getnote-mcp / security
Security review

Is getnote-mcp MCP safe to give an agent?

unknownneeds cautionunknownhealthy

A factual risk summary built from getnote-mcp’s real tool surface, execution model, and verification history — not a vibe. Trust score 40/100.


01What it can do

No tool handshake yet — capability surface unverified.

0 tools observed

02Execution model

Runs locally over stdio — the server process executes on your machine with your user's privileges. Vet the source and package before granting access.

Installs via npx (`npx -y @getnote/mcp`) — it pulls and executes third-party code; pin versions and review the source.


03Permissions & auth

No write or destructive access inferred from this server’s tools yet. Absence of a scope isn’t a guarantee — treat unconfirmed access as unknown, not “none.”


04Verification
handshakenot confirmed
runshandshake:failed · metadata:passed
last_checked2026-07-04 07:41Z
sourcesGitHub repo search [p4]

Reduce the risk

Worried about handing an agent raw access? See governed agents in action — Apex gives your AI paced, capped, fully-logged hands with approval queues before anything runs.

Explore Apex →

See also: full server page · setup · alternatives