tooltrust-directory/data/reports/cloudflare.json at main · AgentSafe-AI/tooltrust-directory · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
{
  "tool_id": "cloudflare",
  "version": "smithery",
  "grade": "D",
  "risk_score": 65,
  "scan_date": "2026-04-19T02:18:18.286074202Z",
  "scanner": "tooltrust-scanner/v0.3.8",
  "source_url": "https://smithery.ai/server/cloudflare",
  "vendor": "Smithery",
  "description": "Manage and configure Cloudflare services using the full OpenAPI specification. Search for endpoints and execute custom logic across products like Workers, R2, and security settings. Automate infrastructure tasks directly through API requests and integrated scripts.",
  "findings": [
    {
      "id": "AS-002",
      "severity": "High",
      "title": "Excessive Permission Surface",
      "description": "tool declares network permission",
      "recommendation": "Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.",
      "tool_name": "search"
    },
    {
      "id": "AS-002",
      "severity": "Medium",
      "title": "Excessive Permission Surface",
      "description": "tool declares db permission",
      "recommendation": "Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.",
      "tool_name": "search"
    },
    {
      "id": "AS-011",
      "severity": "Low",
      "title": "DoS Resilience — Missing Rate Limit / Timeout",
      "description": "tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration",
      "recommendation": "Declare explicit rate-limit, timeout, and retry configuration for all network and execution tools. Implement exponential back-off and surface resource state to the calling agent.",
      "tool_name": "search"
    },
    {
      "id": "AS-014",
      "severity": "Info",
      "title": "DEPENDENCY_INVENTORY_UNAVAILABLE",
      "description": "Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.",
      "recommendation": "Review and remediate the identified issue.",
      "tool_name": "search"
    },
    {
      "id": "AS-002",
      "severity": "High",
      "title": "Excessive Permission Surface",
      "description": "tool declares network permission",
      "recommendation": "Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.",
      "tool_name": "execute"
    },
    {
      "id": "AS-002",
      "severity": "High",
      "title": "Excessive Permission Surface",
      "description": "tool declares exec permission",
      "recommendation": "Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.",
      "tool_name": "execute"
    },
    {
      "id": "AS-002",
      "severity": "Medium",
      "title": "Excessive Permission Surface",
      "description": "tool declares db permission",
      "recommendation": "Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.",
      "tool_name": "execute"
    },
    {
      "id": "AS-006",
      "severity": "Critical",
      "title": "Arbitrary Code Execution",
      "description": "tool name or description implies arbitrary script/code execution (evaluate_script, execute javascript, etc.)",
      "recommendation": "This tool can execute arbitrary code or shell commands on the host system. Remove it unless strictly required. If kept: (1) restrict access to trusted users/agents only, (2) require human approval before each invocation (Claude Desktop: set approval_required: true; other clients: enable equivalent confirmation), (3) use the most restrictive sandbox or read-only mode available, and (4) never expose this tool to untrusted input sources.",
      "tool_name": "execute"
    },
    {
      "id": "AS-011",
      "severity": "Low",
      "title": "DoS Resilience — Missing Rate Limit / Timeout",
      "description": "tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration",
      "recommendation": "Declare explicit rate-limit, timeout, and retry configuration for all network and execution tools. Implement exponential back-off and surface resource state to the calling agent.",
      "tool_name": "execute"
    },
    {
      "id": "AS-014",
      "severity": "Info",
      "title": "DEPENDENCY_INVENTORY_UNAVAILABLE",
      "description": "Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.",
      "recommendation": "Review and remediate the identified issue.",
      "tool_name": "execute"
    }
  ],
  "summary": {
    "critical": 1,
    "high": 3,
    "medium": 2,
    "low": 2,
    "info": 2
  },
  "methodology": "https://github.com/AgentSafe-AI/tooltrust-directory/blob/main/docs/methodology.md",
  "tool_names": [
    "execute",
    "search"
  ],
  "tool_contexts": [
    {
      "tool_name": "search",
      "action": "REQUIRE_APPROVAL",
      "grade": "C",
      "behavior": [
        "executes_commands",
        "uses_network"
      ],
      "destinations": [
        "hardcoded domain: Object.entries",
        "hardcoded domain: method.toUpperCase",
        "hardcoded domain: op.summary",
        "hardcoded domain: op.tags",
        "hardcoded domain: results.push",
        "hardcoded domain: spec.paths",
        "hardcoded domain: t.toLowerCase"
      ],
      "dependency_visibility": "No dependency data",
      "dependency_note": "No metadata.dependencies or repo_url were exposed by this MCP server."
    },
    {
      "tool_name": "execute",
      "action": "REQUIRE_APPROVAL",
      "grade": "D",
      "behavior": [
        "executes_commands",
        "uses_network"
      ],
      "destinations": [
        "dynamic email recipient (account_id)",
        "hardcoded domain: Date.now",
        "hardcoded domain: JSON.stringify",
        "hardcoded domain: cloudflare.request",
        "hardcoded domain: e.respondWith",
        "hardcoded domain: smithery.ai",
        "hardcoded email recipient: Arjun@smithery.ai"
      ],
      "dependency_visibility": "No dependency data",
      "dependency_note": "No metadata.dependencies or repo_url were exposed by this MCP server."
    }
  ],
  "scan_history": [
    {
      "scan_date": "2026-04-17T02:14:12Z",
      "grade": "D",
      "risk_score": 65,
      "version": "smithery"
    }
  ]
}