@kryptosai/mcp-observatory 0.22.0 → 0.24.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/COMMERCIAL.md +5 -3
- package/PRIVACY.md +5 -2
- package/README.md +28 -13
- package/dist/src/cli.js +1 -1
- package/dist/src/cli.js.map +1 -1
- package/dist/src/commands/init-ci.d.ts +3 -0
- package/dist/src/commands/init-ci.js +26 -9
- package/dist/src/commands/init-ci.js.map +1 -1
- package/dist/src/commercial.js +2 -2
- package/dist/src/commercial.js.map +1 -1
- package/dist/src/reporters/pr-comment.js +6 -2
- package/dist/src/reporters/pr-comment.js.map +1 -1
- package/dist/src/score.js +1 -1
- package/dist/src/score.js.map +1 -1
- package/dist/src/validate.js +58 -3
- package/dist/src/validate.js.map +1 -1
- package/docs/certification-campaign-template.md +10 -10
- package/docs/certification-distribution.md +16 -0
- package/docs/directory-listing-copy.md +12 -5
- package/docs/distribution-launch.md +5 -5
- package/docs/enterprise-outreach-playbook.md +2 -2
- package/docs/mcp-lock-files.md +63 -0
- package/docs/mcp-safety-report-latest.md +16 -7
- package/docs/mcp-security-field-guide.md +97 -0
- package/docs/mcp-server-safety-index.md +61 -0
- package/docs/methodology.md +90 -0
- package/docs/metrics-dashboard.md +105 -0
- package/docs/paid-pilot-offer.md +74 -0
- package/docs/project-case-study.md +77 -43
- package/docs/proof.md +42 -12
- package/docs/public-post-drafts.md +98 -0
- package/docs/publish-readiness.md +6 -4
- package/docs/reference-evaluations.md +134 -0
- package/docs/safety-index/artifacts/antv-chart-server.json +2765 -0
- package/docs/safety-index/artifacts/antv-chart-server.md +156 -0
- package/docs/safety-index/artifacts/browsermcp-server.json +416 -0
- package/docs/safety-index/artifacts/browsermcp-server.md +163 -0
- package/docs/safety-index/artifacts/context7-server.json +286 -0
- package/docs/safety-index/artifacts/context7-server.md +163 -0
- package/docs/safety-index/artifacts/everything-server.json +482 -0
- package/docs/safety-index/artifacts/everything-server.md +163 -0
- package/docs/safety-index/artifacts/executeautomation-playwright-server.json +955 -0
- package/docs/safety-index/artifacts/executeautomation-playwright-server.md +163 -0
- package/docs/safety-index/artifacts/filesystem-server.json +583 -0
- package/docs/safety-index/artifacts/filesystem-server.md +156 -0
- package/docs/safety-index/artifacts/memory-server.json +469 -0
- package/docs/safety-index/artifacts/memory-server.md +156 -0
- package/docs/safety-index/artifacts/opentofu-server.json +387 -0
- package/docs/safety-index/artifacts/opentofu-server.md +163 -0
- package/docs/safety-index/artifacts/playwright-mcp-server.json +919 -0
- package/docs/safety-index/artifacts/playwright-mcp-server.md +156 -0
- package/docs/safety-index/artifacts/promptopia-server.json +442 -0
- package/docs/safety-index/artifacts/promptopia-server.md +156 -0
- package/docs/safety-index/artifacts/puppeteer-server.json +377 -0
- package/docs/safety-index/artifacts/puppeteer-server.md +163 -0
- package/docs/safety-index/artifacts/ref-tools-server.json +262 -0
- package/docs/safety-index/artifacts/ref-tools-server.md +156 -0
- package/docs/safety-index/artifacts/sequential-thinking-server.json +286 -0
- package/docs/safety-index/artifacts/sequential-thinking-server.md +156 -0
- package/docs/safety-index/maintainer-note-template.md +25 -0
- package/docs/safety-index/targets.json +192 -0
- package/package.json +17 -13
|
@@ -0,0 +1,919 @@
|
|
|
1
|
+
{
|
|
2
|
+
"artifactType": "run",
|
|
3
|
+
"schemaVersion": "1.0.0",
|
|
4
|
+
"gate": "fail",
|
|
5
|
+
"runId": "run_2026-06-24T020732035Z_b86ac3a9",
|
|
6
|
+
"createdAt": "2026-06-24T02:07:32.035Z",
|
|
7
|
+
"toolVersion": "0.24.0",
|
|
8
|
+
"target": {
|
|
9
|
+
"targetId": "playwright-mcp-server",
|
|
10
|
+
"adapter": "local-process",
|
|
11
|
+
"command": "npx",
|
|
12
|
+
"args": [
|
|
13
|
+
"-y",
|
|
14
|
+
"@playwright/mcp"
|
|
15
|
+
],
|
|
16
|
+
"cwd": ".",
|
|
17
|
+
"metadata": {
|
|
18
|
+
"package": "@playwright/mcp",
|
|
19
|
+
"purpose": "mcp-safety-index",
|
|
20
|
+
"riskClass": "Browser control",
|
|
21
|
+
"failureClass": "Browser/code execution boundary",
|
|
22
|
+
"whyItMatters": "Popular browser automation servers need explicit review around navigation, screenshots, and code evaluation."
