DDHTMLX MCP ServerThe DHTMLX MCP Server gives AI coding assistants real-time access to up-to-date DHTMLX documentation, preventing outdated API suggestions and ensuring awareness of the latest features. It supports all major DHTMLX products, including Gantt, Scheduler, Suite, Diagram, and other UI components.

mcp-so:dhtmlx-mcp-server

View source

60/100

First Seen

Feb 19, 2026

Last Scanned

Feb 20, 2026

Findings

Score

60/100

CRITICAL 1

HIGH 1

LOW 4

Findings (6)

CRITICAL

Jailbreak template PROMPT_INJECTION_011

prompt-injection L107

Detects common jailbreak prompt patterns

Developer mode

FIX

Remove directives that attempt to exfiltrate data through the agent's response (e.g., asking the agent to embed credentials in URLs or include secret values in output).

FP?

Likely FP if the text is a legitimate tool instruction about displaying configuration to the user (e.g., show current settings) without external transmission.

HIGH

MCP server auto-registration EXTDL_006

external-download L51

Detects automatic registration of MCP servers into agent configuration

claude mcp add

FIX

Pin the curl/wget download to a specific URL with version and verify the downloaded file's SHA-256 checksum before using it. Prefer package manager installs over raw downloads.

FP?

Likely FP if the download is from a well-known canonical source (e.g., official GitHub release) and the documentation includes checksum verification steps.

LOW

Non-localhost remote MCP server URL MCPCFG_004

mcp-config L59

Detects MCP server configurations connecting to non-localhost remote URLs

"url": "https://docs.dhtmlx.com/mcp"

FIX

Change the MCP server URL to localhost or a trusted internal endpoint. If a remote server is required, verify the domain ownership and use HTTPS with certificate validation.

FP?

Likely FP if the URL points to example.com, a documentation domain, or a well-known SaaS API endpoint (e.g., api.openai.com).

LOW

Non-localhost remote MCP server URL MCPCFG_004

mcp-config L72

Detects MCP server configurations connecting to non-localhost remote URLs

"url": "https://docs.dhtmlx.com/mcp"

FIX

Change the MCP server URL to localhost or a trusted internal endpoint. If a remote server is required, verify the domain ownership and use HTTPS with certificate validation.

FP?

Likely FP if the URL points to example.com, a documentation domain, or a well-known SaaS API endpoint (e.g., api.openai.com).

LOW

Non-localhost remote MCP server URL MCPCFG_004

mcp-config L84

Detects MCP server configurations connecting to non-localhost remote URLs

"url": "https://docs.dhtmlx.com/mcp"

FIX

Change the MCP server URL to localhost or a trusted internal endpoint. If a remote server is required, verify the domain ownership and use HTTPS with certificate validation.

FP?

Likely FP if the URL points to example.com, a documentation domain, or a well-known SaaS API endpoint (e.g., api.openai.com).

LOW

Non-localhost remote MCP server URL MCPCFG_004

mcp-config L129

Detects MCP server configurations connecting to non-localhost remote URLs

"url": "https://docs.dhtmlx.com/mcp"

FIX

Change the MCP server URL to localhost or a trusted internal endpoint. If a remote server is required, verify the domain ownership and use HTTPS with certificate validation.

FP?

Likely FP if the URL points to example.com, a documentation domain, or a well-known SaaS API endpoint (e.g., api.openai.com).