Server data from the Official MCP Registry
Australia Post parcel tracking, postcode lookup, and delivery times. By UnClick.
Australia Post parcel tracking, postcode lookup, and delivery times. By UnClick.
This MCP server exposes 450+ external API integrations with significant security concerns. The codebase contains hardcoded API key patterns in tool definitions, overly broad permissions spanning financial data, messaging, social media, and security tools with no scoping or rate limiting visible. Multiple critical issues include unauthenticated access to sensitive endpoints, missing input validation on user-controlled parameters, and dangerous permission combinations (shell execution, arbitrary code execution patterns, and network access to sensitive APIs). The architecture allows agents to call any integrated tool without apparent authorization controls. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue (1 critical, 0 high severity).
4 files analyzed · 21 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Unverified package source
We couldn't verify that the installable package matches the reviewed source code. Proceed with caution.
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-malamutemayhem-australiapost": {
"args": [
"-y",
"unclick"
],
"command": "npx"
}
}
}Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.