Server data from the Official MCP Registry
Speedrun.com games, leaderboards, runs, and users. No API key. By UnClick.
Speedrun.com games, leaderboards, runs, and users. No API key. By UnClick.
This MCP server exposes 450+ API integrations with minimal authentication controls and dangerous permission patterns. Critical issues include: (1) API keys passed as optional parameters in tool schemas, enabling credential exposure in logs/history; (2) no per-tool authentication enforcement, allowing agents to call any endpoint regardless of scopes; (3) extensive network access to external APIs without request validation; (4) PostHog analytics dependency that may transmit user activity data; and (5) no visible input sanitization for user-supplied parameters across hundreds of tools. The architecture prioritizes breadth over security, creating substantial risks for credential leakage, data exfiltration, and unauthorized API calls. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue (1 critical, 0 high severity).
4 files analyzed · 17 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Unverified package source
We couldn't verify that the installable package matches the reviewed source code. Proceed with caution.
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-malamutemayhem-speedrun": {
"args": [
"-y",
"unclick"
],
"command": "npx"
}
}
}Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.