CanopiiCanopiiAll serversEnterprise →
io.github.tonyback0101-cmyk/buyer-intelligence

io.github.tonyback0101-cmyk/buyer-intelligence v1.0.0

Security Trust Score
Grade D · Weak posture
Tier 1 · Public sourceLow confidence · 26% Dynamically scanned
Declared MCP capabilities
ResourcesPrompts

This server scored D. Run it behind runtime policy enforcement so one bad tool call can't become an incident.

Security controls

Deterministic, evidence-backed. Score earned from passing controls; a failed guard caps it.

Model–MCP Runtime Guardrails

  • Pass
    Indirect Prompt Injection (IPI) Defensesguardno injection markers

    Tool/prompt/resource text is free of hidden instructions that could hijack the agent.

  • Pass
    User-in-the-Loop / Approval Scopeguardno destructive tool scope

    No over-broad or destructive tools (arbitrary shell, bulk-delete) that warrant human approval.

  • Not checked
    Strict JSON Schema Enforcementno source files

    Tool inputs are constrained (additionalProperties:false), so unexpected arguments can't be smuggled in.

  • N/A
    Tool Definition Stabilityguardno prior version to diff

    Tool definitions did not change after publish — no post-approval rug-pull.

Application Security Checks

  • Not checked
    No command-injection sinksguardno source

    Untrusted tool input reaching a shell yields remote code execution.

  • Not checked
    No dynamic code executionguardno source

    eval()/exec()/Function() on tool-derived strings allows arbitrary code execution.

  • Not checked
    No path traversalguardno source

    Naive path checks let tools read/write outside intended directories (EscapeRoute-class).

  • Not checked
    No SSRF sinksguardno source

    Fetching tool-supplied URLs can pivot into internal networks and metadata services.

  • Not checked
    No unsafe deserializationguardno source

    pickle/yaml.load/etc. on untrusted data can execute code.

  • Not checked
    No committed secretsguardno source

    Hardcoded keys/tokens in published source are live credentials an attacker can use.

  • Not checked
    Credentials sourced from environmentno source files

    Reading secrets from env/secret stores avoids hardcoding them.

  • Not checked
    Dependencies pinned (lockfile)no source files

    A lockfile makes installs reproducible and resistant to silent dependency swaps.

  • Not checked
    Actively maintainedGitHub API unavailable

    Unmaintained servers don't receive security fixes.

  • Not checked
    Repository not archivedguardGitHub API unavailable

    Archived repositories will never be patched.

  • Not checked
    Declares a licenseGitHub API unavailable

    A clear license is required for legal enterprise use.

  • Not checked
    Has a security policyno source files

    A SECURITY.md gives a private path to report vulnerabilities.

  • Not checked
    Signed releasesnot evaluated

    Signed releases let consumers verify artifacts weren't tampered with.

  • Not checked
    Adoption & popularityno adoption signal

    A small, capped nudge from stars/downloads — widely-used servers get more eyes on bugs. It can never offset a real security failure.

  • N/A
    No known-vulnerable dependenciesno dependencies to scan

    Runtime dependencies (parsed from the lockfile) are scanned against OSV.dev for published CVEs. Advisory: flagged dependencies lower the score but don't hard-cap it, since transitive reachability is unproven.

  • N/A
    No install/post-install scriptsguardno published package

    install hooks run arbitrary code on every consumer at install time.

  • N/A
    Package name not typosquattingguardno published package

    Names mimicking popular packages are a common malware delivery vector.

  • N/A
    Published with provenanceno published package

    Build provenance attests the artifact was built from the claimed source by CI.

  • N/A
    Established maintainerno published package

    Brand-new / single anonymous maintainers raise takeover and malware risk.

Transport & Trust Model

  • Warn
    IAM / Authentication Scopingno authentication handling detected

    OAuth 2.1 / Protected Resource Metadata gates who can invoke tools.

    Fix: Implement OAuth 2.1 with a .well-known/oauth-protected-resource document.

  • Pass
    Transport Encryption (TLS)guardall remotes use HTTPS

    Plaintext HTTP exposes traffic and bearer tokens to interception.

  • Pass
    Live Endpoint Reachablelive endpoint responded

    A dynamic scan connected to the declared remote endpoint and it responded — verified live, not a dead URL.

  • Not checked
    Execution Sandboxingno source files

    A container/sandbox image limits blast radius; a server that runs natively has full host access.

  • Not checked
    Network Exposureno source files

    Binding 0.0.0.0 or exposing debug inspectors widens the attack surface.

  • N/A
    Authentication Enforced (live)no declared auth to verify

    If the server declares auth is required, it must actually reject anonymous clients. Serving tools to unauthenticated callers is a real exposure.

Tools (13)

find_buyerslist_quotesplace_orderrequest_quotesearch_storessearch_productscheck_discovery_taskenrich_buyer_contactlist_group_buy_poolssubmit_discovery_joblist_payment_mandatescreate_payment_mandateanalyze_buyer_intelligence