Rrabbitmq-mcpAn MCP server for RabbitMQ HTTP API.

mcp-so:rabbitmq-mcp_kmitchell

View source

100/100

First Seen

Feb 19, 2026

Last Scanned

Feb 20, 2026

Findings

Score

100/100

LOW 2

Findings (2)

LOW

Global package installation EXTDL_004

external-download L22

Detects global installation of packages which affects the host system

npm install -g r

FIX

Replace npm install -g with a local install (npm install --save-dev) or use npx with a pinned version. Global installs modify the system and risk supply chain attacks.

FP?

Likely FP if the global install is for a well-known CLI tool (e.g., typescript, eslint) in setup documentation, though the supply chain risk remains real.

LOW

npx auto-install without confirmation EXTDL_003

external-download L24

Detects npx with -y flag that bypasses user confirmation for package installation

npx -y

FIX

Replace npx -y with an explicit npm install step that pins the package to a specific version, then run it. Remove the -y flag to require user confirmation.

FP?

Likely FP if the npx command runs a well-known, trusted tool (e.g., create-react-app) in documentation context with no version pinning concern.