MCPSafe

DataMerge MCP

B
7.0

B2B data enrichment for 375M+ companies: legal entities, corporate hierarchies, and contacts.

streamable-http

Installation

Claude Desktop config (remote)

{
  "mcpServers": {
    "ai-datamerge-mcp": {
      "type": "streamable-http",
      "url": "https://mcp.datamerge.ai"
    }
  }
}

Cursor config

{
  "mcpServers": {
    "ai-datamerge-mcp": {
      "url": "https://mcp.datamerge.ai"
    }
  }
}

Security Report

Score Breakdown

Description10
Permissions10
Behavior4
Stability--

Findings (7)

high
vague-description

Unclear Capability Scope

The server description claims to provide 'B2B data enrichment for 375M+ companies' but lacks specifics about what data is accessed, how it's processed, or what the actual API endpoints do. The phrase '375M+ companies' is a marketing claim without technical clarity.

high
network-access

Remote HTTP Endpoint Without Authentication Details

Server uses streamable-http transport with a remote URL (https://mcp.datamerge.ai). No information provided about authentication mechanisms, API key requirements, rate limiting, or access controls.

high
excessive-scope

Broad Data Access Claims Without Justification

Claims access to 375M+ companies' data including 'legal entities, corporate hierarchies, and contacts.' This is an extremely broad scope for a single MCP server with no clear use case boundaries or data governance documentation.

medium
vague-description

No Source Code or Repository

No repository URL provided. Cannot verify server implementation, audit code for security issues, or assess data handling practices.

medium
vague-description

Tool Definitions Not Available

Tool definitions could not be fetched from the server. Cannot assess input validation, prompt injection risks, or actual API surface area.

low
info

No Local Trust Signals

No website, documentation URL, or known author information provided. Difficult to establish legitimacy or find security contact information.

info
vague-description

Semantic Analysis Summary

DataMerge MCP presents significant security concerns due to its remote HTTP endpoint, vague description of capabilities, and claims of access to massive corporate datasets without clear governance or authentication details. The absence of source code, tool definitions, and documentation makes it impossible to verify actual security practices or data handling. This server should not be trusted without substantial additional verification and documentation.

Last scanned 55m ago

Details

Version
1.0.0
Transport
streamable-http
Capabilities