ai.smithery/BigVik193-reddit-user-mcp

7.0

Browse and manage Reddit posts, comments, and threads. Fetch user activity, explore hot/new/rising…

streamable-httpai-ml

Installation

Claude Desktop config (remote)

{
  "mcpServers": {
    "ai-smithery-bigvik193-reddit-user-mcp": {
      "type": "streamable-http",
      "url": "https://server.smithery.ai/@BigVik193/reddit-user-mcp/mcp"
    }
  }
}

Cursor config

{
  "mcpServers": {
    "ai-smithery-bigvik193-reddit-user-mcp": {
      "url": "https://server.smithery.ai/@BigVik193/reddit-user-mcp/mcp"
    }
  }
}

Security Report

Score Breakdown

Description10

Permissions10

Behavior4

Stability--

Findings (6)

high

vague-description

Incomplete and Vague Server Description

The description is truncated mid-sentence ('explore hot/new/rising…') and doesn't clearly specify what capabilities are actually provided. It's unclear what 'manage' means in the context of Reddit posts and comments.

high

network-access

Remote HTTP Endpoint Without Visible Authentication

Server uses streamable-http transport with a remote URL (https://server.smithery.ai/...), meaning it accepts connections from the internet. No authentication mechanism is documented.

medium

excessive-scope

Broad Reddit Access Claims

The server claims to 'browse and manage' Reddit content including user activity, posts, comments, and threads. This is a broad scope that could enable scraping, data collection, or unauthorized modifications.

medium

credential-input

Likely Requires Reddit Credentials or API Keys

A Reddit management server almost certainly requires authentication credentials (Reddit API keys, OAuth tokens, or user credentials). These would need to be provided to the server, creating a credential handling risk.

low

info

Tool Definitions Not Available

Tool definitions could not be fetched from the server, preventing detailed analysis of input validation, prompt injection risks, or actual capability scope.

info

vague-description

Semantic Analysis Summary

This Reddit management server presents moderate-to-high risk due to its remote HTTP endpoint without documented authentication, vague/incomplete description, and broad claimed capabilities for browsing and managing Reddit content. The inability to inspect tool definitions prevents full assessment of input validation and credential handling. While it has a GitHub repository (positive signal), the lack of clear scope boundaries and authentication documentation raises concerns about credential security and potential for misuse.

Last scanned 1h ago

Details

Version: 1.0.0
Transport: streamable-http
Capabilities
Repository: BigVik193/reddit-user-mcp