Security review

Is @thunder_ai/mcp-element-ui MCP safe to give an agent?

write capableunknownwrite capablehealthy

A factual risk summary built from @thunder_ai/mcp-element-ui’s real tool surface, execution model, and verification history — not a vibe. Trust score 49/100.


01What it can do

Has tools that can create or modify data.

13 tools observedwrite present

02Execution model

Transport not yet confirmed, so the execution model is unknown. Treat as untrusted until verified.

Installs via npx (`npx -y @thunder_ai/mcp-element-ui`) — it pulls and executes third-party code; pin versions and review the source.


03Permissions & auth

No write or destructive access inferred from this server’s tools yet. Absence of a scope isn’t a guarantee — treat unconfirmed access as unknown, not “none.”


04Verification
handshakepassed — tool surface is real
runstools_list:passed · handshake:passed · metadata:passed · metadata:passed
last_checked2026-07-01 08:48Z
sourcesnpm registry [p4]

Reduce the risk

Worried about handing an agent raw access? See governed agents in action — Apex gives your AI paced, capped, fully-logged hands with approval queues before anything runs.

Explore Apex →

See also: full server page · setup · alternatives