@kryptosai/mcp-observatory 0.23.0 → 0.24.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (46) hide show
  1. package/README.md +8 -7
  2. package/dist/src/commands/init-ci.d.ts +3 -0
  3. package/dist/src/commands/init-ci.js +24 -12
  4. package/dist/src/commands/init-ci.js.map +1 -1
  5. package/dist/src/reporters/pr-comment.js +6 -2
  6. package/dist/src/reporters/pr-comment.js.map +1 -1
  7. package/docs/certification-campaign-template.md +2 -2
  8. package/docs/mcp-safety-report-latest.md +12 -7
  9. package/docs/mcp-server-safety-index.md +56 -80
  10. package/docs/methodology.md +90 -0
  11. package/docs/metrics-dashboard.md +105 -0
  12. package/docs/paid-pilot-offer.md +21 -5
  13. package/docs/project-case-study.md +12 -8
  14. package/docs/proof.md +28 -15
  15. package/docs/public-post-drafts.md +18 -6
  16. package/docs/publish-readiness.md +1 -5
  17. package/docs/reference-evaluations.md +1 -1
  18. package/docs/safety-index/artifacts/antv-chart-server.json +2765 -0
  19. package/docs/safety-index/artifacts/antv-chart-server.md +156 -0
  20. package/docs/safety-index/artifacts/browsermcp-server.json +416 -0
  21. package/docs/safety-index/artifacts/browsermcp-server.md +163 -0
  22. package/docs/safety-index/artifacts/context7-server.json +286 -0
  23. package/docs/safety-index/artifacts/context7-server.md +163 -0
  24. package/docs/safety-index/artifacts/everything-server.json +482 -0
  25. package/docs/safety-index/artifacts/everything-server.md +163 -0
  26. package/docs/safety-index/artifacts/executeautomation-playwright-server.json +955 -0
  27. package/docs/safety-index/artifacts/executeautomation-playwright-server.md +163 -0
  28. package/docs/safety-index/artifacts/filesystem-server.json +583 -0
  29. package/docs/safety-index/artifacts/filesystem-server.md +156 -0
  30. package/docs/safety-index/artifacts/memory-server.json +469 -0
  31. package/docs/safety-index/artifacts/memory-server.md +156 -0
  32. package/docs/safety-index/artifacts/opentofu-server.json +387 -0
  33. package/docs/safety-index/artifacts/opentofu-server.md +163 -0
  34. package/docs/safety-index/artifacts/playwright-mcp-server.json +919 -0
  35. package/docs/safety-index/artifacts/playwright-mcp-server.md +156 -0
  36. package/docs/safety-index/artifacts/promptopia-server.json +442 -0
  37. package/docs/safety-index/artifacts/promptopia-server.md +156 -0
  38. package/docs/safety-index/artifacts/puppeteer-server.json +377 -0
  39. package/docs/safety-index/artifacts/puppeteer-server.md +163 -0
  40. package/docs/safety-index/artifacts/ref-tools-server.json +262 -0
  41. package/docs/safety-index/artifacts/ref-tools-server.md +156 -0
  42. package/docs/safety-index/artifacts/sequential-thinking-server.json +286 -0
  43. package/docs/safety-index/artifacts/sequential-thinking-server.md +156 -0
  44. package/docs/safety-index/maintainer-note-template.md +25 -0
  45. package/docs/safety-index/targets.json +192 -0
  46. package/package.json +12 -9
package/docs/safety-index/artifacts/playwright-mcp-server.json ADDED
@@ -0,0 +1,919 @@
1
+ {
2
+ "artifactType": "run",
3
+ "schemaVersion": "1.0.0",
4
+ "gate": "fail",
5
+ "runId": "run_2026-06-24T020732035Z_b86ac3a9",
6
+ "createdAt": "2026-06-24T02:07:32.035Z",
7
+ "toolVersion": "0.24.0",
8
+ "target": {
9
+ "targetId": "playwright-mcp-server",
10
+ "adapter": "local-process",
11
+ "command": "npx",
12
+ "args": [
13
+ "-y",
14
+ "@playwright/mcp"
15
+ ],
16
+ "cwd": ".",
17
+ "metadata": {
18
+ "package": "@playwright/mcp",
19
+ "purpose": "mcp-safety-index",
20
+ "riskClass": "Browser control",
21
+ "failureClass": "Browser/code execution boundary",
22
+ "whyItMatters": "Popular browser automation servers need explicit review around navigation, screenshots, and code evaluation."
