ai.smithery/IndianAppGuy-magicslide-mcp-actual-test

7.0

Generate polished PowerPoint presentations from text prompts, YouTube videos, or structured outlin…

streamable-httpai-ml developer-tools media

Installation

Claude Desktop config (remote)

{
  "mcpServers": {
    "ai-smithery-indianappguy-magicslide-mcp-actual-test": {
      "type": "streamable-http",
      "url": "https://server.smithery.ai/@IndianAppGuy/magicslide-mcp-actual-test/mcp"
    }
  }
}

Cursor config

{
  "mcpServers": {
    "ai-smithery-indianappguy-magicslide-mcp-actual-test": {
      "url": "https://server.smithery.ai/@IndianAppGuy/magicslide-mcp-actual-test/mcp"
    }
  }
}

Security Report

Score Breakdown

Description10

Permissions10

Behavior4

Stability--

Findings (7)

high

vague-description

Incomplete and Truncated Description

The server description is cut off mid-sentence ('...structured outlin…'), making it impossible to fully understand the server's capabilities and scope. This incomplete information prevents proper security assessment.

high

network-access

Remote HTTP Endpoint Without Visible Authentication

The server uses streamable-http transport with a remote URL (https://server.smithery.ai/...), meaning it accepts connections from the internet. No authentication mechanism is documented, creating exposure risk.

high

excessive-scope

Broad Capability Claims Without Tool Visibility

The server claims to generate presentations from multiple input types (text prompts, YouTube videos, structured outlines), suggesting complex capabilities. However, no tools are available for inspection, preventing verification of actual scope and implementation.

medium

data-exfiltration

No Source Code Repository

No repository URL is provided, making it impossible to audit the server's code for data exfiltration patterns, hidden instructions, or malicious behavior. This is a significant trust signal gap.

medium

network-access

YouTube Video Processing Capability

The server claims to process YouTube videos, which implies network access to external services. This capability is not documented in detail and could pose privacy/security risks if user data or video content is transmitted.

low

info

Tools Not Fetched

Tool definitions are not available for inspection. While the server reports 0 tools, this could indicate either a minimal server or a fetching issue. Recommend attempting to fetch tool definitions directly.

info

vague-description

Semantic Analysis Summary

This server presents moderate-to-high risk due to its remote HTTP endpoint without documented authentication, vague/incomplete description, and inability to verify actual capabilities. The claimed ability to process YouTube videos and generate presentations suggests broad network access, but no source code repository exists for auditing. The zero visible tools combined with broad capability claims is suspicious and warrants further investigation before deployment.

Last scanned 1h ago

Details

Version: 1.0.0
Transport: streamable-http
Capabilities