Is Overlayrisk Witness free?

Yes, Overlayrisk Witness is free to use.

How do I install Overlayrisk Witness?

Overlayrisk Witness is a local plugin. Install it using npm package: overlayrisk-witness-mcp and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

Is Overlayrisk Witness safe to use?

Overlayrisk Witness scored 5.2/10 (moderate risk) in MCP Marketplace's automated security scan. It has 3 high or critical findings to review. It's listed, but review the security report on this page before installing.

What credentials does Overlayrisk Witness need?

Overlayrisk Witness requires the following credentials or environment variables: OVERLAYRISK_API_URL. You can find setup instructions on the server detail page.

What AI apps work with Overlayrisk Witness?

Overlayrisk Witness uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Overlayrisk Witness MCP Server

by Mertcanvural

Developer ToolsModerate5.2MCP RegistryLocal

Free

Server data from the Official MCP Registry

Independent before/after accessibility-overlay (accessiBe/UserWay) witness for any public URL.

About

Independent before/after accessibility-overlay (accessiBe/UserWay) witness for any public URL.

Security Report

5.2

Moderate5.2Moderate Risk

This is a well-designed, minimal MCP server that acts as a thin client to a remote API. Authentication is not required (the service is publicly available), code quality is high with proper input validation, error handling, and no hardcoded secrets or dangerous patterns. Permissions are appropriate for its purpose: HTTP network access to call the witness API. The server correctly implements request timeout handling and progress notifications for long-running operations. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue.

4 files analyzed · 6 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

HTTP Network Access

Connects to external APIs or services over the internet.

What You'll Need

Set these up before or after installing:

Override the hosted witness endpoint (defaults to https://overlayrisk.com/api/witness).Optional

Environment variable: OVERLAYRISK_API_URL

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-mertcanvural-overlayrisk-witness": {
      "env": {
        "OVERLAYRISK_API_URL": "your-overlayrisk-api-url-here"
      },
      "args": [
        "-y",
        "overlayrisk-witness-mcp"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

OverlayRiskWitness MCP server

A Model Context Protocol server that runs the free, independent before/after accessibility-overlay witness from OverlayRiskWitness on any public URL.

Accessibility overlay widgets (accessiBe, UserWay, and similar) are sold as one-line ADA/WCAG compliance fixes, but independent testing routinely shows the underlying page is unchanged for real assistive-technology users. This server lets an AI agent run the witness: it loads a page with the overlay on, then off, captures both states, and returns one documented finding where the page's public accessibility/compliance claims don't hold up — with a UTC timestamp.

Findings are evidence, not a legal compliance ruling. This server is independent of accessiBe and UserWay; it tests their effect, it does not sell or defend an overlay.

What this server is (and isn't)

This is a thin client. It contains no scanning logic and no secrets. Its single tool POSTs to the hosted API at https://overlayrisk.com/api/witness, which does the real work (overlay detection, headless before/after capture, claim extraction). The full timestamped Risk Packet is a paid checkout on the website — see overlayrisk.com/pricing. The MCP server is a free funnel; it never handles payment.

Tool

`witness_page`


Input	`{ "url": "https://example.com/checkout" }` — a public HTTP/HTTPS page URL
Success	The free-witness JSON: `runId`, `siteUrl`, `overlayVendor` (`accessibe`/`userway`), `pagesTested`, `claimsTested`, `didNotHoldUp`, `freeFinding`, `lockedFindingCount` — plus a note linking to the paid Risk Packet
Error	`{ status, code, error }` (e.g. `overlay_no_effect`, `page_fetch_failed`, `witness_timeout`)

A single witness run can take up to ~3 minutes on cold/heavy sites. That exceeds many MCP clients' default 60s request timeout. The server emits periodic progress notifications, so clients that honor resetTimeoutOnProgress stay connected automatically; clients that don't should raise their per-request timeout.

Install

Run directly with npx (no global install):

npx overlayrisk-witness-mcp

The process speaks MCP over stdio.

Claude Desktop / Cursor / other MCP clients

Add to your client's MCP config:

{
  "mcpServers": {
    "overlayrisk-witness": {
      "command": "npx",
      "args": ["-y", "overlayrisk-witness-mcp"]
    }
  }
}

Configuration

Env var	Default	Purpose
`OVERLAYRISK_API_URL`	`https://overlayrisk.com/api/witness`	Override the witness endpoint (e.g. for local dev)
`OVERLAYRISK_TIMEOUT_MS`	`200000`	Request timeout in ms

No API key is required — the free one-page witness is public.

Develop

npm install
npm run smoke   # offline handshake test (lists tools, no network)
npm start       # run the server on stdio

License

MIT © Mert Can Vural

Reviews

No reviews yet

Be the first to review this server!

More Developer Tools MCP Servers

Git

Free

by Modelcontextprotocol · Developer Tools

Read, search, and manipulate Git repositories programmatically

Fetch

Free

by Modelcontextprotocol · Developer Tools

Web content fetching and conversion for efficient LLM usage

Toleno

Free

by Toleno · Developer Tools

Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.

mcp-creator-python

Free

by mcp-marketplace · Developer Tools

Create, build, and publish Python MCP servers to PyPI — conversationally.

MarkItDown

Free

by Microsoft · Content & Media

Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption

FinAgent

Free

by mcp-marketplace · Finance

Free stock data and market news for any MCP-compatible AI assistant.

Overlayrisk Witness MCP Server

About

Security Report

Findings (6)Action required

Permissions Required

What You'll Need

How to Install

Documentation

OverlayRiskWitness MCP server

What this server is (and isn't)

Tool

witness_page

Install

Claude Desktop / Cursor / other MCP clients

Configuration

Develop

License

Reviews

No reviews yet

More Developer Tools MCP Servers

Git

Fetch

Toleno

mcp-creator-python

MarkItDown

FinAgent

Overlayrisk Witness MCP Server

About

Security Report

Findings (6)Action required

Permissions Required

What You'll Need

How to Install

Documentation

OverlayRiskWitness MCP server

What this server is (and isn't)

Tool

witness_page

Install

Claude Desktop / Cursor / other MCP clients

Configuration

Develop

License

Reviews

No reviews yet

More Developer Tools MCP Servers

Git

Fetch

Toleno

mcp-creator-python

MarkItDown

FinAgent

`witness_page`

`witness_page`