ICUICU
critical

openapi-mcp-server

v2.1.0

MCP server for interacting with openapisearch.com API

npmjanwilmakeFirst seen Feb 22, 2026Source

6

Total

1

Critical

2

High

3

Medium

Findings

unknown
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    238: async function main() {
    239:   // Get debug setting from environment variable
>>> 240:   const debug = process.env.DEBUG === "true";
    241: 
    242:   // Create server with configuration
Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: J�b�'���ӭ�즊�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    48:       log(config.debug, "API request URL:", url);
    49: 
>>> 50:       const response = await fetch(url);
    51:       if (!response.ok) {
    52:         const error = await response.text();
Report false positive
mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    110:       log(config.debug, "API request URL:", url);
    111: 
>>> 112:       const response = await fetch(url);
    113:       if (!response.ok) {
    114:         const error = await response.text();
Report false positive
mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    156:     log(config.debug, "Received list tools request");
    157: 
>>> 158:     const openapiIds = await fetch("https://openapisearch.com/").then((res) =>
    159:       res.text()
    160:     );
Report false positive

Scan History

DateRiskFindings
Feb 25, 2026critical6
Feb 23, 2026critical6
Feb 22, 2026critical6