Server data from the Official MCP Registry
Recent earthquakes worldwide and by region, with detail, from USGS. No API key. By UnClick.
Recent earthquakes worldwide and by region, with detail, from USGS. No API key. By UnClick.
This MCP server exposes 450+ API integrations with serious security and architectural concerns. Critical findings include unauthenticated access to sensitive tools (memory operations, financial data, messaging), unvalidated API key passing through tool parameters, and overly broad permissions (network, environment variables, process execution). The server's design allows arbitrary API calls without proper scope gating, creating significant attack surface. While individual tool implementations may be sound, the overall architecture enables privilege escalation and data exfiltration risks. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue (1 critical, 0 high severity).
4 files analyzed · 19 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Unverified package source
We couldn't verify that the installable package matches the reviewed source code. Proceed with caution.
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-malamutemayhem-usgs": {
"args": [
"-y",
"unclick"
],
"command": "npx"
}
}
}Be the first to review this server!
Added support for streaming responses and improved error handling for rate-limited requests.
Major release: new tool registration API, breaking changes to configuration format. See migration guide.
Added OAuth 2.0 support and improved connection pooling.
Initial stable release.