|
|
23
|
+
},
|
|
24
|
+
"serverName": "Playwright",
|
|
25
|
+
"serverVersion": "1.61.0-alpha-1781023400000"
|
|
26
|
+
},
|
|
27
|
+
"environment": {
|
|
28
|
+
"platform": "darwin 25.5.0",
|
|
29
|
+
"nodeVersion": "v22.22.1"
|
|
30
|
+
},
|
|
31
|
+
"summary": {
|
|
32
|
+
"total": 7,
|
|
33
|
+
"pass": 2,
|
|
34
|
+
"fail": 2,
|
|
35
|
+
"partial": 1,
|
|
36
|
+
"unsupported": 2,
|
|
37
|
+
"flaky": 0,
|
|
38
|
+
"skipped": 0,
|
|
39
|
+
"gate": "fail"
|
|
40
|
+
},
|
|
41
|
+
"checks": [
|
|
42
|
+
{
|
|
43
|
+
"id": "tools",
|
|
44
|
+
"capability": "tools",
|
|
45
|
+
"status": "pass",
|
|
46
|
+
"durationMs": 59.043541999999434,
|
|
47
|
+
"message": "Advertised capability responded with the minimal expected shape (23 items).",
|
|
48
|
+
"evidence": [
|
|
49
|
+
{
|
|
50
|
+
"endpoint": "tools/list",
|
|
51
|
+
"advertised": true,
|
|
52
|
+
"responded": true,
|
|
53
|
+
"minimalShapePresent": true,
|
|
54
|
+
"itemCount": 23,
|
|
55
|
+
"identifiers": [
|
|
56
|
+
"browser_close",
|
|
57
|
+
"browser_resize",
|
|
58
|
+
"browser_console_messages",
|
|
59
|
+
"browser_handle_dialog",
|
|
60
|
+
"browser_evaluate",
|
|
61
|
+
"browser_file_upload",
|
|
62
|
+
"browser_drop",
|
|
63
|
+
"browser_fill_form",
|
|
64
|
+
"browser_press_key",
|
|
65
|
+
"browser_type",
|
|
66
|
+
"browser_navigate",
|
|
67
|
+
"browser_navigate_back",
|
|
68
|
+
"browser_network_requests",
|
|
69
|
+
"browser_network_request",
|
|
70
|
+
"browser_run_code_unsafe",
|
|
71
|
+
"browser_take_screenshot",
|
|
72
|
+
"browser_snapshot",
|
|
73
|
+
"browser_click",
|
|
74
|
+
"browser_drag",
|
|
75
|
+
"browser_hover",
|
|
76
|
+
"browser_select_option",
|
|
77
|
+
"browser_tabs",
|
|
78
|
+
"browser_wait_for"
|
|
79
|
+
],
|
|
80
|
+
"diagnostics": [],
|
|
81
|
+
"schemas": {
|
|
82
|
+
"browser_close": {
|
|
83
|
+
"type": "object",
|
|
84
|
+
"properties": {},
|
|
85
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
86
|
+
"additionalProperties": false
|
|
87
|
+
},
|
|
88
|
+
"browser_resize": {
|
|
89
|
+
"type": "object",
|
|
90
|
+
"properties": {
|
|
91
|
+
"width": {
|
|
92
|
+
"type": "number",
|
|
93
|
+
"description": "Width of the browser window"
|
|
94
|
+
},
|
|
95
|
+
"height": {
|
|
96
|
+
"type": "number",
|
|
97
|
+
"description": "Height of the browser window"
|
|
98
|
+
}
|
|
99
|
+
},
|
|
100
|
+
"required": [
|
|
101
|
+
"width",
|
|
102
|
+
"height"
|
|
103
|
+
],
|
|
104
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
105
|
+
"additionalProperties": false
|
|
106
|
+
},
|
|
107
|
+
"browser_console_messages": {
|
|
108
|
+
"type": "object",
|
|
109
|
+
"properties": {
|
|
110
|
+
"level": {
|
|
111
|
+
"default": "info",
|
|
112
|
+
"description": "Level of the console messages to return. Each level includes the messages of more severe levels. Defaults to \"info\".",
|
|
113
|
+
"type": "string",
|
|
114
|
+
"enum": [
|
|
115
|
+
"error",
|
|
116
|
+
"warning",
|
|
117
|
+
"info",
|
|
118
|
+
"debug"
|
|
119
|
+
]
|
|
120
|
+
},
|
|
121
|
+
"all": {
|
|
122
|
+
"description": "Return all console messages since the beginning of the session, not just since the last navigation. Defaults to false.",
|
|
123
|
+
"type": "boolean"
|
|
124
|
+
},
|
|
125
|
+
"filename": {
|
|
126
|
+
"description": "Filename to save the console messages to. If not provided, messages are returned as text.",
|
|
127
|
+
"type": "string"
|
|
128
|
+
}
|
|
129
|
+
},
|
|
130
|
+
"required": [
|
|
131
|
+
"level"
|
|
132
|
+
],
|
|
133
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
134
|
+
"additionalProperties": false
|
|
135
|
+
},
|
|
136
|
+
"browser_handle_dialog": {
|
|
137
|
+
"type": "object",
|
|
138
|
+
"properties": {
|
|
139
|
+
"accept": {
|
|
140
|
+
"type": "boolean",
|
|
141
|
+
"description": "Whether to accept the dialog."