23
+ },
24
+ "serverName": "Playwright",
25
+ "serverVersion": "1.61.0-alpha-1781023400000"
26
+ },
27
+ "environment": {
28
+ "platform": "darwin 25.5.0",
29
+ "nodeVersion": "v22.22.1"
30
+ },
31
+ "summary": {
32
+ "total": 7,
33
+ "pass": 2,
34
+ "fail": 2,
35
+ "partial": 1,
36
+ "unsupported": 2,
37
+ "flaky": 0,
38
+ "skipped": 0,
39
+ "gate": "fail"
40
+ },
41
+ "checks": [
42
+ {
43
+ "id": "tools",
44
+ "capability": "tools",
45
+ "status": "pass",
46
+ "durationMs": 59.043541999999434,
47
+ "message": "Advertised capability responded with the minimal expected shape (23 items).",
48
+ "evidence": [
49
+ {
50
+ "endpoint": "tools/list",
51
+ "advertised": true,
52
+ "responded": true,
53
+ "minimalShapePresent": true,
54
+ "itemCount": 23,
55
+ "identifiers": [
56
+ "browser_close",
57
+ "browser_resize",
58
+ "browser_console_messages",
59
+ "browser_handle_dialog",
60
+ "browser_evaluate",
61
+ "browser_file_upload",
62
+ "browser_drop",
63
+ "browser_fill_form",
64
+ "browser_press_key",
65
+ "browser_type",
66
+ "browser_navigate",
67
+ "browser_navigate_back",
68
+ "browser_network_requests",
69
+ "browser_network_request",
70
+ "browser_run_code_unsafe",
71
+ "browser_take_screenshot",
72
+ "browser_snapshot",
73
+ "browser_click",
74
+ "browser_drag",
75
+ "browser_hover",
76
+ "browser_select_option",
77
+ "browser_tabs",
78
+ "browser_wait_for"
79
+ ],
80
+ "diagnostics": [],
81
+ "schemas": {
82
+ "browser_close": {
83
+ "type": "object",
84
+ "properties": {},
85
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
86
+ "additionalProperties": false
87
+ },
88
+ "browser_resize": {
89
+ "type": "object",
90
+ "properties": {
91
+ "width": {
92
+ "type": "number",
93
+ "description": "Width of the browser window"
94
+ },
95
+ "height": {
96
+ "type": "number",
97
+ "description": "Height of the browser window"
98
+ }
99
+ },
100
+ "required": [
101
+ "width",
102
+ "height"
103
+ ],
104
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
105
+ "additionalProperties": false
106
+ },
107
+ "browser_console_messages": {
108
+ "type": "object",
109
+ "properties": {
110
+ "level": {
111
+ "default": "info",
112
+ "description": "Level of the console messages to return. Each level includes the messages of more severe levels. Defaults to \"info\".",
113
+ "type": "string",
114
+ "enum": [
115
+ "error",
116
+ "warning",
117
+ "info",
118
+ "debug"
119
+ ]
120
+ },
121
+ "all": {
122
+ "description": "Return all console messages since the beginning of the session, not just since the last navigation. Defaults to false.",
123
+ "type": "boolean"
124
+ },
125
+ "filename": {
126
+ "description": "Filename to save the console messages to. If not provided, messages are returned as text.",
127
+ "type": "string"
128
+ }
129
+ },
130
+ "required": [
131
+ "level"
132
+ ],
133
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
134
+ "additionalProperties": false
135
+ },
136
+ "browser_handle_dialog": {
137
+ "type": "object",
138
+ "properties": {
139
+ "accept": {
140
+ "type": "boolean",
141
+ "description": "Whether to accept the dialog."
