CColombia Mcp ServerMCP server para consultar información geográfica y turística de Colombia. Accede a datos de las 6 regiones naturales, 32 departamentos, ciudades, municipios y atracciones turísticas con coordenadas e imágenes.

mcp-so:colombia-mcp-server_crexative

View source

100/100

First Seen

Feb 19, 2026

Last Scanned

Feb 20, 2026

Findings

Score

100/100

LOW 3

Findings (3)

LOW

Unverified npx package execution EXTDL_008

external-download L34

Detects npx executing packages from unverified sources without pinned versions

npx @crexative/colombia-mcp-server

FIX

Pin the npx package to an exact version (e.g., npx @scope/package@1.2.3). Unversioned npx commands can silently install a different or malicious package version.

FP?

Likely FP if the npx command targets a well-known package in documentation context, though unpinned versions are a real supply chain concern.

LOW

Unverified npx package execution EXTDL_008

external-download L51

Detects npx executing packages from unverified sources without pinned versions

npx @crexative/colombia-mcp-server

FIX

Pin the npx package to an exact version (e.g., npx @scope/package@1.2.3). Unversioned npx commands can silently install a different or malicious package version.

FP?

Likely FP if the npx command targets a well-known package in documentation context, though unpinned versions are a real supply chain concern.

LOW

npx MCP server without version pin MCPCFG_001

mcp-config L58

Detects MCP server configs using npx to run packages without version pinning

"command": "npx"

FIX

Pin the npx package in the MCP config to an exact version (e.g., @scope/server@1.2.3). Unpinned npx commands can silently fetch a compromised package version.

FP?

Likely FP if the MCP config is a local development setup example, though unpinned npx in production configs is a real supply chain risk.