\n```\n\nThe WebMCP widget will automatically initialize and appear in the bottom right corner of your page. Clicking on it will ask for a webmcp token which the end-user will generate.\n\n### Full Demo (3 minutes)\n\nhttps://github.com/user-attachments/assets/43ad160a-846d-48ad-9af9-f6d537e78473\n\n## More Info About How It Works\n\nThe bridge between the MCP client and the website is a localhost-only (not accessible to requests outside your computer) websocket server. Because it is configured to allow requests from your local web browser, authentication / token exchange is required, in case you visit a website attempting to abuse this.\n\n_Ideally the web browser itself would have an explicit permission for this, like webcam or microphone use._\n\n1. The MCP client connects to the `/mcp` path using the server token from `.env` (auto-generated)\n2. The server generates a registration token (instigated via the built-in mcp tool by a model or the `--new` command)\n3. Web clients connect to the `/register` endpoint with this token and its domain.\n4. Web pages connect to their assigned channel based on their domain.\n5. When an LLM wants to use a tool / resource / prompt, the request flows from:\n - MCP Client \u2192 MCP Server \u2192 WebSocket Server \u2192 Web Page with the tool / resource / prompt\n - (similar for requesting a list of tools / resources / prompts)\n6. The web page performs the request (e.g. call tool) and sends the result back through the same path\n7. Multiple web pages can be connected simultaneously, each with their own set of tools and tokens\n8. The MCP client sees all tools as a unified list, with channel prefixes to avoid name collisions\n\n```mermaid\nsequenceDiagram\n participant User\n participant MCP as MCP Client\n participant Server as MCP Server\n participant WS as WebSocket Server\n participant Web as Website\n\n %% Initial connection\n MCP->>Server: Connect to /mcp with internal server token\n\n %% Website registration token\n User->>MCP: Request registration token\n MCP->>Server: Request registration token\n Server-->>MCP: Return registration token\n MCP-->>User: Display registration token\n\n %% Website registration\n User->>Web: Paste registration token\n Web->>WS: Connect to /register with token & domain (registration token deleted)\n WS-->>Web: Assign channel & session token\n Web->>WS: Connect to assigned channel\n\n %% Tool interaction\n MCP->>Server: Request tools list\n Server->>WS: Forward request\n WS->>Web: Request tools\n Web-->>WS: Return tools list\n WS-->>Server: Forward tools list\n Server-->>MCP: Return tools list\n\n %% Tool execution\n MCP->>Server: Tool request\n Server->>WS: Forward request\n WS->>Web: Execute tool\n Web-->>WS: Return result\n WS-->>Server: Forward result\n Server-->>MCP: Return result\n\n %% Disconnection\n User->>Web: Disconnect\n Web->>WS: Close connection\n```\n\n## Security\n\nThis is a super early project. I'm very interested in hardening security to prevent malicious extensions etc. from being\nable to perform prompt injection attacks and similar. If you have constructive ideas, please reach out or open an issue.\n\n## Built in tools\n\n- Token generator (for connecting to WebMCP websites)\n- MCP Tool Definer (to simplify building the schema of a tool for use with MCP)\n - You can ask for the javascript (if relevant) in a follow-up message for use with WebMCP\n\n## Docker\n\nThere is a `Dockerfile` specifically for Smithery deployment.\n\nIf you'd like to use docker to run the websocket server, I've added a `docker-compose.yml` for demonstration purposes.