142
+ },
143
+ "promptText": {
144
+ "description": "The text of the prompt in case of a prompt dialog.",
145
+ "type": "string"
146
+ }
147
+ },
148
+ "required": [
149
+ "accept"
150
+ ],
151
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
152
+ "additionalProperties": false
153
+ },
154
+ "browser_evaluate": {
155
+ "type": "object",
156
+ "properties": {
157
+ "element": {
158
+ "description": "Human-readable element description used to obtain permission to interact with the element",
159
+ "type": "string"
160
+ },
161
+ "target": {
162
+ "description": "Exact target element reference from the page snapshot, or a unique element selector",
163
+ "type": "string"
164
+ },
165
+ "function": {
166
+ "type": "string",
167
+ "description": "() => { /* code */ } or (element) => { /* code */ } when element is provided"
168
+ },
169
+ "filename": {
170
+ "description": "Filename to save the result to. If not provided, result is returned as text.",
171
+ "type": "string"
172
+ }
173
+ },
174
+ "required": [
175
+ "function"
176
+ ],
177
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
178
+ "additionalProperties": false
179
+ },
180
+ "browser_file_upload": {
181
+ "type": "object",
182
+ "properties": {
183
+ "paths": {
184
+ "description": "The absolute paths to the files to upload. Can be single file or multiple files. If omitted, file chooser is cancelled.",
185
+ "type": "array",
186
+ "items": {
187
+ "type": "string"
188
+ }
189
+ }
190
+ },
191
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
192
+ "additionalProperties": false
193
+ },
194
+ "browser_drop": {
195
+ "type": "object",
196
+ "properties": {
197
+ "element": {
198
+ "description": "Human-readable element description used to obtain permission to interact with the element",
199
+ "type": "string"
200
+ },
201
+ "target": {
202
+ "type": "string",
203
+ "description": "Exact target element reference from the page snapshot, or a unique element selector"
204
+ },
205
+ "paths": {
206
+ "description": "Absolute paths to files to drop onto the element.",
207
+ "type": "array",
208
+ "items": {
209
+ "type": "string"
210
+ }
211
+ },
212
+ "data": {
213
+ "description": "Data to drop, as a map of MIME type to string value (e.g. {\"text/plain\": \"hello\", \"text/uri-list\": \"https://example.com\"}).",
214
+ "type": "object",
215
+ "propertyNames": {
216
+ "type": "string"
217
+ },
218
+ "additionalProperties": {
219
+ "type": "string"
220
+ }
221
+ }
222
+ },
223
+ "required": [
224
+ "target"
225
+ ],
226
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
227
+ "additionalProperties": false
228
+ },
229
+ "browser_fill_form": {
230
+ "type": "object",
231
+ "properties": {
232
+ "fields": {
233
+ "type": "array",
234
+ "items": {
235
+ "type": "object",
236
+ "properties": {
237
+ "element": {
238
+ "description": "Human-readable element description used to obtain permission to interact with the element",
239
+ "type": "string"
240
+ },
241
+ "target": {
242
+ "type": "string",
243
+ "description": "Exact target element reference from the page snapshot, or a unique element selector"
244
+ },
245
+ "name": {
246
+ "type": "string",
247
+ "description": "Human-readable field name"
248
+ },
249
+ "type": {
250
+ "type": "string",
251
+ "enum": [
252
+ "textbox",
253
+ "checkbox",
254
+ "radio",
255
+ "combobox",
256
+ "slider"
257
+ ],
258
+ "description": "Type of the field"
259
+ },
260
+ "value": {
261
+ "type": "string",
262
+ "description": "Value to fill in the field. If the field is a checkbox, the value should be `true` or `false`. If the field is a combobox, the value should be the text of the option."
