Server data from the Official MCP Registry
Australian lottery results and jackpots from The Lott. By UnClick.
Australian lottery results and jackpots from The Lott. By UnClick.
This MCP server exposes an extremely broad catalog of 450+ API endpoints across 178+ tools with minimal documented authentication controls or authorization scoping. The codebase contains multiple critical security issues: API keys are passed as optional parameters in tool schemas (allowing interception), the server requires a single UNCLICK_API_KEY with no scope-limiting mechanism, and it provides unrestricted access to sensitive operations (financial transactions, personal data retrieval, security scanning, social media posting) without per-tool authorization. The sheer breadth of unvetted integrations combined with weak auth architecture creates high risk of unauthorized access and data exfiltration. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue (1 critical, 0 high severity).
4 files analyzed · 18 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Unverified package source
We couldn't verify that the installable package matches the reviewed source code. Proceed with caution.
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-malamutemayhem-thelott": {
"args": [
"-y",
"unclick"
],
"command": "npx"
}
}
}Be the first to review this server!
Added support for streaming responses and improved error handling for rate-limited requests.
Major release: new tool registration API, breaking changes to configuration format. See migration guide.
Added OAuth 2.0 support and improved connection pooling.
Initial stable release.