AgentScore is for sale. View the assets and acquisition details →
AgentScoreMCP Security
high

AGENTSCORE-2026-0041

MCP package: safari-mcp

Published 5/18/2026 · 2.10.102.11.0

safari-mcp updated from 2.10.10 to 2.11.0. Score changed 70/100 to 65/100 (-5). Risk: MODERATE to ELEVATED. 4 findings.

7065
Score
MODERATEELEVATED
Risk
WARN
Verdict

Findings

  • low install_script: Package has 'postinstall' script: node scripts/postinstall.cjs || true
  • low command_injection: Potential command injection: shell execution with template literal input (downgraded — mitigators detected in scope: sanitizer:path.join, sanitizer:codesign)
  • high unsafe_eval: Uses eval() with dynamic input
  • low no_provenance: Package is not published with provenance attestations or trusted publishing. Published by: achiya
Live report for safari-mcpHow scoring works