|
|
142
|
+
},
|
|
143
|
+
"promptText": {
|
|
144
|
+
"description": "The text of the prompt in case of a prompt dialog.",
|
|
145
|
+
"type": "string"
|
|
146
|
+
}
|
|
147
|
+
},
|
|
148
|
+
"required": [
|
|
149
|
+
"accept"
|
|
150
|
+
],
|
|
151
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
152
|
+
"additionalProperties": false
|
|
153
|
+
},
|
|
154
|
+
"browser_evaluate": {
|
|
155
|
+
"type": "object",
|
|
156
|
+
"properties": {
|
|
157
|
+
"element": {
|
|
158
|
+
"description": "Human-readable element description used to obtain permission to interact with the element",
|
|
159
|
+
"type": "string"
|
|
160
|
+
},
|
|
161
|
+
"target": {
|
|
162
|
+
"description": "Exact target element reference from the page snapshot, or a unique element selector",
|
|
163
|
+
"type": "string"
|
|
164
|
+
},
|
|
165
|
+
"function": {
|
|
166
|
+
"type": "string",
|
|
167
|
+
"description": "() => { /* code */ } or (element) => { /* code */ } when element is provided"
|
|
168
|
+
},
|
|
169
|
+
"filename": {
|
|
170
|
+
"description": "Filename to save the result to. If not provided, result is returned as text.",
|
|
171
|
+
"type": "string"
|
|
172
|
+
}
|
|
173
|
+
},
|
|
174
|
+
"required": [
|
|
175
|
+
"function"
|
|
176
|
+
],
|
|
177
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
178
|
+
"additionalProperties": false
|
|
179
|
+
},
|
|
180
|
+
"browser_file_upload": {
|
|
181
|
+
"type": "object",
|
|
182
|
+
"properties": {
|
|
183
|
+
"paths": {
|
|
184
|
+
"description": "The absolute paths to the files to upload. Can be single file or multiple files. If omitted, file chooser is cancelled.",
|
|
185
|
+
"type": "array",
|
|
186
|
+
"items": {
|
|
187
|
+
"type": "string"
|
|
188
|
+
}
|
|
189
|
+
}
|
|
190
|
+
},
|
|
191
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
192
|
+
"additionalProperties": false
|
|
193
|
+
},
|
|
194
|
+
"browser_drop": {
|
|
195
|
+
"type": "object",
|
|
196
|
+
"properties": {
|
|
197
|
+
"element": {
|
|
198
|
+
"description": "Human-readable element description used to obtain permission to interact with the element",
|
|
199
|
+
"type": "string"
|
|
200
|
+
},
|
|
201
|
+
"target": {
|
|
202
|
+
"type": "string",
|
|
203
|
+
"description": "Exact target element reference from the page snapshot, or a unique element selector"
|
|
204
|
+
},
|
|
205
|
+
"paths": {
|
|
206
|
+
"description": "Absolute paths to files to drop onto the element.",
|
|
207
|
+
"type": "array",
|
|
208
|
+
"items": {
|
|
209
|
+
"type": "string"
|
|
210
|
+
}
|
|
211
|
+
},
|
|
212
|
+
"data": {
|
|
213
|
+
"description": "Data to drop, as a map of MIME type to string value (e.g. {\"text/plain\": \"hello\", \"text/uri-list\": \"https://example.com\"}).",
|
|
214
|
+
"type": "object",
|
|
215
|
+
"propertyNames": {
|
|
216
|
+
"type": "string"
|
|
217
|
+
},
|
|
218
|
+
"additionalProperties": {
|
|
219
|
+
"type": "string"
|
|
220
|
+
}
|
|
221
|
+
}
|
|
222
|
+
},
|
|
223
|
+
"required": [
|
|
224
|
+
"target"
|
|
225
|
+
],
|
|
226
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
227
|
+
"additionalProperties": false
|
|
228
|
+
},
|
|
229
|
+
"browser_fill_form": {
|
|
230
|
+
"type": "object",
|
|
231
|
+
"properties": {
|
|
232
|
+
"fields": {
|
|
233
|
+
"type": "array",
|
|
234
|
+
"items": {
|
|
235
|
+
"type": "object",
|
|
236
|
+
"properties": {
|
|
237
|
+
"element": {
|
|
238
|
+
"description": "Human-readable element description used to obtain permission to interact with the element",
|
|
239
|
+
"type": "string"
|
|
240
|
+
},
|
|
241
|
+
"target": {
|
|
242
|
+
"type": "string",
|
|
243
|
+
"description": "Exact target element reference from the page snapshot, or a unique element selector"
|
|
244
|
+
},
|
|
245
|
+
"name": {
|
|
246
|
+
"type": "string",
|
|
247
|
+
"description": "Human-readable field name"
|
|
248
|
+
},
|
|
249
|
+
"type": {
|
|
250
|
+
"type": "string",
|
|
251
|
+
"enum": [
|
|
252
|
+
"textbox",
|
|
253
|
+
"checkbox",
|
|
254
|
+
"radio",
|
|
255
|
+
"combobox",
|
|
256
|
+
"slider"
|
|
257
|
+
],
|
|
258
|
+
"description": "Type of the field"
|
|
259
|
+
},
|
|
260
|
+
"value": {
|
|
261
|
+
"type": "string",
|
|
262
|
+
"description": "Value to fill in the field. If the field is a checkbox, the value should be `true` or `false`. If the field is a combobox, the value should be the text of the option."
|
|
263
|
+
}
|
|
264
|
+
},
|
|
265
|
+
"required": [
|
|
266
|
+
"target",
|
|
267
|
+
"name",
|
|
268
|
+
"type",
|
|
269
|
+
"value"
|
|
270
|
+
],
|
|
271
|
+
"additionalProperties": false
|
|
272
|
+
},
|
|
273
|
+
"description": "Fields to fill in"
|
|
274
|
+
}
|
|
275
|
+
},
|
|
276
|
+
"required": [
|
|
277
|
+
"fields"
|
|
278
|
+
],
|
|
279
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
280
|
+
"additionalProperties": false
|
|
281
|
+
},
|
|
282
|
+
"browser_press_key": {
|
|
283
|
+
"type": "object",
|
|
284
|
+
"properties": {
|
|
285
|
+
"key": {
|
|
286
|
+
"type": "string",
|
|
287
|
+
"description": "Name of the key to press or a character to generate, such as `ArrowLeft` or `a`"
|
|
288
|
+
}
|
|
289
|
+
},
|
|
290
|
+
"required": [
|
|
291
|
+
"key"
|
|
292
|
+
],
|
|
293
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
294
|
+
"additionalProperties": false
|
|
295
|
+
},
|
|
296
|
+
"browser_type": {
|
|
297
|
+
