ai.rolli/mcp
Social media search and analytics across X, Reddit, Bluesky, YouTube, and more
Installation
Install from source
git clone https://github.com/rolliinc/rolli-mcp
cd ai-rolli-mcp
npm install
npm startSecurity Report
Score Breakdown
Findings (6)
Overly broad scope without specifics
The server claims to provide 'social media search and analytics across X, Reddit, Bluesky, YouTube, and more' but offers no details on what specific capabilities are available. The phrase 'and more' suggests undefined scope expansion.
Aggregated access to multiple social platforms
A single server claiming unified access to multiple social media platforms (X, Reddit, Bluesky, YouTube) represents significant scope. This could enable mass data collection, surveillance, or scraping across platforms.
Unknown transport type with network implications
Transport type is listed as 'unknown', making it impossible to assess whether this is a local stdio server or a remote HTTP endpoint. Remote servers accepting internet connections pose higher risk.
Tool definitions unavailable for security review
No tool definitions were fetched from the server, preventing analysis of input validation, prompt injection risks, or actual capability scope. This is a significant gap in security assessment.
Positive: Repository available
The server has a public GitHub repository, which is a positive trust signal and allows for source code review.
Semantic Analysis Summary
This social media analytics server presents moderate-to-high risk due to its broad, undefined scope across multiple platforms and unavailable tool definitions preventing proper security review. The unknown transport type and vague capability descriptions ('and more') raise concerns about potential data collection or surveillance capabilities. The public repository is a positive signal, but source code review is essential before deployment.
Last scanned 1h ago
Details
- Version
- 1.1.7
- Transport
- Unknown
- Capabilities
- Repository
- rolliinc/rolli-mcp