MCPSafe

Scite

A
8.0

Ground answers in scientific literature. Search full text, evaluate trust, access full-text articles

streamable-httpsearchsecurity

Installation

Claude Desktop config (remote)

{
  "mcpServers": {
    "ai-scite-mcp": {
      "type": "streamable-http",
      "url": "https://api.scite.ai/mcp"
    }
  }
}

Cursor config

{
  "mcpServers": {
    "ai-scite-mcp": {
      "url": "https://api.scite.ai/mcp"
    }
  }
}

Security Report

Score Breakdown

Description10
Permissions10
Behavior6
Stability--

Findings (6)

medium
vague-description

Unclear capability scope

The description mentions 'search full text', 'evaluate trust', and 'access full-text articles' but lacks specificity about what operations are actually performed, what data sources are queried, and what 'evaluate trust' entails.

medium
network-access

Remote HTTP endpoint without visible authentication

Server operates as a remote HTTP endpoint (streamable-http) at https://api.scite.ai/mcp. No authentication mechanism is documented, and the server accepts connections from the internet.

medium
excessive-scope

Broad data access claims

The server claims to 'access full-text articles' which suggests broad access to potentially copyrighted scientific literature. The scope of what can be accessed and how it's licensed is unclear.

low
vague-description

No source code repository

No GitHub repository or source code link provided. While the website exists, the lack of open-source code limits transparency and auditability.

info
vague-description

Tool definitions not available

Tool definitions could not be fetched from the server, preventing detailed analysis of input validation, prompt injection risks, and actual capability constraints.

info
vague-description

Semantic Analysis Summary

Scite presents moderate security concerns due to its remote HTTP endpoint without documented authentication, vague capability descriptions (particularly 'evaluate trust' and 'access full-text articles'), and lack of source code transparency. The inability to inspect tool definitions prevents deeper analysis of input validation and potential misuse patterns. While the service appears legitimate (established website), the broad scope of scientific literature access and unclear operational boundaries warrant caution.

Last scanned 52m ago

Details

Version
1.0.0
Transport
streamable-http
Capabilities
Website
scite.ai