AgentAudit Security Audit Report
| Metric |
Value |
| Package |
ferPrieto--MCP-Http-Client |
| Risk Score |
5/100 |
| Result |
safe |
| Findings |
4 total (0 critical, 0 high, 1 medium, 3 low) |
| Real Issues |
1 (3 marked as by_design) |
Findings Summary
Real Security Issues:
- [MEDIUM] Hardcoded absolute file path in development config (
.cursor/config.json:7)
- The configuration file exposes the developer's local filesystem path and username
- Remediation: Add
.cursor/ directory to .gitignore and provide a template config instead
By-Design Patterns (Documented Functionality):
-
[MEDIUM] MCP server allows arbitrary HTTP requests without restrictions (by_design)
- This is the core documented purpose of the package (HTTP client like Postman)
- Consider optional security features like URL allowlists or private IP blocking
-
[LOW] TCP connection tool allows arbitrary network connections (by_design)
- This is documented functionality for TCP/Telnet testing
- Consider optional restrictions for internal networks
-
[LOW] Command execution in postinstall.js uses execSync (by_design)
- The `java -version` check is hardcoded and safe
- No security risk, standard practice for dependency checking
Package Assessment
This MCP HTTP Client server is a well-architected, professionally developed package with clean Kotlin code, proper separation of concerns, and good security practices overall. The package:
✅ Strengths:
- Clean architecture with domain-driven design
- Proper input validation and error handling
- Uses well-maintained dependencies (OkHttp, Kotlin coroutines)
- No code obfuscation or hidden functionality
- Comprehensive testing suite
- Professional CI/CD with GitHub Actions
- MIT licensed, open source
⚠️ Minor Issue:
- One low-impact info disclosure (developer's local path in config file)
The "by_design" findings are inherent to the package's documented purpose as an unrestricted HTTP/TCP client tool. These are not vulnerabilities but rather powerful capabilities that users should be aware of when deploying this MCP server.
Full Report
View the complete audit report with detailed evidence and remediation guidance:
AgentAudit Report
This audit was performed automatically by AgentAudit, the security registry for AI agent packages. If you believe any finding is incorrect, you can dispute it on the platform.
AgentAudit Security Audit Report
ferPrieto--MCP-Http-ClientFindings Summary
Real Security Issues:
.cursor/config.json:7).cursor/directory to.gitignoreand provide a template config insteadBy-Design Patterns (Documented Functionality):
[MEDIUM] MCP server allows arbitrary HTTP requests without restrictions (by_design)
[LOW] TCP connection tool allows arbitrary network connections (by_design)
[LOW] Command execution in postinstall.js uses execSync (by_design)
Package Assessment
This MCP HTTP Client server is a well-architected, professionally developed package with clean Kotlin code, proper separation of concerns, and good security practices overall. The package:
✅ Strengths:
The "by_design" findings are inherent to the package's documented purpose as an unrestricted HTTP/TCP client tool. These are not vulnerabilities but rather powerful capabilities that users should be aware of when deploying this MCP server.
Full Report
View the complete audit report with detailed evidence and remediation guidance:
AgentAudit Report
This audit was performed automatically by AgentAudit, the security registry for AI agent packages. If you believe any finding is incorrect, you can dispute it on the platform.