MCPSafe

OpenMandate

B
7.5

MCP server for OpenMandate — post mandates and check matches for cofounders and early teams.

streamable-httpcommunicationcloud

Installation

Claude Desktop config (remote)

{
  "mcpServers": {
    "ai-openmandate-mcp": {
      "type": "streamable-http",
      "url": "https://mcp.openmandate.ai/mcp"
    }
  }
}

Cursor config

{
  "mcpServers": {
    "ai-openmandate-mcp": {
      "url": "https://mcp.openmandate.ai/mcp"
    }
  }
}

Security Report

Score Breakdown

Description10
Permissions10
Behavior5
Stability--

Findings (6)

medium
vague-description

Unclear server purpose and capabilities

The description mentions 'post mandates' and 'check matches' but doesn't clearly explain what these operations do, what data is involved, or what the actual API endpoints perform. Terms like 'mandates' and 'matches' are ambiguous without context.

medium
network-access

Remote HTTP endpoint without visible authentication

Server uses streamable-http transport with a remote URL (https://mcp.openmandate.ai/mcp), meaning it accepts connections from the internet. No authentication mechanism is documented.

medium
excessive-scope

Potential for sensitive data handling

A server dealing with 'cofounders and early teams' likely processes personal information, contact details, or business relationships. The vague description makes it unclear what data validation and protection measures exist.

low
vague-description

No source code repository available

Without access to source code, it's impossible to audit the actual implementation, input validation, or data handling practices. This reduces transparency and trust.

info
vague-description

Tool definitions not available for inspection

Tools were not fetched from the server, preventing detailed analysis of what operations are actually available and how they handle inputs.

info
vague-description

Semantic Analysis Summary

OpenMandate presents moderate security concerns due to its remote HTTP endpoint, vague operational description, and lack of source code transparency. The server appears to handle sensitive cofounder/team data, but without clear documentation of capabilities, data handling, or authentication mechanisms, the actual risk profile cannot be fully assessed. The absence of a public repository limits auditability.

Last scanned 53m ago

Details

Version
0.5.0
Transport
streamable-http
Capabilities
Website
openmandate.ai