\n\nIf `--docker` is provided to the mcp client config alongside `--mcp`, it will assume the server is running. This will allow you to dockerize the main process (websocket server), and your mcp client will connect to your docker container via websocket. Similarly, websites will communicate with your docker container.", "installation_instructions": null, "categories": [ "Everything", "Infrastructure & Blockchain Tools", "System & Data Integrators" ], "owners": [], "owner": null, "code_snippets": { "status": "published", "package_name": "@mseep/webmcp", "package_type": "npm", "published_url": "https://www.npmjs.com/package/@mseep/webmcp", "package_version": "0.1.13", "macos_audit_passed": true }, "evaluation_results": [], "found_via_ownership_request": false, "security_scans": [ { "repo_url": "https://github.com/jasonjmcghee/WebMCP", "repo_name": "WebMCP", "score": 64, "risk_level": "high", "score_explanation": "Score starts at 100, deducts points for security issues, and adds points for security best practices", "scan_id": "730b13da-4ea2-46c9-b01e-5c28cff75907", "mcp_app_id": "f7c73fb9-8adc-44d7-8447-f3c236d6b7d8", "scan_time": "2025-04-11T23:45:53.715429+00:00", "created_at": "2025-04-11T23:45:53.715815+00:00", "updated_at": "2025-04-11T23:45:53.715817+00:00", "findings": [ { "finding_id": "56edf84b-742a-45a1-9940-9726e6d833b4", "message": "Potential path traversal in fs module. Ensure proper path validation.", "line": 14, "created_at": "2025-04-11T23:45:53.716780+00:00", "rule_id": "security-validator.scanner.rules.semgrep.fs-module-path-traversal", "scan_id": "730b13da-4ea2-46c9-b01e-5c28cff75907", "type": "semgrep", "severity": "WARNING", "path": "WebMCP/src/config.js", "meta_info": { "lines": " await fs.mkdir(CONFIG_DIR, {recursive: true});", "pattern": "", "rule_name": "file_access" } }, { "finding_id": "3687bf41-9fec-416c-85b3-dfea998b35a5", "message": "Potential path traversal in fs module. Ensure proper path validation.", "line": 49, "created_at": "2025-04-11T23:45:53.716785+00:00", "rule_id": "security-validator.scanner.rules.semgrep.fs-module-path-traversal", "scan_id": "730b13da-4ea2-46c9-b01e-5c28cff75907", "type": "semgrep", "severity": "WARNING", "path": "WebMCP/src/config.js", "meta_info": { "lines": " await fs.access(somePath);", "pattern": "", "rule_name": "file_access" } }, { "finding_id": "96f655d5-3a8b-4368-9dd1-e7152507109d", "message": "Potential path traversal in fs module. Ensure proper path validation.", "line": 59, "created_at": "2025-04-11T23:45:53.716787+00:00", "rule_id": "security-validator.scanner.rules.semgrep.fs-module-path-traversal", "scan_id": "730b13da-4ea2-46c9-b01e-5c28cff75907", "type": "semgrep", "severity": "WARNING", "path": "WebMCP/src/config.js", "meta_info": { "lines": " await fs.mkdir(directory, { recursive: true });", "pattern": "", "rule_name": "file_access" } }, { "finding_id": "b32b2fd3-c2c7-477f-9bee-45ff95f83fb5", "message": "Potential path traversal in fs module. Ensure proper path validation.", "line": 77, "created_at": "2025-04-11T23:45:53.716789+00:00", "rule_id": "security-validator.scanner.rules.semgrep.fs-module-path-traversal", "scan_id": "730b13da-4ea2-46c9-b01e-5c28cff75907", "type": "semgrep", "severity": "WARNING", "path": "WebMCP/src/config.js", "meta_info": { "lines": " const rawJSON = await fs.readFile(clientConfigPath);", "pattern": "", "rule_name": "file_access" } }, { "finding_id": "71d3ab64-975c-48ba-ac3d-13f931dc7684", "message": "Potential path traversal in fs module. Ensure proper path validation.", "line": 86, "created_at": "2025-04-11T23:45:53.716791+00:00", "rule_id": "security-validator.scanner.rules.semgrep.fs-module-path-traversal", "scan_id": "730b13da-4ea2-46c9-b01e-5c28cff75907", "type": "semgrep", "severity": "WARNING", "path": "WebMCP/src/config.js", "meta_info": { "lines": " await fs.writeFile(clientConfigPath, JSON.stringify(json, null, 2));", "pattern": "", "rule_name": "file_access" } }, { "finding_id": "0574e54d-6fb4-488d-86e2-6de2c7ede79b", "message": "Potential path traversal in