ai.smithery/222wcnm-bilistalkermcp

7.0

Track Bilibili creators and get the latest updates on videos, dynamics, and articles. Fetch user p…

streamable-httpai-ml developer-tools media

Installation

Claude Desktop config (remote)

{
  "mcpServers": {
    "ai-smithery-222wcnm-bilistalkermcp": {
      "type": "streamable-http",
      "url": "https://server.smithery.ai/@222wcnm/bilistalkermcp/mcp"
    }
  }
}

Cursor config

{
  "mcpServers": {
    "ai-smithery-222wcnm-bilistalkermcp": {
      "url": "https://server.smithery.ai/@222wcnm/bilistalkermcp/mcp"
    }
  }
}

Security Report

Score Breakdown

Description10

Permissions10

Behavior4

Stability--

Findings (6)

high

vague-description

Incomplete and Truncated Description

The server description is cut off mid-sentence ('Fetch user p…'), making it impossible to fully understand the server's capabilities and purpose. This incomplete documentation raises concerns about transparency and proper disclosure.

high

network-access

Remote HTTP Endpoint with No Visible Authentication

The server uses a remote HTTP endpoint (streamable-http transport) at https://server.smithery.ai/@222wcnm/bilistalkermcp/mcp. No authentication mechanism is documented, meaning any client with the URL could potentially interact with this server.

medium

excessive-scope

Broad Surveillance Capabilities

The server is designed to 'track Bilibili creators' and monitor their activities (videos, dynamics, articles). This surveillance-oriented functionality could be used to monitor individuals without consent, especially given the vague description doesn't clarify consent or privacy safeguards.

medium

network-access

Third-Party API Integration Without Visibility

The server integrates with Bilibili (a Chinese video platform) but tool definitions are not available for inspection. Cannot verify what data is being fetched, how it's processed, or what privacy implications exist.

low

info

No Tools Currently Exposed

The server reports 0 tools and no resources. While this reduces immediate risk, it's unclear if tools are simply not being advertised or if the server is non-functional.

info

vague-description

Semantic Analysis Summary

This server presents moderate-to-high risk due to its remote HTTP endpoint without documented authentication, incomplete/truncated description, and surveillance-oriented purpose ('stalker' functionality). The inability to inspect tool definitions prevents full security assessment. While a GitHub repository exists (positive signal), the vague description and network exposure warrant caution before deployment.

Last scanned 1h ago

Details

Version: 1.15.0
Transport: streamable-http
Capabilities
Repository: 222wcnm/BiliStalkerMCP