263
+ }
264
+ },
265
+ "required": [
266
+ "target",
267
+ "name",
268
+ "type",
269
+ "value"
270
+ ],
271
+ "additionalProperties": false
272
+ },
273
+ "description": "Fields to fill in"
274
+ }
275
+ },
276
+ "required": [
277
+ "fields"
278
+ ],
279
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
280
+ "additionalProperties": false
281
+ },
282
+ "browser_press_key": {
283
+ "type": "object",
284
+ "properties": {
285
+ "key": {
286
+ "type": "string",
287
+ "description": "Name of the key to press or a character to generate, such as `ArrowLeft` or `a`"
288
+ }
289
+ },
290
+ "required": [
291
+ "key"
292
+ ],
293
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
294
+ "additionalProperties": false
295
+ },
296
+ "browser_type": {
297
+ "type": "object",
298
+ "properties": {
299
+ "element": {
300
+ "description": "Human-readable element description used to obtain permission to interact with the element",
301
+ "type": "string"
302
+ },
303
+ "target": {
304
+ "type": "string",
305
+ "description": "Exact target element reference from the page snapshot, or a unique element selector"
306
+ },
307
+ "text": {
308
+ "type": "string",
309
+ "description": "Text to type into the element"
310
+ },
311
+ "submit": {
312
+ "description": "Whether to submit entered text (press Enter after)",
313
+ "type": "boolean"
314
+ },
315
+ "slowly": {
316
+ "description": "Whether to type one character at a time. Useful for triggering key handlers in the page. By default entire text is filled in at once.",
317
+ "type": "boolean"
318
+ }
319
+ },
320
+ "required": [
321
+ "target",
322
+ "text"
323
+ ],
324
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
325
+ "additionalProperties": false
326
+ },
327
+ "browser_navigate": {
328
+ "type": "object",
329
+ "properties": {
330
+ "url": {
331
+ "type": "string",
332
+ "description": "The URL to navigate to"
333
+ }
334
+ },
335
+ "required": [
336
+ "url"
337
+ ],
338
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
339
+ "additionalProperties": false
340
+ },
341
+ "browser_navigate_back": {
342
+ "type": "object",
343
+ "properties": {},
344
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
345
+ "additionalProperties": false
346
+ },
347
+ "browser_network_requests": {
348
+ "type": "object",
349
+ "properties": {
350
+ "static": {
351
+ "default": false,
352
+ "description": "Whether to include successful static resources like images, fonts, scripts, etc. Defaults to false.",
353
+ "type": "boolean"
354
+ },
355
+ "filter": {
356
+ "description": "Only return requests whose URL matches this regexp (e.g. \"/api/.*user\").",
357
+ "type": "string"
358
+ },
359
+ "filename": {
360
+ "description": "Filename to save the network requests to. If not provided, requests are returned as text.",
361
+ "type": "string"
362
+ }
363
+ },
364
+ "required": [
365
+ "static"
366
+ ],
367
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
368
+ "additionalProperties": false
369
+ },
370
+ "browser_network_request": {
371
+ "type": "object",
372
+ "properties": {
373
+ "index": {
374
+ "type": "integer",
375
+ "minimum": 1,
376
+ "maximum": 9007199254740991,
377
+ "description": "1-based index of the request, as printed by browser_network_requests."
378
+ },
379
+ "part": {
380
+ "description": "Return only this part of the request. Omit to return full details.",
381
+ "type": "string",
382
+ "enum": [
383
+ "request-headers",
384
+ "request-body",
385
+ "response-headers",
386
+ "response-body"
387
+ ]
388
+ },
389
+ "filename": {
390
+ "description": "Filename to save the result to. If not provided, output is returned as text.",
391
+ "type": "string"
392
+ }
393
+ },
394
+ "required": [
395
+ "index"
396
+ ],
397
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
398
+ "additionalProperties": false
399
+ },
400
+ "browser_run_code_unsafe": {
401
+ "type": "object",
402
+ "properties": {
403
+ "code": {
404
+ "description": "A JavaScript function containing Playwright code to execute. It will be invoked with a single argument, page, which you can use for any page interaction. For example: `async (page) => { await page.getByRole('button', { name: 'Submit' }).click(); return await page.title(); }`",
405
+ "type": "string"
406
+ },
407
+ "filename": {
408
+ "description": "Load code from the specified file. If both code and filename are provided, code will be ignored.",
409
+ "type": "string"
410
+ }
411
+ },
412
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
413
+ "additionalProperties": false
414
+ },
415
+ "browser_take_screenshot": {
416
+ "type": "object",
417
+ "properties": {
418
+ "element": {
419
+ "description": "Human-readable element description used to obtain permission to interact with the element",
420
+ "type": "string"
421
+ },
422
+ "target": {
423
+ "description": "Exact target element reference from the page snapshot, or a unique element selector",