fs module. Ensure proper path validation.", "line": 34, "created_at": "2025-04-11T23:45:53.716794+00:00", "rule_id": "security-validator.scanner.rules.semgrep.fs-module-path-traversal", "scan_id": "730b13da-4ea2-46c9-b01e-5c28cff75907", "type": "semgrep", "severity": "WARNING", "path": "WebMCP/src/tokens.js", "meta_info": { "lines": " const data = await fs.readFile(TOKENS_FILE, 'utf8');", "pattern": "", "rule_name": "file_access" } }, { "finding_id": "246e0d07-dfc7-4830-8fe0-2551818cd161", "message": "Potential path traversal in fs module. Ensure proper path validation.", "line": 55, "created_at": "2025-04-11T23:45:53.716796+00:00", "rule_id": "security-validator.scanner.rules.semgrep.fs-module-path-traversal", "scan_id": "730b13da-4ea2-46c9-b01e-5c28cff75907", "type": "semgrep", "severity": "WARNING", "path": "WebMCP/src/tokens.js", "meta_info": { "lines": " await fs.writeFile(TOKENS_FILE, stringified, 'utf8');", "pattern": "", "rule_name": "file_access" } }, { "finding_id": "4bafff7d-b3ff-4003-acef-84f28e353552", "message": "Potential path traversal in fs module. Ensure proper path validation.", "line": 71, "created_at": "2025-04-11T23:45:53.716798+00:00", "rule_id": "security-validator.scanner.rules.semgrep.fs-module-path-traversal", "scan_id": "730b13da-4ea2-46c9-b01e-5c28cff75907", "type": "semgrep", "severity": "WARNING", "path": "WebMCP/src/tokens.js", "meta_info": { "lines": " envContent = await fs.readFile(ENV_FILE, 'utf8');", "pattern": "", "rule_name": "file_access" } }, { "finding_id": "e2bda890-24ed-4801-aee8-c787d82ec7a7", "message": "Potential path traversal in fs module. Ensure proper path validation.", "line": 87, "created_at": "2025-04-11T23:45:53.716800+00:00", "rule_id": "security-validator.scanner.rules.semgrep.fs-module-path-traversal", "scan_id": "730b13da-4ea2-46c9-b01e-5c28cff75907", "type": "semgrep", "severity": "WARNING", "path": "WebMCP/src/tokens.js", "meta_info": { "lines": " await fs.writeFile(ENV_FILE, envContent, 'utf8');", "pattern": "", "rule_name": "file_access" } }, { "finding_id": "8fd8360b-e6f4-471f-bd4d-7584edac8971", "message": "Potential path traversal in fs module. Ensure proper path validation.", "line": 1221, "created_at": "2025-04-11T23:45:53.716802+00:00", "rule_id": "security-validator.scanner.rules.semgrep.fs-module-path-traversal", "scan_id": "730b13da-4ea2-46c9-b01e-5c28cff75907", "type": "semgrep", "severity": "WARNING", "path": "WebMCP/src/websocket-server.js", "meta_info": { "lines": " const pidData = await fs.readFile(PID_FILE, 'utf8');", "pattern": "", "rule_name": "file_access" } }, { "finding_id": "ba509fa9-47bb-4241-ab4d-243b0a918b4d", "message": "Potential path traversal in fs module. Ensure proper path validation.", "line": 1231, "created_at": "2025-04-11T23:45:53.716804+00:00", "rule_id": "security-validator.scanner.rules.semgrep.fs-module-path-traversal", "scan_id": "730b13da-4ea2-46c9-b01e-5c28cff75907", "type": "semgrep", "severity": "WARNING", "path": "WebMCP/src/websocket-server.js", "meta_info": { "lines": " await fs.unlink(PID_FILE);", "pattern": "", "rule_name": "file_access" } }, { "finding_id": "ed59afc6-f72a-4145-8cf2-5a649dc6a275", "message": "Potential path traversal in fs module. Ensure proper path validation.", "line": 1243, "created_at": "2025-04-11T23:45:53.716806+00:00", "rule_id": "security-validator.scanner.rules.semgrep.fs-module-path-traversal", "scan_id": "730b13da-4ea2-46c9-b01e-5c28cff75907", "type": "semgrep", "severity": "WARNING", "path": "WebMCP/src/websocket-server.js", "meta_info": { "lines": " await fs.writeFile(PID_FILE, process.pid.toString(), 'utf8');", "pattern": "", "rule_name": "file_access" } }, { "finding_id": "6b3ac352-5f31-4029-8166-80a30e9c6838", "message": "Potential path traversal in fs module. Ensure proper path validation.", "line": 