-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathastro.json
More file actions
80 lines (80 loc) · 2.57 KB
/
astro.json
File metadata and controls
80 lines (80 loc) · 2.57 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
{
"tool_id": "astro",
"version": "smithery",
"grade": "B",
"risk_score": 17,
"scan_date": "2026-04-19T02:17:57.927410153Z",
"scanner": "tooltrust-scanner/v0.3.8",
"source_url": "https://smithery.ai/server/astro",
"vendor": "Smithery",
"description": "Web framework for content-driven sites. Search documentation, explore component APIs, and reference framework guides.",
"findings": [
{
"id": "AS-002",
"severity": "High",
"title": "Excessive Permission Surface",
"description": "tool declares network permission",
"recommendation": "Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.",
"tool_name": "search_astro_docs"
},
{
"id": "AS-011",
"severity": "Low",
"title": "DoS Resilience — Missing Rate Limit / Timeout",
"description": "tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration",
"recommendation": "Declare explicit rate-limit, timeout, and retry configuration for all network and execution tools. Implement exponential back-off and surface resource state to the calling agent.",
"tool_name": "search_astro_docs"
},
{
"id": "AS-014",
"severity": "Info",
"title": "DEPENDENCY_INVENTORY_UNAVAILABLE",
"description": "Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.",
"recommendation": "Review and remediate the identified issue.",
"tool_name": "search_astro_docs"
}
],
"summary": {
"critical": 0,
"high": 1,
"medium": 0,
"low": 1,
"info": 1
},
"methodology": "https://github.com/AgentSafe-AI/tooltrust-directory/blob/main/docs/methodology.md",
"tool_names": [
"search_astro_docs"
],
"tool_contexts": [
{
"tool_name": "search_astro_docs",
"action": "ALLOW",
"grade": "B",
"behavior": [
"uses_network"
],
"dependency_visibility": "No dependency data",
"dependency_note": "No metadata.dependencies or repo_url were exposed by this MCP server."
}
],
"scan_history": [
{
"scan_date": "2026-04-14T02:14:20Z",
"grade": "B",
"risk_score": 17,
"version": "smithery"
},
{
"scan_date": "2026-04-15T02:11:33Z",
"grade": "B",
"risk_score": 17,
"version": "smithery"
},
{
"scan_date": "2026-04-17T02:14:09Z",
"grade": "B",
"risk_score": 17,
"version": "smithery"
}
]
}