"type": "object",
|
|
298
|
+
"properties": {
|
|
299
|
+
"element": {
|
|
300
|
+
"description": "Human-readable element description used to obtain permission to interact with the element",
|
|
301
|
+
"type": "string"
|
|
302
|
+
},
|
|
303
|
+
"target": {
|
|
304
|
+
"type": "string",
|
|
305
|
+
"description": "Exact target element reference from the page snapshot, or a unique element selector"
|
|
306
|
+
},
|
|
307
|
+
"text": {
|
|
308
|
+
"type": "string",
|
|
309
|
+
"description": "Text to type into the element"
|
|
310
|
+
},
|
|
311
|
+
"submit": {
|
|
312
|
+
"description": "Whether to submit entered text (press Enter after)",
|
|
313
|
+
"type": "boolean"
|
|
314
|
+
},
|
|
315
|
+
"slowly": {
|
|
316
|
+
"description": "Whether to type one character at a time. Useful for triggering key handlers in the page. By default entire text is filled in at once.",
|
|
317
|
+
"type": "boolean"
|
|
318
|
+
}
|
|
319
|
+
},
|
|
320
|
+
"required": [
|
|
321
|
+
"target",
|
|
322
|
+
"text"
|
|
323
|
+
],
|
|
324
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
325
|
+
"additionalProperties": false
|
|
326
|
+
},
|
|
327
|
+
"browser_navigate": {
|
|
328
|
+
"type": "object",
|
|
329
|
+
"properties": {
|
|
330
|
+
"url": {
|
|
331
|
+
"type": "string",
|
|
332
|
+
"description": "The URL to navigate to"
|
|
333
|
+
}
|
|
334
|
+
},
|
|
335
|
+
"required": [
|
|
336
|
+
"url"
|
|
337
|
+
],
|
|
338
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
339
|
+
"additionalProperties": false
|
|
340
|
+
},
|
|
341
|
+
"browser_navigate_back": {
|
|
342
|
+
"type": "object",
|
|
343
|
+
"properties": {},
|
|
344
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
345
|
+
"additionalProperties": false
|
|
346
|
+
},
|
|
347
|
+
"browser_network_requests": {
|
|
348
|
+
"type": "object",
|
|
349
|
+
"properties": {
|
|
350
|
+
"static": {
|
|
351
|
+
"default": false,
|
|
352
|
+
"description": "Whether to include successful static resources like images, fonts, scripts, etc. Defaults to false.",
|
|
353
|
+
"type": "boolean"
|
|
354
|
+
},
|
|
355
|
+
"filter": {
|
|
356
|
+
"description": "Only return requests whose URL matches this regexp (e.g. \"/api/.*user\").",
|
|
357
|
+
"type": "string"
|
|
358
|
+
},
|
|
359
|
+
"filename": {
|
|
360
|
+
"description": "Filename to save the network requests to. If not provided, requests are returned as text.",
|
|
361
|
+
"type": "string"
|
|
362
|
+
}
|
|
363
|
+
},
|
|
364
|
+
"required": [
|
|
365
|
+
"static"
|
|
366
|
+
],
|
|
367
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
368
|
+
"additionalProperties": false
|
|
369
|
+
},
|
|
370
|
+
"browser_network_request": {
|
|
371
|
+
"type": "object",
|
|
372
|
+
"properties": {
|
|
373
|
+
"index": {
|
|
374
|
+
"type": "integer",
|
|
375
|
+
"minimum": 1,
|
|
376
|
+
"maximum": 9007199254740991,
|
|
377
|
+
"description": "1-based index of the request, as printed by browser_network_requests."
|
|
378
|
+
},
|
|
379
|
+
"part": {
|
|
380
|
+
"description": "Return only this part of the request. Omit to return full details.",
|
|
381
|
+
"type": "string",
|
|
382
|
+
"enum": [
|
|
383
|
+
"request-headers",
|
|
384
|
+
"request-body",
|
|
385
|
+
"response-headers",
|
|
386
|
+
"response-body"
|
|
387
|
+
]
|
|
388
|
+
},
|
|
389
|
+
"filename": {
|
|
390
|
+
"description": "Filename to save the result to. If not provided, output is returned as text.",
|
|
391
|
+
"type": "string"
|
|
392
|
+
}
|
|
393
|
+
},
|
|
394
|
+
"required": [
|
|
395
|
+
"index"
|
|
396
|
+
],
|
|
397
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
398
|
+
"additionalProperties": false
|
|
399
|
+
},
|
|
400
|
+
"browser_run_code_unsafe": {
|
|
401
|
+
"type": "object",
|
|
402
|
+
"properties": {
|
|
403
|
+
"code": {
|
|
404
|
+
"description": "A JavaScript function containing Playwright code to execute. It will be invoked with a single argument, page, which you can use for any page interaction. For example: `async (page) => { await page.getByRole('button', { name: 'Submit' }).click(); return await page.title(); }`",
|
|
405
|
+
"type": "string"
|
|
406
|
+
},
|
|
407
|
+
"filename": {
|
|
408
|
+
"description": "Load code from the specified file. If both code and filename are provided, code will be ignored.",
|
|
409
|
+
"type": "string"
|
|
410
|
+
}
|
|
411
|
+
},
|
|
412
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
413
|
+
"additionalProperties": false
|
|
414
|
+
},
|
|
415
|
+
"browser_take_screenshot": {
|
|
416
|
+
"type": "object",
|
|
417
|
+
"properties": {
|
|
418
|
+
"element": {
|
|
419
|
+
"description": "Human-readable element description used to obtain permission to interact with the element",
|
|
420
|
+
"type": "string"
|
|
421
|
+
},
|
|
422
|
+
"target": {
|
|
423
|
+
"description": "Exact target element reference from the page snapshot, or a unique element selector",
|
|
424
|
+
"type": "string"
|
|
425
|
+
},
|
|
426
|
+
"type": {
|
|
427
|
+
"default": "png",
|
|
428
|
+
"description": "Image format for the screenshot. Default is png.",
|
|
429
|
+
"type": "string",
|
|
430
|
+
"enum": [
|
|
431
|
+
"png",
|
|
432
|
+
"jpeg"
|
|
433
|
+
]
|
|
434
|
+
},
|
|
435
|
+
"filename": {
|
|
436
|
+
"description": "File name to save the screenshot to. Defaults to `page-{timestamp}.{png|jpeg}` if not specified. Prefer relative file names to stay within the output directory.",
