-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathmarkview-markview.json
More file actions
99 lines (99 loc) · 3.33 KB
/
markview-markview.json
File metadata and controls
99 lines (99 loc) · 3.33 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
{
"tool_id": "markview-markview",
"version": "smithery",
"grade": "A",
"risk_score": 8,
"scan_date": "2026-04-19T02:18:14.508190254Z",
"scanner": "tooltrust-scanner/v0.3.8",
"source_url": "https://smithery.ai/server/markview/markview",
"vendor": "Smithery",
"description": "Native macOS markdown previewer with MCP server for Claude Code. Lets AI assistants preview markdown and open files in a native Swift app with GFM rendering, Mermaid diagrams, syntax highlighting, and Quick Look integration.\n\nInstall command: `claude mcp add --transport stdio --scope user markview -- npx mcp-server-markview `",
"findings": [
{
"id": "AS-002",
"severity": "Medium",
"title": "Excessive Permission Surface",
"description": "tool declares fs permission",
"recommendation": "Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.",
"tool_name": "preview_markdown"
},
{
"id": "AS-014",
"severity": "Info",
"title": "DEPENDENCY_INVENTORY_UNAVAILABLE",
"description": "Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.",
"recommendation": "Review and remediate the identified issue.",
"tool_name": "preview_markdown"
},
{
"id": "AS-002",
"severity": "Medium",
"title": "Excessive Permission Surface",
"description": "tool declares fs permission",
"recommendation": "Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.",
"tool_name": "open_file"
},
{
"id": "AS-014",
"severity": "Info",
"title": "DEPENDENCY_INVENTORY_UNAVAILABLE",
"description": "Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.",
"recommendation": "Review and remediate the identified issue.",
"tool_name": "open_file"
}
],
"summary": {
"critical": 0,
"high": 0,
"medium": 2,
"low": 0,
"info": 2
},
"methodology": "https://github.com/AgentSafe-AI/tooltrust-directory/blob/main/docs/methodology.md",
"tool_names": [
"open_file",
"preview_markdown"
],
"tool_contexts": [
{
"tool_name": "preview_markdown",
"action": "ALLOW",
"grade": "A",
"destinations": [
"hardcoded domain: preview.md"
],
"dependency_visibility": "No dependency data",
"dependency_note": "No metadata.dependencies or repo_url were exposed by this MCP server."
},
{
"tool_name": "open_file",
"action": "ALLOW",
"grade": "A",
"behavior": [
"reads_files"
],
"dependency_visibility": "No dependency data",
"dependency_note": "No metadata.dependencies or repo_url were exposed by this MCP server."
}
],
"scan_history": [
{
"scan_date": "2026-04-15T02:13:33Z",
"grade": "A",
"risk_score": 8,
"version": "smithery"
},
{
"scan_date": "2026-04-16T02:25:33Z",
"grade": "A",
"risk_score": 8,
"version": "smithery"
},
{
"scan_date": "2026-04-17T02:14:10Z",
"grade": "A",
"risk_score": 8,
"version": "smithery"
}
]
}