SamuAI

Back to Catalog
6.6
Overall

mcp-framework

๐Ÿ”Œ MCP Server

Alex Andru

Framework for building Model Context Protocol (MCP) servers in Typescript ยท Transport: stdio ยท Capabilities: shell-execution, config

v0.2.22
Medium Risk6.6/10

Scanned June 2, 2026

Risk Flags

Can execute arbitrary shell commands on host
Critical permission: "mcp:shell-execution:execa" โ€” process execution โ€” runs shell commands
Developer identity is not verified by the platform
No privacy policy found, despite requesting multiple permissions
3.8
Permissions
6.0
Developer
10.0
Data Privacy
7.0
Policy Match

Permissions (4)

Process execution โ€” runs shell commands
mcp:shell-execution:execa
Critical
Reads .env configuration files
mcp:config:dotenv
Medium
Does not use the official MCP SDK โ€” custom protocol implementation
mcp:no-official-sdk
High
No license specified
license:missing
Medium

Developer

NameAlex Andru
Verified PublisherUnverified
Known EntityNot recognized
Websitehttps://github.com/QuantGeekDev/mcp-framework#readme
Contactalex@andru.codes

Data Flows

No external data transmission detected

This tool does not appear to send data to external servers.

Privacy Policy Analysis

Policy Status
No policy found
Actual Data Collection
  • shell-execution
  • config
Policy matches observed behavior

Alternatives to Consider

@modelcontextprotocol/server-redis
0 permissions
9.4
@modelcontextprotocol/server-slack
0 permissions
9.3
@modelcontextprotocol/server-gdrive
0 permissions
9.3
@modelcontextprotocol/server-sequential-thinking
0 permissions
9.3
@modelcontextprotocol/server-memory
0 permissions
9.3

Know what your tools are really doing.

Scan your own toolsBrowse Catalog