ICUICU
critical

ai.smithery/JunoJunHyun-festival-finder-mcp

v0.1.0

Discover festivals worldwide by location, date, and genre. Compare options with key details like d…

MCP RegistrysmitheryFirst seen Feb 24, 2026Source

9

Total

2

Critical

3

High

4

Medium

Findings

unknown
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    137: 
    138: # Environments
>>> 139: .env
    140: .envrc
    141: .venv
Report false positive
criticalDE-002Data ExfiltrationHigh ConfidenceLine 0

Environment file access

Detected by automated pattern matching (rule DE-002) with medium confidence. May be a false positive.

    210: 
    211: # secrets
>>> 212: *.env
    213: 
    214: # backups & archives
Report false positive
highDE-009Data ExfiltrationMedium ConfidenceLine 0

PyPI config access (may contain tokens)

Detected by automated pattern matching (rule DE-009) with medium confidence. May be a false positive.

    195: 
    196: # PyPI configuration file
>>> 197: .pypirc
    198: 
    199: # Cursor
Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��?z�j׬���j���#y�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: r�좸�u�b�����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
mediumOB-001ObfuscationMedium ConfidenceLine 0

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    186: # Visual Studio Code
    187: #  Visual Studio Code specific template is maintained in a separate VisualStudioCode.gitignore 
>>> 188: #  that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore
    189: #  and can be added to the global gitignore or merged into this file. However, if you prefer, 
    190: #  you could uncomment the following to ignore the entire vscode folder
Report false positive
mediumNS-001Network SuspiciousMedium ConfidenceLine 0

Python requests library HTTP call

Detected by automated pattern matching (rule NS-001) with medium confidence. May be a false positive.

    28:     params = {'service': KOPIS_API_KEY}
    29:     try:
>>> 30:         response = requests.get(url, params=params)
    31:         response.raise_for_status()
    32:         root = ET.fromstring(response.content)
Report false positive
mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.5 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive
mediumNS-001Network SuspiciousMedium ConfidenceLine 0

Python requests library HTTP call

Detected by automated pattern matching (rule NS-001) with medium confidence. May be a false positive.

    60:     }
    61:     try:
>>> 62:         response = requests.get(url, params=full_params)
    63:         response.raise_for_status()
    64:         root = ET.fromstring(response.content)
Report false positive

Scan History

DateRiskFindings
Feb 26, 2026critical9
Feb 24, 2026critical9