First Seen
Feb 18, 2026
Last Scanned
Feb 22, 2026
Findings
3
Score
100/100
Findings (3)
Detects MCP server configurations connecting to non-localhost remote URLs
"url": "https://spatix.io/m/abc123"Change the MCP server URL to localhost or a trusted internal endpoint. If a remote server is required, verify the domain ownership and use HTTPS with certificate validation.
Likely FP if the URL points to example.com, a documentation domain, or a well-known SaaS API endpoint (e.g., api.openai.com).
Detects pip install of arbitrary packages that modify the host environment
pip install spPin all pip packages to exact versions (e.g., pip install package==1.2.3). Use a requirements.txt or pyproject.toml with pinned versions and hash verification.
Likely FP if the match is in documentation showing how to install the skill's own PyPI package.
Detects MCP server configurations connecting to non-localhost remote URLs
"url": "https://spatix.io/m/..."Change the MCP server URL to localhost or a trusted internal endpoint. If a remote server is required, verify the domain ownership and use HTTPS with certificate validation.
Likely FP if the URL points to example.com, a documentation domain, or a well-known SaaS API endpoint (e.g., api.openai.com).