vooster-mcp / security
Security review
Is @vooster/mcp MCP safe to give an agent?
write capableunknownwrite capablehealthy
A factual risk summary built from @vooster/mcp’s real tool surface, execution model, and verification history — not a vibe. Trust score 49/100.
01What it can do
Has tools that can create or modify data.
32 tools observedwrite present
02Execution model
Transport not yet confirmed, so the execution model is unknown. Treat as untrusted until verified.
Installs via npx (`npx -y @vooster/mcp`) — it pulls and executes third-party code; pin versions and review the source.
03Permissions & auth
Manage tasks & tickets · write
The write/destructive access this server can exercise, inferred from its verified tools.
04Verification
handshakepassed — tool surface is real
runstools_list:passed · handshake:passed · metadata:passed · metadata:passed · metadata:passed
last_checked2026-07-01 08:50Z
sourcesnpm registry [p4]
Reduce the risk
Worried about handing an agent raw access? See governed agents in action — Apex gives your AI paced, capped, fully-logged hands with approval queues before anything runs.
Explore Apex →See also: full server page · setup · alternatives