MailJunky

7.0

Send emails, track events, and manage contacts with MailJunky.

sseai-ml communication

Installation

Security Report

Score Breakdown

Description10

Permissions10

Behavior4

Stability--

Findings (6)

high

vague-description

Overly broad capability claims without tool visibility

The server claims to 'send emails, track events, and manage contacts' but provides no tool definitions for inspection. This combination of capabilities (email sending + event tracking + contact management) is broad and could enable spam, surveillance, or data harvesting if not properly constrained.

high

excessive-scope

Zero tools exposed despite broad capability claims

The server advertises email sending, event tracking, and contact management capabilities but exposes zero tools. This is inconsistent and suggests either incomplete implementation, hidden functionality, or tools that are dynamically generated/hidden from inspection.

medium

network-access

Remote HTTP endpoint with SSE transport

The server operates as a remote HTTP endpoint (https://mcp.mailjunky.ai/sse) using Server-Sent Events. This means it accepts connections from the internet and could be accessed by any client with the URL. No authentication mechanism is documented.

medium

credential-input

Email and contact management without visible input validation

Email sending and contact management typically require sensitive operations (SMTP credentials, recipient lists, personal data). Without visible tool definitions, input validation and access controls cannot be assessed.

low

info

Repository available for source code review

Positive signal: The server has a public GitHub repository (https://github.com/TheNightProject/tnp.web.mailjunky.ai), allowing for source code inspection and community scrutiny.

info

vague-description

Semantic Analysis Summary

MailJunky claims broad capabilities (email sending, event tracking, contact management) but exposes zero tools for inspection, making it impossible to assess actual functionality or security constraints. The remote HTTP endpoint without documented authentication, combined with the mismatch between claimed scope and exposed tools, raises significant concerns about hidden functionality or incomplete implementation. The public repository is a positive trust signal but does not mitigate the core issues.

Last scanned 55m ago

Details

Version: 0.1.0
Transport: sse
Capabilities
Repository: TheNightProject/tnp.web.mailjunky.ai