Security review

Is Agentic Shelf MCP safe to give an agent?

read onlyverifiedread onlyhealthy

A factual risk summary built from Agentic Shelf’s real tool surface, execution model, and verification history — not a vibe. Trust score 56/100.

01What it can do

Only read-style tools observed — no write/destructive tools.

5 tools observed

02Execution model

Runs on the vendor's infrastructure; you connect over the network. No untrusted code runs on your machine, but you grant the hosted service access.

Connects to a remote URL — no local package execution.

03Permissions & auth

No auth scopes captured yet (scope extraction runs during the sandboxed handshake, gated until configured). Treat unconfirmed scopes as unknown, not as “none.”

04Verification

handshakepassed — tool surface is real

runstools_list:passed · handshake:passed · metadata:failed · tools_list:passed · handshake:passed · metadata:failed · metadata:failed · metadata:failed

last_checked2026-06-29 08:21Z

sourcesOfficial MCP Registry [p1]

Reduce the risk

Wrap Agentic Shelf in a governed Loadout — scoped permissions, approval rules on write/destructive tools, and audit logging — instead of handing your agent raw access.

Build a governed Loadout

See also: full server page · setup · alternatives