Budget Planner Ai MCP Server by MEOK AI Labs
The server has significant security concerns that users should be aware of. A hardcoded external URL for metering/verification (`proofof.ai/verify`) is contacted on every tool invocation, creating potential for data exfiltration and vendor lock-in. The auth_middleware.py file is truncated, preventing full assessment of authentication logic. Additionally, API keys are accepted as optional string parameters with no validation, and the monetization/upsell mechanisms are tightly coupled into the core business logic. While rate limiting is present and the in-memory data store limits scope, these issues combined bring the score to the moderate-risk range. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue.
5 files analyzed · 14 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-csoai-org-budget-planner-ai-mcp": {
"args": [
"-y",
"budget-planner-ai-mcp"
],
"command": "npx"
}
}
}Be the first to review this server!