MCPSafe

Gossiper Shopify Admin MCP Server

B
7.0

Control Shopify Admin tasks with agents or via prompt. Ultra slim integration, fast and secure.

streamable-httpssecloudproductivityautomation

Installation

Claude Desktop config (remote)

{
  "mcpServers": {
    "ai-gossiper-shopify-admin-mcp": {
      "type": "streamable-http",
      "url": "https://mcp.gossiper.io/mcp"
    }
  }
}

Cursor config

{
  "mcpServers": {
    "ai-gossiper-shopify-admin-mcp": {
      "url": "https://mcp.gossiper.io/mcp"
    }
  }
}

Security Report

Score Breakdown

Description10
Permissions10
Behavior4
Stability--

Findings (6)

high
vague-description

Vague and Unsubstantiated Claims

The description uses marketing language ('ultra slim integration', 'fast and secure') without concrete details about what the server actually does. No specific Shopify Admin capabilities are listed, making it impossible to verify the actual scope.

high
network-access

Remote HTTP Endpoint Without Visible Authentication

Server operates as a remote HTTP/SSE endpoint (https://mcp.gossiper.io/mcp) accessible from the internet. No authentication mechanism is documented, creating potential for unauthorized access or man-in-the-middle attacks.

high
excessive-scope

Broad Shopify Admin Access Without Scope Definition

A server claiming to 'control Shopify Admin tasks' has extremely broad potential scope. Without tool definitions visible and no repository to audit, the actual permissions and capabilities cannot be verified.

high
credential-input

No Source Code or Trust Signals

No repository URL, website, or author information provided. For a server claiming Shopify Admin access (which requires sensitive credentials), the lack of verifiable source code is a critical trust issue.

medium
hidden-instructions

Tool Definitions Unavailable for Security Review

Tool definitions could not be fetched from the server. This prevents verification of input validation, prompt injection protections, and actual capability scope.

info
vague-description

Semantic Analysis Summary

This server presents significant security concerns: it operates as a remote HTTP endpoint with no documented authentication, makes vague claims about Shopify Admin control without verifiable scope, and provides no source code or author information for trust verification. The inability to inspect tool definitions combined with the lack of any trust signals makes this server unsuitable for production use without substantial additional verification.

Last scanned 56m ago

Details

Version
1.0.0
Transport
streamable-http, sse
Capabilities