Server data from the Official MCP Registry
Search and read Hacker News stories, comments, users, Ask HN and Show HN. No API key. By UnClick.
Search and read Hacker News stories, comments, users, Ask HN and Show HN. No API key. By UnClick.
The UnClick MCP server presents significant security concerns, primarily around API key handling and lack of authentication mechanisms for a multi-API gateway. While the codebase appears to be actively maintained with extensive tool integrations, the server requires an API key from unclick.world but lacks evidence of proper token validation, scoping, or secure credential management. The broad permissions required to call 450+ third-party endpoints create a large attack surface, and the tool wiring file shows patterns that suggest API keys are passed through function parameters rather than securely managed, creating credential leakage risks. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue (1 critical, 0 high severity).
4 files analyzed · 17 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Unverified package source
We couldn't verify that the installable package matches the reviewed source code. Proceed with caution.
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-malamutemayhem-hackernews": {
"args": [
"-y",
"unclick"
],
"command": "npx"
}
}
}Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.