MCPSafe

ai.pictomancer/image-processing

B
7.0

Image processing for AI agents. Resize, convert, compress, and pipeline images.

streamable-httpai-mlmediaautomation

Installation

Claude Desktop config (remote)

{
  "mcpServers": {
    "ai-pictomancer-image-processing": {
      "type": "streamable-http",
      "url": "https://mcp.pictomancer.ai/mcp"
    }
  }
}

Cursor config

{
  "mcpServers": {
    "ai-pictomancer-image-processing": {
      "url": "https://mcp.pictomancer.ai/mcp"
    }
  }
}

Security Report

Score Breakdown

Description10
Permissions10
Behavior4
Stability--

Findings (6)

high
vague-description

Vague and Overly Broad Description

The description 'Image processing for AI agents. Resize, convert, compress, and pipeline images.' is generic and lacks specificity about actual capabilities, limitations, or intended use cases. The term 'pipeline images' is particularly vague and could imply arbitrary image processing workflows.

high
network-access

Remote HTTP Endpoint Without Visible Authentication

The server is exposed as a remote HTTP endpoint (https://mcp.pictomancer.ai/mcp) rather than a local stdio server. Remote endpoints are inherently higher risk as they accept connections from the internet. No authentication mechanism is documented.

medium
excessive-tools

Tool Definitions Unavailable for Audit

Tool definitions were not fetched from the server, making it impossible to audit for prompt injection, unconstrained input, or hidden instructions. This is a significant gap in security assessment.

medium
excessive-scope

Mismatch Between Tool Count and Stated Functionality

The server claims to provide image processing capabilities (resize, convert, compress, pipeline) but reports 0 tools. This inconsistency suggests either incomplete metadata or dynamic tool generation that cannot be audited.

low
info

Positive: Repository Available

The server has a public GitLab repository, which provides some transparency and allows source code review.

info
vague-description

Semantic Analysis Summary

This image processing server presents moderate-to-high risk due to its remote HTTP exposure without documented authentication, vague capability description, and unavailable tool definitions that prevent security auditing. The mismatch between claimed functionality and reported tool count (0) raises questions about metadata accuracy. While the public repository is a positive signal, the inability to audit actual tool implementations and input validation is a critical gap.

Last scanned 1h ago

Details

Version
0.1.0
Transport
streamable-http
Capabilities
Repository
https://gitlab.com/pictomancer.ai/pig-gateway