ai.smithery/HARJAP-SINGH-3105-splitwise_mcp

8.0

Manage Splitwise balances, expenses, and groups from your workspace. Fetch friends and recent acti…

streamable-httpai-ml

Installation

Claude Desktop config (remote)

{
  "mcpServers": {
    "ai-smithery-harjap-singh-3105-splitwise-mcp": {
      "type": "streamable-http",
      "url": "https://server.smithery.ai/@HARJAP-SINGH-3105/splitwise_mcp/mcp"
    }
  }
}

Cursor config

{
  "mcpServers": {
    "ai-smithery-harjap-singh-3105-splitwise-mcp": {
      "url": "https://server.smithery.ai/@HARJAP-SINGH-3105/splitwise_mcp/mcp"
    }
  }
}

Security Report

Score Breakdown

Description10

Permissions10

Behavior6

Stability--

Findings (6)

medium

vague-description

Incomplete Server Description

The description is truncated mid-sentence ('...recent acti…'), making it impossible to fully understand the server's capabilities and scope.

medium

network-access

Remote HTTP Endpoint Without Visible Authentication

Server uses streamable-http transport with a remote URL (https://server.smithery.ai/...), meaning it accepts connections from the internet. No authentication mechanism is documented.

medium

credential-input

Financial Service Access Without Tool Visibility

Server manages Splitwise (financial/expense tracking service), which typically requires API credentials. Tool definitions are unavailable, so credential handling cannot be audited.

low

excessive-tools

Tool Count Mismatch

Server claims to manage multiple Splitwise features (balances, expenses, groups, friends, activities) but reports 0 tools. This is inconsistent with the described functionality.

info

vague-description

Positive Trust Signal: Repository Available

Server has a public GitHub repository, allowing source code review and community scrutiny.

info

vague-description

Semantic Analysis Summary

This Splitwise management server has moderate concerns due to remote HTTP exposure without documented authentication, incomplete description, and unavailable tool definitions that prevent security auditing of credential handling. The presence of a public repository is a positive trust signal, but the tool count mismatch (0 tools despite claimed functionality) and inability to inspect actual implementations create uncertainty about the server's real capabilities and security posture.

Last scanned 1h ago

Details

Version: 1.14.0
Transport: streamable-http
Capabilities
Repository: HARJAP-SINGH-3105/Splitwise_MCP