MCP Security Vulnerabilities

[kovtcharov]

RE: #82

Security Scan Results
Security Score: 55/100

Risk Level: high

Scan Date: 2025-08-21

Score starts at 100, deducts points for security issues, and adds points for security best practices

Security Findings
Medium Severity Issues
semgrep: Use of os.system() with dynamic input detected. This can lead to command injection.

Location: src/gaia/llm/lemonade_client.py
Line: 225
semgrep: Use of subprocess with shell=True detected. This can be dangerous if used with untrusted input.

Location: installer/installer_utils.py
Line: 87
... and 16 more medium severity issues

This security assessment was conducted by MSeeP.ai, an independent security validation service for MCP servers. Visit our website to learn more about our security reviews.