← MCP Scorecard / sooperset/mcp-atlassian
APass

sooperset/mcp-atlassian

composite 96 / 100 · pinned commit d4946340e6a9 · ruleset pack-mcp-core@0.1.0 · 234,582/wk
Tool-description injection w20100
Credential / secret handling w20100
Network egress / SSRF w2090
Permission scope vs declared w2590
Supply-chain provenance w15100

Findings

Each finding names the rule it triggered, what that rule means, its CWE reference, and the line of code it points at. An observed code path, published as a flow, never as intent.

Medium  MCP-TLS-VERIFICATION-DISABLED

code disables TLS certificate verification

src/mcp_atlassian/utils/ssl.py:64
Medium  MCP-BIND-ALL-INTERFACES

binds all interfaces

src/mcp_atlassian/__init__.py:151

Embed this grade

MCP security: grade AMCP securityA
Grade A — Pass
[![MCP security: A](https://sentinel-engine-ggaj.onrender.com/registry/badge/sooperset__mcp-atlassian.svg)](https://sentinel-engine-ggaj.onrender.com/registry/sooperset__mcp-atlassian.html)

🔁 Verify it yourself: clone sooperset/mcp-atlassian at d4946340e6a9 and run the open scanner (anwen-labs/sentinel-mcp, ruleset pack-mcp-core@0.1.0). Same input → same grade, every time.