Bezal — Local Business Intelligence for AI Agents

7.0

Search 7,000+ local service businesses across America by category, location, or keyword.

Installation

Claude Desktop config (remote)

{
  "mcpServers": {
    "ai-bezal-local-commerce": {
      "type": "streamable-http",
      "url": "https://app.bezal.ai/api/mcp"
    }
  }
}

Cursor config

{
  "mcpServers": {
    "ai-bezal-local-commerce": {
      "url": "https://app.bezal.ai/api/mcp"
    }
  }
}

Security Report

Score Breakdown

Description10

Permissions10

Behavior4

Stability--

Findings (7)

high

vague-description

Unclear server purpose and capabilities

The description only mentions searching local business data but provides no details about what the server actually does, what tools it exposes, or how it processes requests. The phrase 'Local Business Intelligence for AI Agents' is vague and doesn't clarify the server's actual functionality.

high

network-access

Remote HTTP endpoint without visible authentication

The server uses a remote streamable-http transport (https://app.bezal.ai/api/mcp), meaning it accepts connections from the internet. No authentication mechanism is mentioned in the provided metadata.

high

excessive-scope

Broad data access claims without scope limitation

The server claims access to 7,000+ business records searchable by category, location, or keyword. This is a large dataset with multiple query dimensions, but no information about rate limiting, data filtering, or access controls.

medium

data-exfiltration

Potential for bulk data extraction

A business search service with broad query capabilities (category, location, keyword) could be used to systematically extract large portions of the business database without clear rate limiting or usage restrictions mentioned.

medium

vague-description

No source code or repository available

The server has no associated repository, making it impossible to audit the actual implementation, security practices, or data handling.

low

vague-description

Tool definitions not available for inspection

Tools were not fetched from the server, preventing detailed analysis of input validation, prompt injection risks, or actual capabilities.

info

vague-description

Semantic Analysis Summary

Bezal presents moderate-to-high security concerns due to its remote HTTP endpoint without visible authentication, broad data access claims across 7,000+ business records, and complete lack of source code or detailed documentation. The vague description combined with a remote transport and no repository makes it difficult to verify the server's actual security practices or data handling. The inconsistency between claiming to be a search service but reporting 0 tools raises additional questions about the server's actual implementation.

Last scanned 58m ago

Details

Version: 1.0.0
Transport: streamable-http
Capabilities