Skip to content

DEV Community

Michael Kayode Onyekwere

Posted on Apr 13

AGENTSCORE-2026-0004: `@opentabs-dev/mcp-server` risk change detected

#security #mcp #npm #supplychain

@opentabs-dev/mcp-server updated from 0.0.94 to 0.0.95. Score changed 85/100 to 65/100 (-20). Risk: LOW to ELEVATED. 3 findings.

Package

Name: @opentabs-dev/mcp-server
Version: 0.0.94 to 0.0.95
Score: 85/100 to 65/100
Risk: LOW to ELEVATED

Findings

[MEDIUM] no_repository: Package has no repository link — source code is not verifiable
[HIGH] command_injection: Potential command injection: shell execution with template literal input
[LOW] no_provenance: Package is not published with provenance attestations or trusted publishing. Published by: opentabs-dev-admin

Affected MCP Servers

@opentabs-dev/cli

Full advisory: AGENTSCORE-2026-0004

Verdict API: curl https://agentscores.xyz/api/verdict?npm=%40opentabs-dev%2Fmcp-server

Auto-published by AgentScore MCP security monitoring.

Top comments (0)

Subscribe