ai.smithery/Funding-Machine-ghl-mcp-fundingmachine

7.0

Automate GoHighLevel across CRM, messaging, calendars, marketing, e-commerce, and billing. Manage…

streamable-httpai-ml productivity finance automation

Installation

Claude Desktop config (remote)

{
  "mcpServers": {
    "ai-smithery-funding-machine-ghl-mcp-fundingmachine": {
      "type": "streamable-http",
      "url": "https://server.smithery.ai/@Funding-Machine/ghl-mcp-fundingmachine/mcp"
    }
  }
}

Cursor config

{
  "mcpServers": {
    "ai-smithery-funding-machine-ghl-mcp-fundingmachine": {
      "url": "https://server.smithery.ai/@Funding-Machine/ghl-mcp-fundingmachine/mcp"
    }
  }
}

Security Report

Score Breakdown

Description10

Permissions10

Behavior4

Stability--

Findings (7)

high

vague-description

Incomplete and Truncated Description

The server description is cut off mid-sentence ('Manage…'), making it impossible to understand the full scope of capabilities. This prevents proper security assessment and suggests either incomplete documentation or intentional obfuscation.

high

excessive-scope

Overly Broad Capability Claims

The server claims to automate GoHighLevel across 6+ major domains (CRM, messaging, calendars, marketing, e-commerce, billing). This is an unusually broad scope for a single MCP server and increases attack surface and potential for misuse.

high

network-access

Remote HTTP Endpoint Without Visible Authentication

Server uses streamable-http transport with a remote URL (https://server.smithery.ai/...), meaning it accepts connections from the internet. No authentication mechanism is documented, creating potential unauthorized access risk.

medium

excessive-scope

No Source Code Repository

No repository URL provided. Cannot verify server implementation, audit code for vulnerabilities, or confirm the server does what it claims. This is a significant trust gap for a remote server with broad capabilities.

medium

excessive-scope

Tools Not Available for Inspection

Tool definitions were not fetched from the server. Cannot assess input validation, prompt injection risks, or whether claimed capabilities match actual implementation.

low

info

No Resource Definitions

Server has no resources defined, which is typical for tool-only servers but limits understanding of data access patterns.

info

vague-description

Semantic Analysis Summary

This server presents significant security concerns due to its remote HTTP endpoint, overly broad claimed scope across 6+ business domains, truncated description, and complete lack of source code transparency. The inability to inspect tool definitions and absence of documented authentication mechanisms further elevate risk. This server should not be trusted without substantial additional verification and documentation.

Last scanned 1h ago

Details

Version: 1.0.0
Transport: streamable-http
Capabilities