PPhalcon MCP ServerMCP server that integrates with the BlockSec

mcp-so:phalcon-mcp_mark3labs

View source

92/100

First Seen

Feb 19, 2026

Last Scanned

Feb 20, 2026

Findings

Score

92/100

MEDIUM 1

Findings (1)

MEDIUM

Docker pull and run untrusted image EXTDL_015

external-download L39

Detects pulling and running Docker images from external registries

docker run -i --rm ghcr.io/mark3labs/p

FIX

Pin Docker images to a specific digest (e.g., image@sha256:abc...) instead of using mutable tags like :latest. Use trusted base images from verified publishers.

FP?

Likely FP if the Docker command pulls a well-known official image (e.g., docker pull python:3.11) in setup documentation.