MCP Scanner
ScanLeaderboardDocsSign in
Home/mark3labs/mcp-filesystem-server/Results

This repository may not be an MCP server

We could not detect MCP SDK imports or tool registrations.

36F

mcp-filesystem-server

mark3labs/mcp-filesystem-server

5 files · 8 findings

Share GitHub SARIF JSON
8 high
Tool Poisoningclean
Command Injectionclean
Path Traversalclean
SSRFclean
Credential Theftclean
Excessive Permissionsclean
Missing Authclean
Supply Chain
Supply Chain8

GitHub Actions with unpinned actions

high

Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.

.github/workflows/release.yml:17
uses: actions/checkout@v4
How to fix

Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...

8 issues
Rug Pullclean
Data Exfiltrationclean
Insecure Communicationclean
Excessive Data Exposureclean
Logging Deficiencyclean
Runtime Tool Poisoningclean
Shadow MCP Serverclean

GitHub Actions with unpinned actions

high

Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.

.github/workflows/release.yml:22
uses: actions/setup-go@v5
How to fix

Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...

GitHub Actions with unpinned actions

high

Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.

.github/workflows/release.yml:28
uses: goreleaser/goreleaser-action@v6
How to fix

Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...

GitHub Actions with unpinned actions

high

Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.

.github/workflows/release.yml:41
uses: docker/login-action@v3
How to fix

Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...

GitHub Actions with unpinned actions

high

Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.

.github/workflows/release.yml:48
uses: docker/setup-buildx-action@v3
How to fix

Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...

GitHub Actions with unpinned actions

high

Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.

.github/workflows/release.yml:51
uses: docker/build-push-action@v6
How to fix

Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...

GitHub Actions with unpinned actions

high

Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.

.github/workflows/test.yml:13
uses: actions/checkout@v4
How to fix

Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...

GitHub Actions with unpinned actions

high

Using GitHub Actions with branch references instead of SHA pins enables supply chain attacks.

.github/workflows/test.yml:18
uses: actions/setup-go@v5
How to fix

Pin GitHub Actions to full commit SHAs: uses: actions/checkout@abc123...