ICUICU
critical

com.joelverhagen.mcp/Knapcode.SampleMcpServer

v0.10.0-beta.10

A sample MCP server using the MCP C# SDK. Generates random numbers and random weather.

MCP RegistrymcpFirst seen Feb 24, 2026Source

24

Total

1

Critical

18

High

5

Medium

Findings

unknown
criticalOB-004ObfuscationMedium ConfidenceLine 0

Zero-width character detected (potential hidden content)

Detected by automated pattern matching (rule OB-004) with medium confidence. May be a false positive.

>>> 1: 
    2: Microsoft Visual Studio Solution File, Format Version 12.00
    3: # Visual Studio Version 18
Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: :�i�Ԟ���&�'=�a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: 1�Rz�ެ�(�X�x*'���.)�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: :�i�Ԟ���&�'=�a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��^��'��m��-��%

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ^�ț�X��ihm�l

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: :�i�Ԟ���&�'=�a

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: ��^��'��m��-��%

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: r������(�ǩ����

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: �ޭ�^=�a>�)z�r

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: R�Z�䞮��&�'��i��)�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: 1�Rz�ެ�(�X�x*'���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: 1�Rz�ެ�(�X�x*'���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: 1�Rz�ެ�(�X�x*'���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: 1�Rz�ެ�(�X�x*'���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: 1�Rz�ެ�(�X�x*'���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: 1�Rz�ެ�(�X�x*'���.)�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: 1�Rz�ެ�(�X�x*'���.)�

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
highDO-BASunknownMedium ConfidenceLine 0

Decoded base64 content: 1�Rz�ެ�(�X�x*'���

Detected by automated pattern matching (rule DO-BAS) with medium confidence. May be a false positive.

Report false positive
mediumOB-001ObfuscationMedium ConfidenceLine 0

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    98: <!-- 
    99: MCP Registry verification
>>> 100: Used for https://github.com/modelcontextprotocol/registry/blob/main/docs/guides/publishing/publish-server.md
    101: mcp-name: io.github.joelverhagen/Knapcode.SampleMcpServer
    102: mcp-name: com.joelverhagen.mcp/Knapcode.SampleMcpServer
Report false positive
mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive
mediumOB-001ObfuscationMedium ConfidenceLine 0

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    6: 
    7:   The schema of the .mcp/server.json file is owned by the MCP Registry project:
>>> 8:   https://github.com/modelcontextprotocol/registry/blob/main/docs/server-json/README.md
    9: 
    10:   It is used by NuGet.org to render the needed MCP client/host configuration (such as VS Code mcp.json). It is also used by VS Code when installing a NuGet-based MCP server so it can generate configuration during installation.
Report false positive
mediumEN-001unknownMedium ConfidenceLine 0

High-entropy string (4.6 bits/char) — possible encoded payload

Detected by automated pattern matching (rule EN-001) with medium confidence. May be a false positive.

Report false positive
mediumOB-001ObfuscationMedium ConfidenceLine 0

Possible Base64-encoded payload (long encoded string)

Detected by automated pattern matching (rule OB-001) with medium confidence. May be a false positive.

    46:           # This go-install.ps1 script could be checked into your source repository
    47:           Invoke-WebRequest `
>>> 48:               https://raw.githubusercontent.com/microsoft/go-infra/refs/heads/main/goinstallscript/powershell/go-install.ps1 `
    49:               -OutFile go-install.ps1
    50:           ./go-install.ps1
Report false positive