ai.smithery/DynamicEndpoints-m365-core-mcp

8.0

*Updated June 17th 2025** Manage your Microsoft 365 services effortlessly. Create and manage distr…

streamable-httpai-ml

Installation

Claude Desktop config (remote)

{
  "mcpServers": {
    "ai-smithery-dynamicendpoints-m365-core-mcp": {
      "type": "streamable-http",
      "url": "https://server.smithery.ai/@DynamicEndpoints/m365-core-mcp/mcp"
    }
  }
}

Cursor config

{
  "mcpServers": {
    "ai-smithery-dynamicendpoints-m365-core-mcp": {
      "url": "https://server.smithery.ai/@DynamicEndpoints/m365-core-mcp/mcp"
    }
  }
}

Security Report

Score Breakdown

Description10

Permissions10

Behavior6

Stability--

Findings (6)

medium

vague-description

Incomplete Server Description

The server description is truncated mid-sentence ('Create and manage distr…'), making it impossible to fully understand the intended scope and capabilities.

medium

network-access

Remote HTTP Endpoint Without Visible Authentication

Server uses streamable-http transport with a remote URL (https://server.smithery.ai/...), meaning it accepts connections from the internet. No authentication mechanism is documented.

medium

excessive-scope

Broad Microsoft 365 Access Claims

The server claims to 'Manage your Microsoft 365 services' which is extremely broad. M365 includes email, calendar, files, teams, and more. Without tool definitions visible, the actual scope cannot be verified.

low

info

Tool Definitions Not Available

Tool definitions could not be fetched from the server, preventing detailed analysis of input validation, permission scope, and potential injection vectors.

low

info

Positive Trust Signal: Repository Available

The server has an associated GitHub repository, which is a positive indicator for transparency and auditability.

info

vague-description

Semantic Analysis Summary

This M365 management server presents moderate concerns due to its remote HTTP endpoint, vague/incomplete description, and broad claimed scope without visible tool definitions for verification. While the presence of a GitHub repository is a positive trust signal, the inability to inspect actual tool definitions and the lack of documented authentication mechanisms prevent a full security assessment. Recommend reviewing the repository code and fetching tool definitions before deployment.

Last scanned 1h ago

Details

Version: 1.1.0
Transport: streamable-http
Capabilities
Repository: DynamicEndpoints/m365-core-mcp