|
|
437
|
+
"type": "string"
|
|
438
|
+
},
|
|
439
|
+
"fullPage": {
|
|
440
|
+
"description": "When true, takes a screenshot of the full scrollable page, instead of the currently visible viewport. Cannot be used with element screenshots.",
|
|
441
|
+
"type": "boolean"
|
|
442
|
+
}
|
|
443
|
+
},
|
|
444
|
+
"required": [
|
|
445
|
+
"type"
|
|
446
|
+
],
|
|
447
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
448
|
+
"additionalProperties": false
|
|
449
|
+
},
|
|
450
|
+
"browser_snapshot": {
|
|
451
|
+
"type": "object",
|
|
452
|
+
"properties": {
|
|
453
|
+
"target": {
|
|
454
|
+
"description": "Exact target element reference from the page snapshot, or a unique element selector",
|
|
455
|
+
"type": "string"
|
|
456
|
+
},
|
|
457
|
+
"filename": {
|
|
458
|
+
"description": "Save snapshot to markdown file instead of returning it in the response.",
|
|
459
|
+
"type": "string"
|
|
460
|
+
},
|
|
461
|
+
"depth": {
|
|
462
|
+
"description": "Limit the depth of the snapshot tree",
|
|
463
|
+
"type": "number"
|
|
464
|
+
},
|
|
465
|
+
"boxes": {
|
|
466
|
+
"description": "Include each element's bounding box as [box=x,y,width,height] in the snapshot. Coordinates are viewport-relative, in CSS pixels (Element.getBoundingClientRect)",
|
|
467
|
+
"type": "boolean"
|
|
468
|
+
}
|
|
469
|
+
},
|
|
470
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
471
|
+
"additionalProperties": false
|
|
472
|
+
},
|
|
473
|
+
"browser_click": {
|
|
474
|
+
"type": "object",
|
|
475
|
+
"properties": {
|
|
476
|
+
"element": {
|
|
477
|
+
"description": "Human-readable element description used to obtain permission to interact with the element",
|
|
478
|
+
"type": "string"
|
|
479
|
+
},
|
|
480
|
+
"target": {
|
|
481
|
+
"type": "string",
|
|
482
|
+
"description": "Exact target element reference from the page snapshot, or a unique element selector"
|
|
483
|
+
},
|
|
484
|
+
"doubleClick": {
|
|
485
|
+
"description": "Whether to perform a double click instead of a single click",
|
|
486
|
+
"type": "boolean"
|
|
487
|
+
},
|
|
488
|
+
"button": {
|
|
489
|
+
"description": "Button to click, defaults to left",
|
|
490
|
+
"type": "string",
|
|
491
|
+
"enum": [
|
|
492
|
+
"left",
|
|
493
|
+
"right",
|
|
494
|
+
"middle"
|
|
495
|
+
]
|
|
496
|
+
},
|
|
497
|
+
"modifiers": {
|
|
498
|
+
"description": "Modifier keys to press",
|
|
499
|
+
"type": "array",
|
|
500
|
+
"items": {
|
|
501
|
+
"type": "string",
|
|
502
|
+
"enum": [
|
|
503
|
+
"Alt",
|
|
504
|
+
"Control",
|
|
505
|
+
"ControlOrMeta",
|
|
506
|
+
"Meta",
|
|
507
|
+
"Shift"
|
|
508
|
+
]
|
|
509
|
+
}
|
|
510
|
+
}
|
|
511
|
+
},
|
|
512
|
+
"required": [
|
|
513
|
+
"target"
|
|
514
|
+
],
|
|
515
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
516
|
+
"additionalProperties": false
|
|
517
|
+
},
|
|
518
|
+
"browser_drag": {
|
|
519
|
+
"type": "object",
|
|
520
|
+
"properties": {
|
|
521
|
+
"startElement": {
|
|
522
|
+
"description": "Human-readable source element description used to obtain the permission to interact with the element",
|
|
523
|
+
"type": "string"
|
|
524
|
+
},
|
|
525
|
+
"startTarget": {
|
|
526
|
+
"type": "string",
|
|
527
|
+
"description": "Exact target element reference from the page snapshot, or a unique element selector"
|
|
528
|
+
},
|
|
529
|
+
"endElement": {
|
|
530
|
+
"description": "Human-readable target element description used to obtain the permission to interact with the element",
|
|
531
|
+
"type": "string"
|
|
532
|
+
},
|
|
533
|
+
"endTarget": {
|
|
534
|
+
"type": "string",
|
|
535
|
+
"description": "Exact target element reference from the page snapshot, or a unique element selector"
|
|
536
|
+
}
|
|
537
|
+
},
|
|
538
|
+
"required": [
|
|
539
|
+
"startTarget",
|
|
540
|
+
"endTarget"
|
|
541
|
+
],
|
|
542
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
543
|
+
"additionalProperties": false
|
|
544
|
+
},
|
|
545
|
+
"browser_hover": {
|
|
546
|
+
"type": "object",
|
|
547
|
+
"properties": {
|
|
548
|
+
"element": {
|
|
549
|
+
"description": "Human-readable element description used to obtain permission to interact with the element",
|
|
550
|
+
"type": "string"
|
|
551
|
+
},
|
|
552
|
+
"target": {
|
|
553
|
+
"type": "string",
|
|
554
|
+
"description": "Exact target element reference from the page snapshot, or a unique element selector"
|
|
555
|
+
}
|
|
556
|
+
},
|
|
557
|
+
"required": [
|
|
558
|
+
"target"
|
|
559
|
+
],
|
|
560
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
561
|
+
"additionalProperties": false
|
|
562
|
+
},
|
|
563
|
+
"browser_select_option": {
|
|
564
|
+
"type": "object",
|
|
565
|
+
"properties": {
|
|
566
|
+
"element": {
|
|
567
|
+
"description": "Human-readable element description used to obtain permission to interact with the element",
|
|
568
|
+
"type": "string"
|
|
569
|
+
},
|
|
570
|
+
"target": {
|
|
571
|
+
"type": "string",
|
|
572
|
+
"description": "Exact target element reference from the page snapshot, or a unique element selector"
|
|
573
|
+
},
|
|
574
|
+
"values": {
|
|
575
|
+
"type": "array",
|
|
576
|
+
"items": {
|
|
577
|
+
"type": "string"
|
|
578
|
+
},
|
|
579
|
+
"description": "Array of values to select in the dropdown. This can be a single value or multiple values."
