Is @ff-xiaofan/fastmcp-greeting-server MCP safe to give an agent?
A factual risk summary built from @ff-xiaofan/fastmcp-greeting-server’s real tool surface, execution model, and verification history — not a vibe. Trust score 52/100.
Only read-style tools observed — no write/destructive tools.
Transport not yet confirmed, so the execution model is unknown. Treat as untrusted until verified.
Installs via npx (`npx -y @ff-xiaofan/fastmcp-greeting-server`) — it pulls and executes third-party code; pin versions and review the source.
No auth scopes captured yet (scope extraction runs during the sandboxed handshake, gated until configured). Treat unconfirmed scopes as unknown, not as “none.”
Wrap @ff-xiaofan/fastmcp-greeting-server in a governed Loadout — scoped permissions, approval rules on write/destructive tools, and audit logging — instead of handing your agent raw access.
Build a governed LoadoutSee also: full server page · setup · alternatives