

The A–E grade is our heuristic synthesis — a "review this" prompt, not a verdict. Each factor is tagged by what backs it: attested (a verifiable record), reported (a third party's claim), or inferred (our own heuristic, e.g. permissions). See methodology.

graded 14m ago · see ecosystem CVEs →

capability exposure grade factor +35
Inferred surface — each links to servers holding it:
vulnerabilities 0 CVEs

No known CVEs for this server.

tool safety 14 findings · grade factor +25
  1. highexfiltration comboget_starknet_token_balance

    single tool reads + sends: net, secrets

  2. highexfiltration comboget_starknet_strk_balance

    single tool reads + sends: net, secrets

  3. highexfiltration comboget_starknet_native_balances

    single tool reads + sends: net, secrets

  4. highexfiltration comboget_starknet_token_info

    single tool reads + sends: net, secrets

  5. highexfiltration combocheck_starknet_nft_ownership

    single tool reads + sends: net, secrets

  6. highexfiltration comboget_starknet_nft_balance

    single tool reads + sends: net, secrets, db

  7. highexfiltration comboget_starknet_token_supply

    single tool reads + sends: net, secrets

  8. highexfiltration combotransfer_starknet_token

    single tool reads + sends: net, secrets

  9. mediumpurpose mismatchget_starknet_token_balance

    benign-looking name carries secrets

  10. mediumpurpose mismatchget_starknet_strk_balance

    benign-looking name carries secrets

  11. mediumpurpose mismatchget_starknet_native_balances

    benign-looking name carries secrets

  12. mediumpurpose mismatchget_starknet_token_info

    benign-looking name carries secrets

  13. mediumpurpose mismatchget_starknet_nft_balance

    benign-looking name carries secrets

  14. mediumpurpose mismatchget_starknet_token_supply

    benign-looking name carries secrets

embed badge readme-ready
live risk-grade badge preview [![MCP Observatory risk grade](https://mcpobservatory.com/servers/smithery:mcpdotdirect/starknet-mcp-server/badge.svg)](https://mcpobservatory.com/servers/smithery:mcpdotdirect/starknet-mcp-server/security)

Heuristic, inferred signals — false positives (legitimately powerful tools, forks, language ports) are expected. Treat each as "review this", not a verdict. See the ecosystem-wide picture on the security hub, or the fleet security of mcpdotdirect.