Skip to content

Add MseeP.ai badge#13

Open
lwsinclair wants to merge 1 commit intoJacck:mainfrom
lwsinclair:add-mseep-badge-cd5cc3b4
Open

Add MseeP.ai badge#13
lwsinclair wants to merge 1 commit intoJacck:mainfrom
lwsinclair:add-mseep-badge-cd5cc3b4

Conversation

@lwsinclair
Copy link
Copy Markdown

@lwsinclair lwsinclair commented Jul 17, 2025

Hi there,

This pull request shares a security update on mcp-reasoner.

We also have an entry for mcp-reasoner in our directory, MseeP.ai, where we provide regular security and trust updates on your app.

We invite you to add our badge for your MCP server to your README to help your users learn from a third party that provides ongoing validation of mcp-reasoner.

You can easily take control over your listing for free: visit it at https://mseep.ai/app/jacck-mcp-reasoner.

Yours Sincerely,

Lawrence W. Sinclair
CEO/SkyDeck AI
Founder of MseeP.ai
MCP servers you can trust

MseeP.ai Security Assessment Badge

Here are our latest evaluation results of mcp-reasoner

Security Scan Results

Security Score: 89/100

Risk Level: moderate

Scan Date: 2025-06-13

Score starts at 100, deducts points for security issues, and adds points for security best practices

Detected Vulnerabilities

Medium Severity

  • @babel/helpers

    • [{'source': 1104001, 'name': '@babel/helpers', 'dependency': '@babel/helpers', 'title': 'Babel has inefficient RegExp complexity in generated code with .replace when transpiling named capturing groups', 'url': 'https://github.com/advisories/GHSA-968p-4wvh-cqc8', 'severity': 'moderate', 'cwe': ['CWE-1333'], 'cvss': {'score': 6.2, 'vectorString': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}, 'range': '<7.26.10'}]
    • Fixed in version: unknown

  • brace-expansion

    • [{'source': 1105443, 'name': 'brace-expansion', 'dependency': 'brace-expansion', 'title': 'brace-expansion Regular Expression Denial of Service vulnerability', 'url': 'https://github.com/advisories/GHSA-v6h2-p8h4-qcjw', 'severity': 'low', 'cwe': ['CWE-400'], 'cvss': {'score': 3.1, 'vectorString': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L'}, 'range': '>=1.0.0 <=1.1.11'}, {'source': 1105444, 'name': 'brace-expansion', 'dependency': 'brace-expansion', 'title': 'brace-expansion Regular Expression Denial of Service vulnerability', 'url': 'https://github.com/advisories/GHSA-v6h2-p8h4-qcjw', 'severity': 'low', 'cwe': ['CWE-400'], 'cvss': {'score': 3.1, 'vectorString': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L'}, 'range': '>=2.0.0 <=2.0.1'}]
    • Fixed in version: unknown

Security Findings

Medium Severity Issues

  • semgrep: Use of child_process.exec() with dynamic input detected. This can lead to command injection.

    • Location: node_modules/shelljs/src/exec-child.js
    • Line: 19

  • semgrep: Use of child_process.exec() with dynamic input detected. This can lead to command injection.

    • Location: node_modules/shelljs/src/exec.js
    • Line: 136

This security assessment was conducted by MseeP.ai, an independent security validation service for MCP servers. Visit our website to learn more about our security reviews.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lwsinclair