1490, "created_at": "2025-04-11T23:45:53.716808+00:00", "rule_id": "security-validator.scanner.rules.semgrep.fs-module-path-traversal", "scan_id": "730b13da-4ea2-46c9-b01e-5c28cff75907", "type": "semgrep", "severity": "WARNING", "path": "WebMCP/src/websocket-server.js", "meta_info": { "lines": " fs.unlink(PID_FILE).catch(err => {", "pattern": "", "rule_name": "file_access" } } ], "vulnerabilities": [] }, { "repo_url": "https://github.com/jasonjmcghee/WebMCP", "repo_name": "WebMCP", "score": 93, "risk_level": "low", "score_explanation": "Score starts at 100, deducts points for security issues, and adds points for security best practices", "scan_id": "fe405220-4e77-4b56-9ad9-0141b4ffccb4", "mcp_app_id": "f7c73fb9-8adc-44d7-8447-f3c236d6b7d8", "scan_time": "2025-04-29T12:58:36.877436+00:00", "created_at": "2025-04-29T12:58:36.877932+00:00", "updated_at": "2025-04-29T12:58:36.877934+00:00", "findings": [ { "finding_id": "0a9e5394-bf8f-4a75-9a42-1b43db8212a4", "message": "Insecure WebSocket Detected. WebSocket Secure (wss) should be used for all WebSocket connections.", "line": 102, "created_at": "2025-04-29T12:58:36.878790+00:00", "rule_id": "security-validator.scanner.rules.semgrep.detect-insecure-websocket", "scan_id": "fe405220-4e77-4b56-9ad9-0141b4ffccb4", "type": "semgrep", "severity": "ERROR", "path": "src/tokens.js", "meta_info": { "lines": " const serverAddress = `ws://${address}`;", "pattern": "", "rule_name": "detect-insecure-websocket.yaml" } }, { "finding_id": "653c5a90-2b57-41d2-aedf-3ac3dbef5bf8", "message": "Insecure WebSocket Detected. WebSocket Secure (wss) should be used for all WebSocket connections.", "line": 1463, "created_at": "2025-04-29T12:58:36.878796+00:00", "rule_id": "security-validator.scanner.rules.semgrep.detect-insecure-websocket", "scan_id": "fe405220-4e77-4b56-9ad9-0141b4ffccb4", "type": "semgrep", "severity": "ERROR", "path": "src/websocket-server.js", "meta_info": { "lines": " console.error(`WebMCP client URL: ws://${HOST}:${PORT}${MCP_PATH}?token=${serverToken}`);", "pattern": "", "rule_name": "detect-insecure-websocket.yaml" } } ], "vulnerabilities": [] }, { "repo_url": "https://github.com/jasonjmcghee/WebMCP", "repo_name": "WebMCP", "score": 64, "risk_level": "high", "score_explanation": "Score starts at 100, deducts points for security issues, and adds points for security best practices", "scan_id": "e3f8433a-ea97-494a-93b3-78453622f924", "mcp_app_id": "f7c73fb9-8adc-44d7-8447-f3c236d6b7d8", "scan_time": "2025-04-25T05:53:19.357090+00:00", "created_at": "2025-04-25T05:53:19.357607+00:00", "updated_at": "2025-04-25T05:53:19.357610+00:00", "findings": [ { "finding_id": "9ca74242-a813-4df4-94a4-4d6587d82ec4", "message": "Potential path traversal in fs module. Ensure proper path validation.", "line": 49, "created_at": "2025-04-25T05:53:19.359473+00:00", "rule_id": "security-validator.scanner.rules.semgrep.fs-module-path-traversal", "scan_id": "e3f8433a-ea97-494a-93b3-78453622f924", "type": "semgrep", "severity": "WARNING", "path": "WebMCP/src/config.js", "meta_info": { "lines": " await fs.access(somePath);", "pattern": "", "rule_name": "file_access" } }, { "finding_id": "234b786c-ce4e-44e0-8f60-7e878a8c237c", "message": "Potential path traversal in fs module. Ensure proper path validation.", "line": 14, "created_at": "2025-04-25T05:53:19.359464+00:00", "rule_id": "security-validator.scanner.rules.semgrep.fs-module-path-traversal", "scan_id": "e3f8433a-ea97-494a-93b3-78453622f924", "type": "semgrep", "severity": "WARNING", "path": "WebMCP/src/config.js", "meta_info": { "lines": " await fs.mkdir(CONFIG_DIR, {recursive: true});", "pattern": "", "rule_name": "file_access" } }, { "finding_id": "5134aa03-07c6-469b-8de6-bdb4bc16bd0d", "message": "Potential path traversal in fs module. Ensure proper path validation.", "line": 