|
|
580
|
+
}
|
|
581
|
+
},
|
|
582
|
+
"required": [
|
|
583
|
+
"target",
|
|
584
|
+
"values"
|
|
585
|
+
],
|
|
586
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
587
|
+
"additionalProperties": false
|
|
588
|
+
},
|
|
589
|
+
"browser_tabs": {
|
|
590
|
+
"type": "object",
|
|
591
|
+
"properties": {
|
|
592
|
+
"action": {
|
|
593
|
+
"type": "string",
|
|
594
|
+
"enum": [
|
|
595
|
+
"list",
|
|
596
|
+
"new",
|
|
597
|
+
"close",
|
|
598
|
+
"select"
|
|
599
|
+
],
|
|
600
|
+
"description": "Operation to perform"
|
|
601
|
+
},
|
|
602
|
+
"index": {
|
|
603
|
+
"description": "Tab index, used for close/select. If omitted for close, current tab is closed.",
|
|
604
|
+
"type": "number"
|
|
605
|
+
},
|
|
606
|
+
"url": {
|
|
607
|
+
"description": "URL to navigate to in the new tab, used for new.",
|
|
608
|
+
"type": "string"
|
|
609
|
+
}
|
|
610
|
+
},
|
|
611
|
+
"required": [
|
|
612
|
+
"action"
|
|
613
|
+
],
|
|
614
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
615
|
+
"additionalProperties": false
|
|
616
|
+
},
|
|
617
|
+
"browser_wait_for": {
|
|
618
|
+
"type": "object",
|
|
619
|
+
"properties": {
|
|
620
|
+
"time": {
|
|
621
|
+
"description": "The time to wait in seconds",
|
|
622
|
+
"type": "number"
|
|
623
|
+
},
|
|
624
|
+
"text": {
|
|
625
|
+
"description": "The text to wait for",
|
|
626
|
+
"type": "string"
|
|
627
|
+
},
|
|
628
|
+
"textGone": {
|
|
629
|
+
"description": "The text to wait for to disappear",
|
|
630
|
+
"type": "string"
|
|
631
|
+
}
|
|
632
|
+
},
|
|
633
|
+
"$schema": "https://json-schema.org/draft/2020-12/schema",
|
|
634
|
+
"additionalProperties": false
|
|
635
|
+
}
|
|
636
|
+
}
|
|
637
|
+
}
|
|
638
|
+
]
|
|
639
|
+
},
|
|
640
|
+
{
|
|
641
|
+
"id": "prompts",
|
|
642
|
+
"capability": "prompts",
|
|
643
|
+
"status": "unsupported",
|
|
644
|
+
"durationMs": 0.006790999999793712,
|
|
645
|
+
"message": "Prompts are not advertised by the target.",
|
|
646
|
+
"evidence": [
|
|
647
|
+
{
|
|
648
|
+
"endpoint": "prompts/list",
|
|
649
|
+
"advertised": false,
|
|
650
|
+
"responded": false,
|
|
651
|
+
"minimalShapePresent": false,
|
|
652
|
+
"diagnostics": []
|
|
653
|
+
}
|
|
654
|
+
]
|
|
655
|
+
},
|
|
656
|
+
{
|
|
657
|
+
"id": "resources",
|
|
658
|
+
"capability": "resources",
|
|
659
|
+
"status": "unsupported",
|
|
660
|
+
"durationMs": 0.007708000001002802,
|
|
661
|
+
"message": "Resources are not advertised by the target.",
|
|
662
|
+
"evidence": [
|
|
663
|
+
{
|
|
664
|
+
"endpoint": "resources/list | resources/templates/list",
|
|
665
|
+
"advertised": false,
|
|
666
|
+
"responded": false,
|
|
667
|
+
"minimalShapePresent": false,
|
|
668
|
+
"diagnostics": []
|
|
669
|
+
}
|
|
670
|
+
]
|
|
671
|
+
},
|
|
672
|
+
{
|
|
673
|
+
"id": "security-lite",
|
|
674
|
+
"capability": "security-lite",
|
|
675
|
+
"status": "fail",
|
|
676
|
+
"durationMs": 0.24841600000218023,
|
|
677
|
+
"message": "Found 6 security finding(s): 2 high, 2 medium, 2 low.",
|
|
678
|
+
"evidence": [
|
|
679
|
+
{
|
|
680
|
+
"endpoint": "security/scan-lite",
|
|
681
|
+
"advertised": true,
|
|
682
|
+
"responded": true,
|
|
683
|
+
"minimalShapePresent": true,
|
|
684
|
+
"itemCount": 6,
|
|
685
|
+
"identifiers": [
|
|
686
|
+
"browser_close",
|
|
687
|
+
"browser_evaluate",
|
|
688
|
+
"browser_navigate_back",
|
|
689
|
+
"browser_run_code_unsafe"
|
|
690
|
+
],
|
|
691
|
+
"diagnostics": [
|
|
692
|
+
"[low] Tool \"browser_close\" has an empty schema but is marked as destructive.",
|
|
693
|
+
"[high] Tool \"browser_evaluate\" name suggests command execution capability.",
|
|
694
|
+
"[medium] Tool \"browser_evaluate\" accepts filesystem paths and has destructive capabilities.",
|
|
695
|
+
"[low] Tool \"browser_navigate_back\" has an empty schema but is marked as destructive.",
|
|
696
|
+
"[high] Tool \"browser_run_code_unsafe\" has parameter \"code\" which may allow arbitrary command execution.",
|
|
697
|
+
"[medium] Tool \"browser_run_code_unsafe\" accepts filesystem paths and has destructive capabilities."
