Security review

Is charles-mcp-server MCP safe to give an agent?

destructive capableunknowndestructive capablehealthy

A factual risk summary built from charles-mcp-server’s real tool surface, execution model, and verification history — not a vibe. Trust score 44/100.


01What it can do

Has tools that can delete or irreversibly change data.

14 tools observeddestructive present

02Execution model

Transport not yet confirmed, so the execution model is unknown. Treat as untrusted until verified.

Installs via uvx (`uvx charles-mcp-server`) — it pulls and executes third-party code; pin versions and review the source.


03Permissions & auth

No write or destructive access inferred from this server’s tools yet. Absence of a scope isn’t a guarantee — treat unconfirmed access as unknown, not “none.”


04Verification
handshakepassed — tool surface is real
runstools_list:passed · handshake:passed · metadata:passed · metadata:passed · metadata:passed
last_checked2026-07-01 08:37Z
sourcesPyPI [p4]

Reduce the risk

Worried about handing an agent raw access? See governed agents in action — Apex gives your AI paced, capped, fully-logged hands with approval queues before anything runs.

Explore Apex →

See also: full server page · setup · alternatives