ICUICU
critical

plainyogurt21/clintrials-mcp

vlatest

Provide structured access to ClinicalTrials.gov data for searching, retrieving, and analyzing clinical trial information. Enable multi-parameter searches, detailed trial retrievals, and statistical analyses to support medical research and healthcare decision-making. Deliver robust error handling and flexible field selection to optimize data responses.

Smitheryplainyogurt21First seen Feb 23, 2026Source

5

Total

1

Critical

2

High

2

Medium

Findings

unknown
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    1: __pycache__/
    2: *.pyc
>>> 3: .env
    4: .venv/
    5: node_modules/
Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: {^rם{⮉�z{Uj��nW�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
highSC-001Suspicious CommandsMedium ConfidenceLine 0

Subprocess execution

Detected by automated pattern matching (rule SC-001) with medium confidence. May be a false positive.

    15:     # Run the MCP server
    16:     try:
>>> 17:         subprocess.run([sys.executable, server_path] + sys.argv[1:])
    18:     except KeyboardInterrupt:
    19:         print("\nShutting down Clinical Trials MCP Server...")
Report false positive
mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    42: 
    43: export default {
>>> 44:   async fetch(request: Request, env: Env): Promise<Response> {
    45:     const url = new URL(request.url);
    46:
Report false positive
mediumNS-003Network SuspiciousMedium ConfidenceLine 0

JavaScript fetch() call

Detected by automated pattern matching (rule NS-003) with medium confidence. May be a false positive.

    80: 
    81:     try {
>>> 82:       const upstreamResponse = await fetch(upstreamRequest, {
    83:         cf: { cacheEverything: false },
    84:       });
Report false positive

Scan History

DateRiskFindings
Feb 25, 2026critical5
Feb 23, 2026critical5