mcp-builder

Warn

Audited by Snyk on Jun 17, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The evaluation harness (scripts/evaluation.py) can be run with an SSE/HTTP MCP server URL (e.g., the example URL https://example.com/mcp) which is contacted at runtime to fetch tool definitions and to invoke remote tool executions that directly influence the agent's prompts and behavior.

Issues (1)

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 17, 2026, 01:28 AM
Issues
1
Security Audit — snyk — mcp-builder