ai.smithery/IndianAppGuy-magicslide-mcp

7.0

Generate professional PowerPoint presentations from text, YouTube videos, or structured JSON data.…

streamable-httpai-ml developer-tools media

Installation

Claude Desktop config (remote)

{
  "mcpServers": {
    "ai-smithery-indianappguy-magicslide-mcp": {
      "type": "streamable-http",
      "url": "https://server.smithery.ai/@IndianAppGuy/magicslide-mcp/mcp"
    }
  }
}

Cursor config

{
  "mcpServers": {
    "ai-smithery-indianappguy-magicslide-mcp": {
      "url": "https://server.smithery.ai/@IndianAppGuy/magicslide-mcp/mcp"
    }
  }
}

Security Report

Score Breakdown

Description10

Permissions10

Behavior4

Stability--

Findings (7)

high

vague-description

Incomplete and Vague Server Description

The description is truncated with '…' and doesn't fully explain the server's capabilities, limitations, or how it processes different input types (text, YouTube videos, JSON). This makes it impossible to assess the actual scope and potential risks.

high

network-access

Remote HTTP Endpoint Without Visible Authentication

The server is exposed via a remote HTTP endpoint (streamable-http transport) at https://server.smithery.ai/@IndianAppGuy/magicslide-mcp/mcp. No authentication mechanism is documented, making it accessible to any client that can reach the URL.

high

excessive-scope

Broad Capability Claims Without Tool Visibility

The server claims to handle multiple input types (text, YouTube videos, structured JSON) and generate PowerPoint presentations, but tool definitions are unavailable. This makes it impossible to verify what the server actually does or validate input constraints.

medium

data-exfiltration

No Source Code or Repository Available

The server has no associated repository URL, making it impossible to audit the code, verify security practices, or understand how data is processed and stored. This is a significant trust signal gap.

medium

network-access

YouTube Video Processing Capability Requires External Network Access

The server claims to process YouTube videos, which implies it makes external network requests to YouTube. This capability is not transparent in the tool definitions and could pose privacy/data exfiltration risks.

low

vague-description

Unknown Author/Publisher Credibility

The server is published under 'IndianAppGuy' on smithery.ai, but there's no way to verify the author's identity, reputation, or trustworthiness without a repository or website.

info

vague-description

Semantic Analysis Summary

This server presents moderate-to-high risk due to a remote HTTP endpoint without documented authentication, unavailable tool definitions despite broad capability claims, and no source code repository for verification. The truncated description and lack of transparency about data handling (especially for YouTube video processing) prevent proper security assessment. The combination of network exposure and opaque functionality makes this server unsuitable for sensitive use cases without additional verification.

Last scanned 1h ago

Details

Version: 1.0.0
Transport: streamable-http
Capabilities