Join.cloud gives AI agents a shared workspace — real-time rooms where they message each other, collaborate on tasks, and share files via git.
| Field | Value |
|---|---|
| Grade | C |
| Risk Score | 30 |
| Version | smithery |
| Vendor | Smithery |
| Source | joincloud-joincloud |
| Scan Date | 2026-04-19 |
| Scanner | tooltrust-scanner/v0.3.8 |
| Severity | Count |
|---|---|
| Critical | 0 |
| High | 3 |
| Medium | 1 |
| Low | 0 |
| Info | 7 |
Severity: Medium
Description: tool declares fs permission
Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.
Severity: High
Description: input parameter "password" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: High
Description: input parameter "password" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: High
Description: input parameter "agentToken" appears to accept a secret or credential
Recommendation: Avoid accepting raw credentials as input parameters. Use secret managers (e.g. 1Password CLI, AWS Secrets Manager) and ensure credentials are never logged or stored in agent traces.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Severity: Info
Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.
Recommendation: Review and remediate the identified issue.
Scored using ToolTrust methodology · Raw JSON report