MCPSafe

LinkedIn MCP Server

B
7.0

LinkedIn API as MCP tools to retrieve profile data and publish content. Powered by HAPI MCP.

streamable-httpcloudfile-system

Installation

Claude Desktop config (remote)

{
  "mcpServers": {
    "ai-com-mcp-linkedin": {
      "type": "streamable-http",
      "url": "https://linkedin.run.mcp.com.ai/mcp"
    }
  }
}

Cursor config

{
  "mcpServers": {
    "ai-com-mcp-linkedin": {
      "url": "https://linkedin.run.mcp.com.ai/mcp"
    }
  }
}

Security Report

Score Breakdown

Description10
Permissions10
Behavior4
Stability--

Findings (7)

high
network-access

Remote HTTP Endpoint Without Visible Authentication

Server operates as a remote HTTP endpoint (streamable-http) accessible via internet URL. No authentication mechanism is documented, creating potential for unauthorized access or man-in-the-middle attacks.

high
credential-input

LinkedIn API Integration Without Credential Security Details

Server claims to handle LinkedIn API operations including profile data retrieval and content publishing. No documentation on how credentials are managed, stored, or transmitted. Risk of credential exposure or misuse.

medium
vague-description

Unclear Scope and Capabilities

Description is minimal and doesn't specify which LinkedIn operations are supported, what data can be accessed, or publishing limitations. 'Powered by HAPI MCP' is vague branding without technical clarity.

medium
excessive-scope

Broad Permissions for Sensitive Platform

LinkedIn is a professional social network with sensitive personal and business data. Claiming both 'retrieve profile data' and 'publish content' represents significant permissions without granular access control details.

low
info

No Tool Definitions Available

Tool definitions could not be fetched from the server, preventing detailed analysis of input validation, prompt injection risks, or actual capability implementation.

low
info

Repository and Website Present

Positive signal: Server has associated GitHub repository and website, providing some source code transparency and organizational identity.

info
vague-description

Semantic Analysis Summary

This LinkedIn MCP server presents moderate-to-high risk due to remote HTTP exposure without documented authentication, sensitive credential handling for LinkedIn API operations, and vague capability descriptions. The lack of tool definitions prevents full security analysis. The combination of internet accessibility and broad social media permissions warrants careful credential management and access controls before deployment.

Last scanned 1h ago

Details

Version
1.0.0+0.7.1
Transport
streamable-http
Capabilities
Repository
la-rebelion/hapimcp
Website
run.mcp.com.ai