← MCP Scorecard / awslabs/mcp
BLow risk

awslabs/mcp

composite 84 / 100 · pinned commit 77c5c5108b5f · ruleset pack-mcp-core@0.1.0 · 1,661/wk
Grade capped at Bhigh-unresolved:cap-B.
Tool-description injection w20100
Credential / secret handling w20100
Network egress / SSRF w20100
Permission scope vs declared w2536
Supply-chain provenance w15100

Findings

Each finding names the rule it triggered, what that rule means, its CWE reference, and the line of code it points at. An observed code path, published as a flow, never as intent.

High  MCP-FILESYSTEM-UNSCOPED

tool-input paths reach a filesystem call with no jail root

src/dynamodb-mcp-server/awslabs/dynamodb_mcp_server/server.py:549
High  MCP-FILESYSTEM-UNSCOPED

tool-input paths reach a filesystem call with no jail root

src/dynamodb-mcp-server/awslabs/dynamodb_mcp_server/server.py:758
Low  MCP-BIND-ALL-INTERFACES

binds all interfaces

src/amazon-bedrock-agentcore-mcp-server/awslabs/amazon_bedrock_agentcore_mcp_server/tools/runtime/guide.py:102
Medium  MCP-INPUT-UNVALIDATED

unbounded numeric param or input treated as a regex (resource exhaustion / ReDoS)

src/security-agent-mcp-server/awslabs/security_agent_mcp_server/server.py:576

Embed this grade

MCP security: grade BMCP securityB
Grade B — Low risk
[![MCP security: B](https://sentinel-engine-ggaj.onrender.com/registry/badge/awslabs__mcp.svg)](https://sentinel-engine-ggaj.onrender.com/registry/awslabs__mcp.html)

🔁 Verify it yourself: clone awslabs/mcp at 77c5c5108b5f and run the open scanner (anwen-labs/sentinel-mcp, ruleset pack-mcp-core@0.1.0). Same input → same grade, every time.