424
+ "type": "string"
425
+ },
426
+ "type": {
427
+ "default": "png",
428
+ "description": "Image format for the screenshot. Default is png.",
429
+ "type": "string",
430
+ "enum": [
431
+ "png",
432
+ "jpeg"
433
+ ]
434
+ },
435
+ "filename": {
436
+ "description": "File name to save the screenshot to. Defaults to `page-{timestamp}.{png|jpeg}` if not specified. Prefer relative file names to stay within the output directory.",
437
+ "type": "string"
438
+ },
439
+ "fullPage": {
440
+ "description": "When true, takes a screenshot of the full scrollable page, instead of the currently visible viewport. Cannot be used with element screenshots.",
441
+ "type": "boolean"
442
+ }
443
+ },
444
+ "required": [
445
+ "type"
446
+ ],
447
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
448
+ "additionalProperties": false
449
+ },
450
+ "browser_snapshot": {
451
+ "type": "object",
452
+ "properties": {
453
+ "target": {
454
+ "description": "Exact target element reference from the page snapshot, or a unique element selector",
455
+ "type": "string"
456
+ },
457
+ "filename": {
458
+ "description": "Save snapshot to markdown file instead of returning it in the response.",
459
+ "type": "string"
460
+ },
461
+ "depth": {
462
+ "description": "Limit the depth of the snapshot tree",
463
+ "type": "number"
464
+ },
465
+ "boxes": {
466
+ "description": "Include each element's bounding box as [box=x,y,width,height] in the snapshot. Coordinates are viewport-relative, in CSS pixels (Element.getBoundingClientRect)",
467
+ "type": "boolean"
468
+ }
469
+ },
470
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
471
+ "additionalProperties": false
472
+ },
473
+ "browser_click": {
474
+ "type": "object",
475
+ "properties": {
476
+ "element": {
477
+ "description": "Human-readable element description used to obtain permission to interact with the element",
478
+ "type": "string"
479
+ },
480
+ "target": {
481
+ "type": "string",
482
+ "description": "Exact target element reference from the page snapshot, or a unique element selector"
483
+ },
484
+ "doubleClick": {
485
+ "description": "Whether to perform a double click instead of a single click",
486
+ "type": "boolean"
487
+ },
488
+ "button": {
489
+ "description": "Button to click, defaults to left",
490
+ "type": "string",
491
+ "enum": [
492
+ "left",
493
+ "right",
494
+ "middle"
495
+ ]
496
+ },
497
+ "modifiers": {
498
+ "description": "Modifier keys to press",
499
+ "type": "array",
500
+ "items": {
501
+ "type": "string",
502
+ "enum": [
503
+ "Alt",
504
+ "Control",
505
+ "ControlOrMeta",
506
+ "Meta",
507
+ "Shift"
508
+ ]
509
+ }
510
+ }
511
+ },
512
+ "required": [
513
+ "target"
514
+ ],
515
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
516
+ "additionalProperties": false
517
+ },
518
+ "browser_drag": {
519
+ "type": "object",
520
+ "properties": {
521
+ "startElement": {
522
+ "description": "Human-readable source element description used to obtain the permission to interact with the element",
523
+ "type": "string"
524
+ },
525
+ "startTarget": {
526
+ "type": "string",
527
+ "description": "Exact target element reference from the page snapshot, or a unique element selector"
528
+ },
529
+ "endElement": {
530
+ "description": "Human-readable target element description used to obtain the permission to interact with the element",
531
+ "type": "string"
532
+ },
533
+ "endTarget": {
534
+ "type": "string",
535
+ "description": "Exact target element reference from the page snapshot, or a unique element selector"
536
+ }
537
+ },
538
+ "required": [
539
+ "startTarget",
540
+ "endTarget"
541
+ ],
542
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
543
+ "additionalProperties": false
544
+ },
545
+ "browser_hover": {
546
+ "type": "object",
547
+ "properties": {
548
+ "element": {
549
+ "description": "Human-readable element description used to obtain permission to interact with the element",
550
+ "type": "string"
551
+ },
552
+ "target": {
553
+ "type": "string",
554
+ "description": "Exact target element reference from the page snapshot, or a unique element selector"
555
+ }
556
+ },
557
+ "required": [
558
+ "target"
559
+ ],
560
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
561
+ "additionalProperties": false
562
+ },
563
+ "browser_select_option": {
564
+ "type": "object",
565
+ "properties": {
566
+ "element": {
567
+ "description": "Human-readable element description used to obtain permission to interact with the element",
568
+ "type": "string"
569
+ },
570
+ "target": {
571
+ "type": "string",
572
+ "description": "Exact target element reference from the page snapshot, or a unique element selector"
573
+ },
574
+ "values": {
575
+ "type": "array",
576
+ "items": {
577
+ "type": "string"
578
+ },
579
+ "description": "Array of values to select in the dropdown. This can be a single value or multiple values."
