ai.meetlark/mcp-server

7.0

Agent-first meeting schedule polls for humans and agents. Create polls, vote, find times.

streamable-httpai-ml cloud search automation

Installation

Claude Desktop config (remote)

{
  "mcpServers": {
    "ai-meetlark-mcp-server": {
      "type": "streamable-http",
      "url": "https://meetlark.ai/mcp"
    }
  }
}

Cursor config

{
  "mcpServers": {
    "ai-meetlark-mcp-server": {
      "url": "https://meetlark.ai/mcp"
    }
  }
}

Security Report

Score Breakdown

Description10

Permissions10

Behavior4

Stability--

Findings (7)

high

vague-description

Unclear server purpose and capabilities

The description is vague about what the server actually does. It mentions 'agent-first meeting schedule polls' but doesn't clearly explain the core functionality, data models, or API contract. Terms like 'polls for humans and agents' are ambiguous.

high

network-access

Remote HTTP endpoint without visible authentication

Server is exposed via remote HTTPS endpoint (https://meetlark.ai/mcp) using streamable-http transport. No authentication mechanism is documented. Remote servers are higher risk as they accept connections from the internet.

high

excessive-scope

Broad capability claims without tool visibility

Server claims to handle meeting scheduling, polling, voting, and time-finding - multiple distinct capabilities. With 0 tools available for inspection, the actual scope and implementation cannot be verified.

medium

vague-description

No source code repository provided

No repository URL is available for code review or verification. This eliminates transparency and makes it impossible to audit the actual implementation for security issues.

medium

vague-description

Tools not fetched - cannot assess input validation

Tool definitions are not available, preventing analysis of input validation, prompt injection risks, or unconstrained parameters. This is a significant gap in security assessment.

low

vague-description

Unclear data handling for sensitive scheduling information

Meeting schedules and participant information are potentially sensitive. The description doesn't clarify how data is stored, who has access, or what privacy protections exist.

info

vague-description

Semantic Analysis Summary

This server presents moderate-to-high security concerns due to its remote HTTP exposure without documented authentication, vague capability descriptions, and inability to inspect tool definitions. The lack of source code repository eliminates transparency. The broad scope of claimed features (scheduling, polling, voting, time-finding) combined with zero visible tools and no implementation details makes it difficult to assess actual risk.

Last scanned 1mo ago

Details

Version: 1.0.3
Transport: streamable-http
Capabilities