CCryptoweatherCryptoWeather MCP Server provides real-time Bitcoin price prediction signals from the CryptoWeather AI system. Get hourly updated trading signals, performance metrics, and AI-driven market insights directly in your Claude conversations.

mcp-so:cryptoweather_Satoshi

View source

77/100

First Seen

Feb 18, 2026

Last Scanned

Feb 20, 2026

Findings

Score

77/100

HIGH 1

MEDIUM 1

Findings (2)

HIGH

Inline code execution in MCP command MCPCFG_006

mcp-config L173

Detects MCP servers using inline code execution via -e, -c, or eval flags

"args": [
        "run",
        "--with",
        "git+https://github.com/2051project/cryptoweather.git",
        "python",
        "-c",
        "import main; main.main()"

FIX

Restrict MCP server permissions to the minimum required. Remove broad filesystem, network, or execution permissions and use scoped access controls (specific directories, specific tools).

FP?

Likely FP if the broad permissions are in a development/testing configuration that is clearly not intended for production use.

MEDIUM

Git clone and execute chain SUPPLY_012

supply-chain L68

Detects git clone of repositories followed by execution of cloned content

git
clone https://github.com/2051project/cryptoweather.git + cd
cryptoweather
pip
install

FIX

Review the dependency tree for nested or transitive dependencies that introduce risk. Use tools like npm audit or pip-audit to identify known vulnerabilities in the dependency chain.

FP?

Likely FP if the flagged dependency is a standard, widely-used library with no known vulnerabilities at the time of scanning.