580
+ }
581
+ },
582
+ "required": [
583
+ "target",
584
+ "values"
585
+ ],
586
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
587
+ "additionalProperties": false
588
+ },
589
+ "browser_tabs": {
590
+ "type": "object",
591
+ "properties": {
592
+ "action": {
593
+ "type": "string",
594
+ "enum": [
595
+ "list",
596
+ "new",
597
+ "close",
598
+ "select"
599
+ ],
600
+ "description": "Operation to perform"
601
+ },
602
+ "index": {
603
+ "description": "Tab index, used for close/select. If omitted for close, current tab is closed.",
604
+ "type": "number"
605
+ },
606
+ "url": {
607
+ "description": "URL to navigate to in the new tab, used for new.",
608
+ "type": "string"
609
+ }
610
+ },
611
+ "required": [
612
+ "action"
613
+ ],
614
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
615
+ "additionalProperties": false
616
+ },
617
+ "browser_wait_for": {
618
+ "type": "object",
619
+ "properties": {
620
+ "time": {
621
+ "description": "The time to wait in seconds",
622
+ "type": "number"
623
+ },
624
+ "text": {
625
+ "description": "The text to wait for",
626
+ "type": "string"
627
+ },
628
+ "textGone": {
629
+ "description": "The text to wait for to disappear",
630
+ "type": "string"
631
+ }
632
+ },
633
+ "$schema": "https://json-schema.org/draft/2020-12/schema",
634
+ "additionalProperties": false
635
+ }
636
+ }
637
+ }
638
+ ]
639
+ },
640
+ {
641
+ "id": "prompts",
642
+ "capability": "prompts",
643
+ "status": "unsupported",
644
+ "durationMs": 0.006790999999793712,
645
+ "message": "Prompts are not advertised by the target.",
646
+ "evidence": [
647
+ {
648
+ "endpoint": "prompts/list",
649
+ "advertised": false,
650
+ "responded": false,
651
+ "minimalShapePresent": false,
652
+ "diagnostics": []
653
+ }
654
+ ]
655
+ },
656
+ {
657
+ "id": "resources",
658
+ "capability": "resources",
659
+ "status": "unsupported",
660
+ "durationMs": 0.007708000001002802,
661
+ "message": "Resources are not advertised by the target.",
662
+ "evidence": [
663
+ {
664
+ "endpoint": "resources/list | resources/templates/list",
665
+ "advertised": false,
666
+ "responded": false,
667
+ "minimalShapePresent": false,
668
+ "diagnostics": []
669
+ }
670
+ ]
671
+ },
672
+ {
673
+ "id": "security-lite",
674
+ "capability": "security-lite",
675
+ "status": "fail",
676
+ "durationMs": 0.24841600000218023,
677
+ "message": "Found 6 security finding(s): 2 high, 2 medium, 2 low.",
678
+ "evidence": [
679
+ {
680
+ "endpoint": "security/scan-lite",
681
+ "advertised": true,
682
+ "responded": true,
683
+ "minimalShapePresent": true,
684
+ "itemCount": 6,
685
+ "identifiers": [
686
+ "browser_close",
687
+ "browser_evaluate",
688
+ "browser_navigate_back",
689
+ "browser_run_code_unsafe"
690
+ ],
691
+ "diagnostics": [
692
+ "[low] Tool \"browser_close\" has an empty schema but is marked as destructive.",
693
+ "[high] Tool \"browser_evaluate\" name suggests command execution capability.",
694
+ "[medium] Tool \"browser_evaluate\" accepts filesystem paths and has destructive capabilities.",
695
+ "[low] Tool \"browser_navigate_back\" has an empty schema but is marked as destructive.",
696
+ "[high] Tool \"browser_run_code_unsafe\" has parameter \"code\" which may allow arbitrary command execution.",
697
+ "[medium] Tool \"browser_run_code_unsafe\" accepts filesystem paths and has destructive capabilities."
698
+ ],
699
+ "findings": [
700
+ {
701
+ "ruleId": "permissive-schema",
702
+ "severity": "low",
703
+ "toolName": "browser_close",
704
+ "message": "Tool \"browser_close\" has an empty schema but is marked as destructive."