59, "created_at": "2025-04-25T05:53:19.359478+00:00", "rule_id": "security-validator.scanner.rules.semgrep.fs-module-path-traversal", "scan_id": "e3f8433a-ea97-494a-93b3-78453622f924", "type": "semgrep", "severity": "WARNING", "path": "WebMCP/src/config.js", "meta_info": { "lines": " await fs.mkdir(directory, { recursive: true });", "pattern": "", "rule_name": "file_access" } }, { "finding_id": "81a7fe22-d488-4aed-a14b-bc434ff431d1", "message": "Potential path traversal in fs module. Ensure proper path validation.", "line": 77, "created_at": "2025-04-25T05:53:19.359482+00:00", "rule_id": "security-validator.scanner.rules.semgrep.fs-module-path-traversal", "scan_id": "e3f8433a-ea97-494a-93b3-78453622f924", "type": "semgrep", "severity": "WARNING", "path": "WebMCP/src/config.js", "meta_info": { "lines": " const rawJSON = await fs.readFile(clientConfigPath);", "pattern": "", "rule_name": "file_access" } }, { "finding_id": "f3b48933-7015-4931-aca6-40efa203a789", "message": "Potential path traversal in fs module. Ensure proper path validation.", "line": 86, "created_at": "2025-04-25T05:53:19.359485+00:00", "rule_id": "security-validator.scanner.rules.semgrep.fs-module-path-traversal", "scan_id": "e3f8433a-ea97-494a-93b3-78453622f924", "type": "semgrep", "severity": "WARNING", "path": "WebMCP/src/config.js", "meta_info": { "lines": " await fs.writeFile(clientConfigPath, JSON.stringify(json, null, 2));", "pattern": "", "rule_name": "file_access" } }, { "finding_id": "e58f9782-db39-4a6e-9d45-82c5c4dc5073", "message": "Potential path traversal in fs module. Ensure proper path validation.", "line": 34, "created_at": "2025-04-25T05:53:19.359489+00:00", "rule_id": "security-validator.scanner.rules.semgrep.fs-module-path-traversal", "scan_id": "e3f8433a-ea97-494a-93b3-78453622f924", "type": "semgrep", "severity": "WARNING", "path": "WebMCP/src/tokens.js", "meta_info": { "lines": " const data = await fs.readFile(TOKENS_FILE, 'utf8');", "pattern": "", "rule_name": "file_access" } }, { "finding_id": "780fc2ec-14e1-4785-8380-fe54857ba298", "message": "Potential path traversal in fs module. Ensure proper path validation.", "line": 55, "created_at": "2025-04-25T05:53:19.359493+00:00", "rule_id": "security-validator.scanner.rules.semgrep.fs-module-path-traversal", "scan_id": "e3f8433a-ea97-494a-93b3-78453622f924", "type": "semgrep", "severity": "WARNING", "path": "WebMCP/src/tokens.js", "meta_info": { "lines": " await fs.writeFile(TOKENS_FILE, stringified, 'utf8');", "pattern": "", "rule_name": "file_access" } }, { "finding_id": "72e022d1-bda4-4a7a-9c90-44a06ba85ff5", "message": "Potential path traversal in fs module. Ensure proper path validation.", "line": 71, "created_at": "2025-04-25T05:53:19.359496+00:00", "rule_id": "security-validator.scanner.rules.semgrep.fs-module-path-traversal", "scan_id": "e3f8433a-ea97-494a-93b3-78453622f924", "type": "semgrep", "severity": "WARNING", "path": "WebMCP/src/tokens.js", "meta_info": { "lines": " envContent = await fs.readFile(ENV_FILE, 'utf8');", "pattern": "", "rule_name": "file_access" } }, { "finding_id": "888fa1bd-5917-4147-a9f7-61bc5e014209", "message": "Potential path traversal in fs module. Ensure proper path validation.", "line": 87, "created_at": "2025-04-25T05:53:19.359500+00:00", "rule_id": "security-validator.scanner.rules.semgrep.fs-module-path-traversal", "scan_id": "e3f8433a-ea97-494a-93b3-78453622f924", "type": "semgrep", "severity": "WARNING", "path": "WebMCP/src/tokens.js", "meta_info": { "lines": " await fs.writeFile(ENV_FILE, envContent, 'utf8');", "pattern": "", "rule_name": "file_access" } }, { "finding_id": "f06e49d8-acd4-448e-b3c9-62079289e709", "message": "Potential path traversal in fs module. Ensure proper path validation.", "line": 