MCPSafe

OpenAI Tools MCP Server

B
7.0

Focused MCP server for OpenAI image/audio generation (v2.0.0). Wraps endpoints via HAPI CLI.

streamable-httpai-mlcloudmedia

Installation

Claude Desktop config (remote)

{
  "mcpServers": {
    "ai-com-mcp-openai-tools": {
      "type": "streamable-http",
      "url": "https://openai-tools.run.mcp.com.ai/mcp"
    }
  }
}

Cursor config

{
  "mcpServers": {
    "ai-com-mcp-openai-tools": {
      "url": "https://openai-tools.run.mcp.com.ai/mcp"
    }
  }
}

Security Report

Score Breakdown

Description10
Permissions10
Behavior4
Stability--

Findings (7)

high
network-access

Remote HTTP Endpoint Without Authentication Details

Server uses streamable-http transport with a remote URL (https://openai-tools.run.mcp.com.ai/mcp). No authentication mechanism is documented, creating potential for unauthorized access or man-in-the-middle attacks.

high
vague-description

Unclear Server Purpose and Capabilities

Description mentions 'wraps endpoints via HAPI CLI' but provides no concrete details about what this server actually does, what endpoints it wraps, or how it functions. The phrase 'HAPI CLI' is unexplained.

medium
excessive-scope

Broad Capability Claims Without Tool Definitions

Server claims to handle both image AND audio generation from OpenAI, suggesting broad capabilities. However, zero tools are exposed, making it impossible to verify actual scope or validate security.

medium
credential-input

Potential OpenAI API Key Handling Not Documented

A server wrapping OpenAI endpoints would likely need to handle API credentials. No documentation about how credentials are managed, stored, or transmitted.

low
info

Domain Name Appears Suspicious

The remote URL uses 'mcp.com.ai' - a domain with '.ai' TLD that mimics 'mcp.com'. This could be a typo or a domain squatting concern.

low
info

Website Link Points to Generic OpenAI Documentation

The website URL is the generic OpenAI API reference, not a specific project page or documentation for this MCP server.

info
vague-description

Semantic Analysis Summary

This server presents significant security concerns due to its remote HTTP endpoint without documented authentication, vague description of functionality, and inability to verify actual capabilities (0 tools exposed). The suspicious domain structure and lack of server-specific documentation further reduce confidence. The combination of remote network access, credential handling implications, and opacity makes this a moderate-to-high risk server.

Last scanned 54m ago

Details

Version
0.6.0
Transport
streamable-http
Capabilities
Repository
la-rebelion/hapimcp
Website
platform.openai.com