705
+ },
706
+ {
707
+ "ruleId": "shell-injection",
708
+ "severity": "high",
709
+ "toolName": "browser_evaluate",
710
+ "message": "Tool \"browser_evaluate\" name suggests command execution capability."
711
+ },
712
+ {
713
+ "ruleId": "broad-filesystem",
714
+ "severity": "medium",
715
+ "toolName": "browser_evaluate",
716
+ "message": "Tool \"browser_evaluate\" accepts filesystem paths and has destructive capabilities."
717
+ },
718
+ {
719
+ "ruleId": "permissive-schema",
720
+ "severity": "low",
721
+ "toolName": "browser_navigate_back",
722
+ "message": "Tool \"browser_navigate_back\" has an empty schema but is marked as destructive."
723
+ },
724
+ {
725
+ "ruleId": "shell-injection",
726
+ "severity": "high",
727
+ "toolName": "browser_run_code_unsafe",
728
+ "message": "Tool \"browser_run_code_unsafe\" has parameter \"code\" which may allow arbitrary command execution."
729
+ },
730
+ {
731
+ "ruleId": "broad-filesystem",
732
+ "severity": "medium",
733
+ "toolName": "browser_run_code_unsafe",
734
+ "message": "Tool \"browser_run_code_unsafe\" accepts filesystem paths and has destructive capabilities."
735
+ }
736
+ ]
737
+ }
738
+ ]
739
+ },
740
+ {
741
+ "id": "conformance",
742
+ "capability": "conformance",
743
+ "status": "pass",
744
+ "durationMs": 3062.4197910000003,
745
+ "message": "All 7 conformance checks passed.",
746
+ "evidence": [
747
+ {
748
+ "endpoint": "conformance/check",
749
+ "advertised": true,
750
+ "responded": true,
751
+ "minimalShapePresent": true,
752
+ "itemCount": 7,
753
+ "identifiers": [],
754
+ "diagnostics": [
755
+ "[pass] capabilities-present: Server returned capabilities object.",
756
+ "[pass] server-info: Server provided initialization info.",
757
+ "[pass] tools-capability-match: tools/list returned 23 tool(s).",
758
+ "[pass] prompts-capability-match: Prompts not advertised — endpoint check skipped.",
759
+ "[pass] resources-capability-match: Resources not advertised — endpoint check skipped.",
760
+ "[pass] tool-response-content: Tool \"browser_close\" response has valid content array.",
761
+ "[pass] error-handling: Server returned proper error code -32601 for unknown method."
762
+ ]
763
+ }
764
+ ]
765
+ },
766
+ {
767
+ "id": "schema-quality",
768
+ "capability": "schema-quality",
769
+ "status": "partial",
770
+ "durationMs": 7.270583000001352,
771
+ "message": "Found 4 quality finding(s) across 23 item(s): 0 warnings, 4 info.",
772
+ "evidence": [
773
+ {
774
+ "endpoint": "schema-quality/scan",
775
+ "advertised": true,
776
+ "responded": true,
777
+ "minimalShapePresent": true,
778
+ "itemCount": 4,
779
+ "identifiers": [
780
+ "browser_file_upload",
781
+ "browser_run_code_unsafe",
782
+ "browser_snapshot",
783
+ "browser_wait_for"
784
+ ],
785
+ "diagnostics": [
786
+ "[info] tool \"browser_file_upload\": Has properties but no 'required' array declared",
787
+ "[info] tool \"browser_run_code_unsafe\": Has properties but no 'required' array declared",
788
+ "[info] tool \"browser_snapshot\": Has properties but no 'required' array declared",
789
+ "[info] tool \"browser_wait_for\": Has properties but no 'required' array declared"
790
+ ]
791
+ }
792
+ ]
793
+ },
794
+ {
795
+ "id": "security",
796
+ "capability": "security",
797
+ "status": "fail",
798
+ "durationMs": 25.690708999998606,
799
+ "message": "Found 6 security finding(s): 2 high, 2 medium, 2 low.",
800
+ "evidence": [
801
+ {
802
+ "endpoint": "security/scan",
803
+ "advertised": true,
804
+ "responded": true,
805
+ "minimalShapePresent": true,
806
+ "itemCount": 6,
807
+ "identifiers": [
808
+ "browser_close",
809
+ "browser_evaluate",
810
+ "browser_navigate_back",
811
+ "browser_run_code_unsafe"
812
+ ],
813
+ "diagnostics": [
814
+ "[low] Tool \"browser_close\" has an empty schema but is marked as destructive.",
815
+ "[high] Tool \"browser_evaluate\" name suggests command execution capability.",
816
+ "[medium] Tool \"browser_evaluate\" accepts filesystem paths and has destructive capabilities.",
817
+ "[low] Tool \"browser_navigate_back\" has an empty schema but is marked as destructive.",
818
+ "[high] Tool \"browser_run_code_unsafe\" has parameter \"code\" which may allow arbitrary command execution.",
819
+ "[medium] Tool \"browser_run_code_unsafe\" accepts filesystem paths and has destructive capabilities."
