Security review

Is baiyx-mcp-server-echo MCP safe to give an agent?

read onlyunknownunknownhealthy

A factual risk summary built from baiyx-mcp-server-echo’s real tool surface, execution model, and verification history — not a vibe. Trust score 52/100.


01What it can do

Only read-style tools observed — no write/destructive tools.

1 tools observed

02Execution model

Transport not yet confirmed, so the execution model is unknown. Treat as untrusted until verified.

Installs via uvx (`uvx baiyx-mcp-server-echo`) — it pulls and executes third-party code; pin versions and review the source.


03Permissions & auth

No write or destructive access inferred from this server’s tools yet. Absence of a scope isn’t a guarantee — treat unconfirmed access as unknown, not “none.”


04Verification
handshakepassed — tool surface is real
runstools_list:passed · handshake:passed · metadata:passed · metadata:passed · metadata:passed
last_checked2026-07-01 08:38Z
sourcesPyPI [p4]

Reduce the risk

Worried about handing an agent raw access? See governed agents in action — Apex gives your AI paced, capped, fully-logged hands with approval queues before anything runs.

Explore Apex →

See also: full server page · setup · alternatives