MCPSafe

TinyFish AI Web Agent

B
7.0

AI-powered web automation. Navigate websites using AI agents for one page or a thousand

streamable-httpai-mlautomation

Installation

Claude Desktop config (remote)

{
  "mcpServers": {
    "ai-mino-web-agent": {
      "type": "streamable-http",
      "url": "https://mino.ai/mcp"
    }
  }
}

Cursor config

{
  "mcpServers": {
    "ai-mino-web-agent": {
      "url": "https://mino.ai/mcp"
    }
  }
}

Security Report

Score Breakdown

Description10
Permissions10
Behavior4
Stability--

Findings (7)

high
vague-description

Overly Broad and Vague Capability Claims

The description 'AI-powered web automation. Navigate websites using AI agents for one page or a thousand' is extremely vague about what the server actually does. It claims to handle web automation at any scale but provides no specifics about mechanisms, limitations, or intended use cases.

high
network-access

Unrestricted Web Access Claims

The server claims to 'navigate websites' without any apparent constraints. This suggests potential for accessing arbitrary websites, which could be used for malicious purposes like credential harvesting, phishing, or unauthorized data access.

high
excessive-scope

Disproportionate Scope with Zero Tools Exposed

The server claims broad web automation capabilities but exposes zero tools to the client. This is suspicious - either the tools are hidden/dynamic, or the capabilities are misrepresented.

medium
network-access

Remote HTTP Endpoint Without Authentication Details

The server is exposed as a remote HTTP endpoint (streamable-http) at https://mino.ai/mcp. No authentication mechanism is mentioned, raising concerns about who can access this service and what controls exist.

medium
vague-description

No Source Code or Repository Available

The server has no associated repository or source code link. This prevents verification of actual capabilities, security practices, or code review.

low
data-exfiltration

Potential for Data Exfiltration via Web Navigation

A web automation agent that navigates arbitrary websites could potentially extract sensitive data from pages it visits, especially if used with credentials or in authenticated sessions.

info
vague-description

Semantic Analysis Summary

TinyFish AI Web Agent presents significant security concerns due to vague capability descriptions, claimed unrestricted web navigation without visible constraints, and zero exposed tools despite broad automation claims. The remote HTTP endpoint without documented authentication and lack of source code further elevate risk. This server requires substantial clarification on actual capabilities, access controls, and safety mechanisms before deployment.

Last scanned 51m ago

Details

Version
1.0.0
Transport
streamable-http
Capabilities