1221, "created_at": "2025-04-25T05:53:19.359504+00:00", "rule_id": "security-validator.scanner.rules.semgrep.fs-module-path-traversal", "scan_id": "e3f8433a-ea97-494a-93b3-78453622f924", "type": "semgrep", "severity": "WARNING", "path": "WebMCP/src/websocket-server.js", "meta_info": { "lines": " const pidData = await fs.readFile(PID_FILE, 'utf8');", "pattern": "", "rule_name": "file_access" } }, { "finding_id": "6726629b-b92d-477e-a35a-b752f269b7d8", "message": "Potential path traversal in fs module. Ensure proper path validation.", "line": 1231, "created_at": "2025-04-25T05:53:19.359507+00:00", "rule_id": "security-validator.scanner.rules.semgrep.fs-module-path-traversal", "scan_id": "e3f8433a-ea97-494a-93b3-78453622f924", "type": "semgrep", "severity": "WARNING", "path": "WebMCP/src/websocket-server.js", "meta_info": { "lines": " await fs.unlink(PID_FILE);", "pattern": "", "rule_name": "file_access" } }, { "finding_id": "32d3c07c-5107-44c6-a644-2afaf92478d5", "message": "Potential path traversal in fs module. Ensure proper path validation.", "line": 1243, "created_at": "2025-04-25T05:53:19.359511+00:00", "rule_id": "security-validator.scanner.rules.semgrep.fs-module-path-traversal", "scan_id": "e3f8433a-ea97-494a-93b3-78453622f924", "type": "semgrep", "severity": "WARNING", "path": "WebMCP/src/websocket-server.js", "meta_info": { "lines": " await fs.writeFile(PID_FILE, process.pid.toString(), 'utf8');", "pattern": "", "rule_name": "file_access" } }, { "finding_id": "cb5c2afd-d683-4ae4-b2c0-2d73523fd2bf", "message": "Potential path traversal in fs module. Ensure proper path validation.", "line": 1490, "created_at": "2025-04-25T05:53:19.359515+00:00", "rule_id": "security-validator.scanner.rules.semgrep.fs-module-path-traversal", "scan_id": "e3f8433a-ea97-494a-93b3-78453622f924", "type": "semgrep", "severity": "WARNING", "path": "WebMCP/src/websocket-server.js", "meta_info": { "lines": " fs.unlink(PID_FILE).catch(err => {", "pattern": "", "rule_name": "file_access" } } ], "vulnerabilities": [] }, { "repo_url": "https://github.com/jasonjmcghee/WebMCP", "repo_name": "WebMCP", "score": 93, "risk_level": "low", "score_explanation": "Score starts at 100, deducts points for security issues, and adds points for security best practices", "scan_id": "ff0b50af-e1c7-4e63-b2b5-e2cde3a75d53", "mcp_app_id": "f7c73fb9-8adc-44d7-8447-f3c236d6b7d8", "scan_time": "2025-06-13T12:42:35.196443+00:00", "created_at": "2025-06-13T12:42:35.197461+00:00", "updated_at": "2025-06-13T12:42:35.197461+00:00", "findings": [ { "finding_id": "9242013a-c7d6-4b41-886f-afd3d9b40815", "message": "Insecure WebSocket Detected. WebSocket Secure (wss) should be used for all WebSocket connections.", "line": 102, "created_at": "2025-06-13T12:42:35.197461+00:00", "rule_id": "security-validator.scanner.rules.semgrep.detect-insecure-websocket", "scan_id": "ff0b50af-e1c7-4e63-b2b5-e2cde3a75d53", "type": "semgrep", "severity": "ERROR", "path": "src/tokens.js", "meta_info": { "lines": " const serverAddress = `ws://${address}`;", "pattern": "", "rule_name": "detect-insecure-websocket.yaml" } }, { "finding_id": "78841901-9239-4aab-9ac4-ac631f96da7d", "message": "Insecure WebSocket Detected. WebSocket Secure (wss) should be used for all WebSocket connections.", "line": 1463, "created_at": "2025-06-13T12:42:35.197461+00:00", "rule_id": "security-validator.scanner.rules.semgrep.detect-insecure-websocket", "scan_id": "ff0b50af-e1c7-4e63-b2b5-e2cde3a75d53", "type": "semgrep", "severity": "ERROR", "path": "src/websocket-server.js", "meta_info": { "lines": " console.error(`WebMCP client URL: ws://${HOST}:${PORT}${MCP_PATH}?token=${serverToken}`);", "pattern": "", "rule_name": "detect-insecure-websocket.yaml" } } ], "vulnerabilities": [] } ] } }
Webmcp
MCP Server for AI integrations
Rating: 3.1/5
|
⭐ 51 stars
Categories: Everything, Infrastructure & Blockchain Tools, System & Data Integrators