|
|
698
|
+
],
|
|
699
|
+
"findings": [
|
|
700
|
+
{
|
|
701
|
+
"ruleId": "permissive-schema",
|
|
702
|
+
"severity": "low",
|
|
703
|
+
"toolName": "browser_close",
|
|
704
|
+
"message": "Tool \"browser_close\" has an empty schema but is marked as destructive."
|
|
705
|
+
},
|
|
706
|
+
{
|
|
707
|
+
"ruleId": "shell-injection",
|
|
708
|
+
"severity": "high",
|
|
709
|
+
"toolName": "browser_evaluate",
|
|
710
|
+
"message": "Tool \"browser_evaluate\" name suggests command execution capability."
|
|
711
|
+
},
|
|
712
|
+
{
|
|
713
|
+
"ruleId": "broad-filesystem",
|
|
714
|
+
"severity": "medium",
|
|
715
|
+
"toolName": "browser_evaluate",
|
|
716
|
+
"message": "Tool \"browser_evaluate\" accepts filesystem paths and has destructive capabilities."
|
|
717
|
+
},
|
|
718
|
+
{
|
|
719
|
+
"ruleId": "permissive-schema",
|
|
720
|
+
"severity": "low",
|
|
721
|
+
"toolName": "browser_navigate_back",
|
|
722
|
+
"message": "Tool \"browser_navigate_back\" has an empty schema but is marked as destructive."
|
|
723
|
+
},
|
|
724
|
+
{
|
|
725
|
+
"ruleId": "shell-injection",
|
|
726
|
+
"severity": "high",
|
|
727
|
+
"toolName": "browser_run_code_unsafe",
|
|
728
|
+
"message": "Tool \"browser_run_code_unsafe\" has parameter \"code\" which may allow arbitrary command execution."
|
|
729
|
+
},
|
|
730
|
+
{
|
|
731
|
+
"ruleId": "broad-filesystem",
|
|
732
|
+
"severity": "medium",
|
|
733
|
+
"toolName": "browser_run_code_unsafe",
|
|
734
|
+
"message": "Tool \"browser_run_code_unsafe\" accepts filesystem paths and has destructive capabilities."
|
|
735
|
+
}
|
|
736
|
+
]
|
|
737
|
+
}
|
|
738
|
+
]
|
|
739
|
+
},
|
|
740
|
+
{
|
|
741
|
+
"id": "conformance",
|
|
742
|
+
"capability": "conformance",
|
|
743
|
+
"status": "pass",
|
|
744
|
+
"durationMs": 3062.4197910000003,
|
|
745
|
+
"message": "All 7 conformance checks passed.",
|
|
746
|
+
"evidence": [
|
|
747
|
+
{
|
|
748
|
+
"endpoint": "conformance/check",
|
|
749
|
+
"advertised": true,
|
|
750
|
+
"responded": true,
|
|
751
|
+
"minimalShapePresent": true,
|
|
752
|
+
"itemCount": 7,
|
|
753
|
+
"identifiers": [],
|
|
754
|
+
"diagnostics": [
|
|
755
|
+
"[pass] capabilities-present: Server returned capabilities object.",
|
|
756
|
+
"[pass] server-info: Server provided initialization info.",
|
|
757
|
+
"[pass] tools-capability-match: tools/list returned 23 tool(s).",
|
|
758
|
+
"[pass] prompts-capability-match: Prompts not advertised — endpoint check skipped.",
|
|
759
|
+
"[pass] resources-capability-match: Resources not advertised — endpoint check skipped.",
|
|
760
|
+
"[pass] tool-response-content: Tool \"browser_close\" response has valid content array.",
|
|
761
|
+
"[pass] error-handling: Server returned proper error code -32601 for unknown method."
|
|
762
|
+
]
|
|
763
|
+
}
|
|
764
|
+
]
|
|
765
|
+
},
|
|
766
|
+
{
|
|
767
|
+
"id": "schema-quality",
|
|
768
|
+
"capability": "schema-quality",
|
|
769
|
+
"status": "partial",
|
|
770
|
+
"durationMs": 7.270583000001352,
|
|
771
|
+
"message": "Found 4 quality finding(s) across 23 item(s): 0 warnings, 4 info.",
|
|
772
|
+
"evidence": [
|
|
773
|
+
{
|
|
774
|
+
"endpoint": "schema-quality/scan",
|
|
775
|
+
"advertised": true,
|
|
776
|
+
"responded": true,
|
|
777
|
+
"minimalShapePresent": true,
|
|
778
|
+
"itemCount": 4,
|
|
779
|
+
"identifiers": [
|
|
780
|
+
"browser_file_upload",
|
|
781
|
+
"browser_run_code_unsafe",
|
|
782
|
+
"browser_snapshot",
|
|
783
|
+
"browser_wait_for"
|
|
784
|
+
],
|
|
785
|
+
"diagnostics": [
|
|
786
|
+
"[info] tool \"browser_file_upload\": Has properties but no 'required' array declared",
|
|
787
|
+
"[info] tool \"browser_run_code_unsafe\": Has properties but no 'required' array declared",
|
|
788
|
+
"[info] tool \"browser_snapshot\": Has properties but no 'required' array declared",
|
|
789
|
+
"[info] tool \"browser_wait_for\": Has properties but no 'required' array declared"
|
|
790
|
+
]
|
|
791
|
+
}
|
|
792
|
+
]
|
|
793
|
+
},
|
|
794
|
+
{
|
|
795
|
+
"id": "security",
|
|
796
|
+
"capability": "security",
|
|
797
|
+
"status": "fail",
|
|
798
|
+
"durationMs": 25.690708999998606,
|
|
799
|
+
"message": "Found 6 security finding(s): 2 high, 2 medium, 2 low.",
|
|
800
|
+
"evidence": [
|
|
801
|
+
{
|
|
802
|
+
"endpoint": "security/scan",
|
|
803
|
+
"advertised": true,
|
|
804
|
+
"responded": true,
|
|
805
|
+
"minimalShapePresent": true,
|
|
806
|
+
"itemCount": 6,
|
|
807
|
+
"identifiers": [
|
|
808
|
+
"browser_close",
|
|
809
|
+
"browser_evaluate",
|
|
810
|
+
"browser_navigate_back",
|
|
811
|
+
"browser_run_code_unsafe"
|
|
812
|
+
],
|
|
813
|
+
"diagnostics": [
|
|
814
|
+
"[low] Tool \"browser_close\" has an empty schema but is marked as destructive.",
|
|
815
|
+
"[high] Tool \"browser_evaluate\" name suggests command execution capability.",
|
|
816
|
+
"[medium] Tool \"browser_evaluate\" accepts filesystem paths and has destructive capabilities.",
|
|
817
|
+
"[low] Tool \"browser_navigate_back\" has an empty schema but is marked as destructive.",
|
|
818
|
+
"[high] Tool \"browser_run_code_unsafe\" has parameter \"code\" which may allow arbitrary command execution.",
|
|
819
|
+
"[medium] Tool \"browser_run_code_unsafe\" accepts filesystem paths and has destructive capabilities."