820
+ ],
821
+ "findings": [
822
+ {
823
+ "ruleId": "permissive-schema",
824
+ "severity": "low",
825
+ "toolName": "browser_close",
826
+ "message": "Tool \"browser_close\" has an empty schema but is marked as destructive."
827
+ },
828
+ {
829
+ "ruleId": "shell-injection",
830
+ "severity": "high",
831
+ "toolName": "browser_evaluate",
832
+ "message": "Tool \"browser_evaluate\" name suggests command execution capability."
833
+ },
834
+ {
835
+ "ruleId": "broad-filesystem",
836
+ "severity": "medium",
837
+ "toolName": "browser_evaluate",
838
+ "message": "Tool \"browser_evaluate\" accepts filesystem paths and has destructive capabilities."
839
+ },
840
+ {
841
+ "ruleId": "permissive-schema",
842
+ "severity": "low",
843
+ "toolName": "browser_navigate_back",
844
+ "message": "Tool \"browser_navigate_back\" has an empty schema but is marked as destructive."
845
+ },
846
+ {
847
+ "ruleId": "shell-injection",
848
+ "severity": "high",
849
+ "toolName": "browser_run_code_unsafe",
850
+ "message": "Tool \"browser_run_code_unsafe\" has parameter \"code\" which may allow arbitrary command execution."
851
+ },
852
+ {
853
+ "ruleId": "broad-filesystem",
854
+ "severity": "medium",
855
+ "toolName": "browser_run_code_unsafe",
856
+ "message": "Tool \"browser_run_code_unsafe\" accepts filesystem paths and has destructive capabilities."
857
+ }
858
+ ]
859
+ }
860
+ ]
861
+ }
862
+ ],
863
+ "healthScore": {
864
+ "overall": 65,
865
+ "grade": "D",
866
+ "dimensions": [
867
+ {
868
+ "name": "Protocol Compliance",
869
+ "weight": 0.3,
870
+ "score": 100,
871
+ "details": [
872
+ "conformance: pass (100/100)"
873
+ ]
874
+ },
875
+ {
876
+ "name": "Schema Quality",
877
+ "weight": 0.2,
878
+ "score": 60,
879
+ "details": [
880
+ "schema-quality: partial (60/100)"
881
+ ]
882
+ },
883
+ {
884
+ "name": "Security",
885
+ "weight": 0.2,
886
+ "score": 0,
887
+ "details": [
888
+ "security-lite: fail (0/100)",
889
+ "security: fail (0/100)"
890
+ ]
891
+ },
892
+ {
893
+ "name": "Reliability",
894
+ "weight": 0.2,
895
+ "score": 67,
896
+ "details": [
897
+ "tools: pass (100/100)",
898
+ "prompts: unsupported (50/100)",
899
+ "resources: unsupported (50/100)"
900
+ ]
901
+ },
902
+ {
903
+ "name": "Performance",
904
+ "weight": 0.1,
905
+ "score": 100,
906
+ "details": [
907
+ "Connect: 5774ms",
908
+ "p95 latency: 59ms (3 operations)"
909
+ ]
910
+ }
911
+ ]
912
+ },
913
+ "performanceMetrics": {
914
+ "connectMs": 5773.640125,
915
+ "toolsListMs": 59.043541999999434,
916
+ "promptsListMs": 0.006790999999793712,
917
+ "resourcesListMs": 0.007708000001002802
918
+ }
919
+ }