kawa-code / security
Security review

Is Kawa Code MCP safe to give an agent?

destructive capableneeds cautiondestructive capablehealthy

A factual risk summary built from Kawa Code’s real tool surface, execution model, and verification history — not a vibe. Trust score 68/100.


01What it can do

Has tools that can delete or irreversibly change data.

25 tools observeddestructive presentwrite present

02Execution model

Runs locally over stdio — the server process executes on your machine with your user's privileges. Vet the source and package before granting access.

Installs via npx (`npx -y @kawacode/mcp`) — it pulls and executes third-party code; pin versions and review the source.


03Permissions & auth
Manage GitHub · writeVersion control (git) · destructiveKnowledge & memory · destructiveScrape a website · writeMaps & location · writeProcess payments · write

The write/destructive access this server can exercise, inferred from its verified tools.


04Verification
handshakepassed — tool surface is real
runstools_list:passed · handshake:passed · metadata:passed
last_checked2026-07-06 20:56Z
sourcesOfficial MCP Registry [p1]

Reduce the risk

Worried about handing an agent raw access? See governed agents in action — Apex gives your AI paced, capped, fully-logged hands with approval queues before anything runs.

Explore Apex →

See also: full server page · setup · alternatives

Is Kawa Code MCP safe? — risk & permissions — MCPExplorer