|
|
820
|
+
],
|
|
821
|
+
"findings": [
|
|
822
|
+
{
|
|
823
|
+
"ruleId": "permissive-schema",
|
|
824
|
+
"severity": "low",
|
|
825
|
+
"toolName": "browser_close",
|
|
826
|
+
"message": "Tool \"browser_close\" has an empty schema but is marked as destructive."
|
|
827
|
+
},
|
|
828
|
+
{
|
|
829
|
+
"ruleId": "shell-injection",
|
|
830
|
+
"severity": "high",
|
|
831
|
+
"toolName": "browser_evaluate",
|
|
832
|
+
"message": "Tool \"browser_evaluate\" name suggests command execution capability."
|
|
833
|
+
},
|
|
834
|
+
{
|
|
835
|
+
"ruleId": "broad-filesystem",
|
|
836
|
+
"severity": "medium",
|
|
837
|
+
"toolName": "browser_evaluate",
|
|
838
|
+
"message": "Tool \"browser_evaluate\" accepts filesystem paths and has destructive capabilities."
|
|
839
|
+
},
|
|
840
|
+
{
|
|
841
|
+
"ruleId": "permissive-schema",
|
|
842
|
+
"severity": "low",
|
|
843
|
+
"toolName": "browser_navigate_back",
|
|
844
|
+
"message": "Tool \"browser_navigate_back\" has an empty schema but is marked as destructive."
|
|
845
|
+
},
|
|
846
|
+
{
|
|
847
|
+
"ruleId": "shell-injection",
|
|
848
|
+
"severity": "high",
|
|
849
|
+
"toolName": "browser_run_code_unsafe",
|
|
850
|
+
"message": "Tool \"browser_run_code_unsafe\" has parameter \"code\" which may allow arbitrary command execution."
|
|
851
|
+
},
|
|
852
|
+
{
|
|
853
|
+
"ruleId": "broad-filesystem",
|
|
854
|
+
"severity": "medium",
|
|
855
|
+
"toolName": "browser_run_code_unsafe",
|
|
856
|
+
"message": "Tool \"browser_run_code_unsafe\" accepts filesystem paths and has destructive capabilities."
|
|
857
|
+
}
|
|
858
|
+
]
|
|
859
|
+
}
|
|
860
|
+
]
|
|
861
|
+
}
|
|
862
|
+
],
|
|
863
|
+
"healthScore": {
|
|
864
|
+
"overall": 65,
|
|
865
|
+
"grade": "D",
|
|
866
|
+
"dimensions": [
|
|
867
|
+
{
|
|
868
|
+
"name": "Protocol Compliance",
|
|
869
|
+
"weight": 0.3,
|
|
870
|
+
"score": 100,
|
|
871
|
+
"details": [
|
|
872
|
+
"conformance: pass (100/100)"
|
|
873
|
+
]
|
|
874
|
+
},
|
|
875
|
+
{
|
|
876
|
+
"name": "Schema Quality",
|
|
877
|
+
"weight": 0.2,
|
|
878
|
+
"score": 60,
|
|
879
|
+
"details": [
|
|
880
|
+
"schema-quality: partial (60/100)"
|
|
881
|
+
]
|
|
882
|
+
},
|
|
883
|
+
{
|
|
884
|
+
"name": "Security",
|
|
885
|
+
"weight": 0.2,
|
|
886
|
+
"score": 0,
|
|
887
|
+
"details": [
|
|
888
|
+
"security-lite: fail (0/100)",
|
|
889
|
+
"security: fail (0/100)"
|
|
890
|
+
]
|
|
891
|
+
},
|
|
892
|
+
{
|
|
893
|
+
"name": "Reliability",
|
|
894
|
+
"weight": 0.2,
|
|
895
|
+
"score": 67,
|
|
896
|
+
"details": [
|
|
897
|
+
"tools: pass (100/100)",
|
|
898
|
+
"prompts: unsupported (50/100)",
|
|
899
|
+
"resources: unsupported (50/100)"
|
|
900
|
+
]
|
|
901
|
+
},
|
|
902
|
+
{
|
|
903
|
+
"name": "Performance",
|
|
904
|
+
"weight": 0.1,
|
|
905
|
+
"score": 100,
|
|
906
|
+
"details": [
|
|
907
|
+
"Connect: 5774ms",
|
|
908
|
+
"p95 latency: 59ms (3 operations)"
|
|
909
|
+
]
|
|
910
|
+
}
|
|
911
|
+
]
|
|
912
|
+
},
|
|
913
|
+
"performanceMetrics": {
|
|
914
|
+
"connectMs": 5773.640125,
|
|
915
|
+
"toolsListMs": 59.043541999999434,
|
|
916
|
+
"promptsListMs": 0.006790999999793712,
|
|
917
|
+
"resourcesListMs": 0.007708000001002802
|
|
918
|
+
}
|
|
919
|
+
}
|