mcp-builder
Warn
Audited by Snyk on Jun 17, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The evaluation harness (scripts/evaluation.py) can be run with an SSE/HTTP MCP server URL (e.g., the example URL https://example.com/mcp) which is contacted at runtime to fetch tool definitions and to invoke remote tool executions that directly influence the agent's prompts and behavior.
Issues (1)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata